1
Vote

Update HangUp documentation

description

Update the HangUp documentation to include a notice if a user creates a connection and another user attempts to disconnect it, the application must have elevated rights to disconnect the connection.

Example:
User 1 logs in and opens the connection to Foo.com
Service attempts to disconnect all active connections, which includes the connection to Foo.com

comments

keithdouglas wrote Oct 7, 2013 at 2:03 PM

Here's a sample manifest which will elevate an admin who acknowledges the UAC but will not attempt to elevate anyone who is not.

<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
  <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
    <!-- UAC Manifest Options
        If you want to change the Windows User Account Control level replace the 
        requestedExecutionLevel node with one of the following.

    <requestedExecutionLevel  level="asInvoker" uiAccess="false" />
    <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />
    <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />

        Specifying requestedExecutionLevel node will disable file and registry virtualization.
        If you want to utilize File and Registry Virtualization for backward 
        compatibility then delete the requestedExecutionLevel node.
    -->
    <requestedExecutionLevel level="highestAvailable" uiAccess="false" />
  </requestedPrivileges>
</security>
</trustInfo>

<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
  <!-- A list of all Windows versions that this application is designed to work with. Windows will automatically select the most compatible environment.-->

  <!-- If your application is designed to work with Windows 7, uncomment the following supportedOS node-->
  <!--<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>-->

</application>
</compatibility>
<!-- Enable themes for Windows common controls and dialogs (Windows XP and later) --> <!-- <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /> </dependentAssembly> </dependency>--> </asmv1:assembly>

keithdouglas wrote Oct 7, 2013 at 2:04 PM

I couldn't upload the file - probably our proxy is in the way, but maybe this raw version will work.

keithdouglas wrote Oct 9, 2013 at 4:27 PM

Urp, that got mangled.

Anyway, the one line:

<requestedExecutionLevel level="highestAvailable" uiAccess="false" />

is all that was necessary. Attach that and administrator users can get their special powers if they accept a UAC; other users don't see UAC. Note however, in this situation, an adminstrator user cannot launch the application as a regular user directly, as far as I can tell (refusing UAC will not launch the application at all).