This project is read-only.

Run as Administrator (Windows 7) when creating a new entry

Dec 10, 2010 at 3:58 PM


I encountered a error with my application on Windows 7. Indeed, when I launch my program, there is an error after the creation of my RasEntry when I try to add it to the Phonebook.

         /* Creation of the VPN External connection entry */
         mp_ExternalEntry_O = RasEntry.CreateVpnEntry(VPNName, p_IPAddress_s, RasVpnStrategy.PptpFirst, RasDevice.GetDeviceByName("PPTP", RasDeviceType.Vpn, false));

         /* Addition of the connection to the Phonebook */
         mp_VPNPhoneBook_O.Entries.Add(mp_ExternalEntry_O);  <== This line

The error message is:

"The caller does not have the required permission to perform the action requested"

So I figured that it was a problem with the access rights so I tried to launch my application with the "Run as administrator" parameter and it worked.

How can I execute my application without using the "run as administrator" mode ? Is it a problem due to my Phonebook ?

I execute these instructions for the Phonebook:

         mp_VPNPhoneBook_O = new RasPhoneBook();

         /* Opening of the Phone Book */

Thanks for your help !


Dec 11, 2010 at 6:22 AM
Edited Dec 12, 2010 at 8:01 AM

Since each machine security is different, this always depends on the security on the machines you're targetting with your application.

Depending on what your security settings are on the machine you will either need to:

  1. Elevate application permissions by modifying the manifest file to request full permissions. Someone else had this exact same question, see the thread
  2. Use the current user profile phone book or a custom phone book to not require the permission adjustment.

The reason why you need to elevate privileges for the application is due to the application opening the All User's profile phone book. This is indicated by your call to mp_VPNPhoneBook_O.Open();

You can always store the phone book next to your application, which will remove the need to elevate permissions (barring any folder level security settings) by:

using DotRas;

RasPhoneBook pbk = new RasPhoneBook();

Granted, you do not need to call it MyAppPhoneBook.pbk, and you don't even have to use a PBK extension if you don't want to. That will create a phone book file in the application working directory.

Hope that answers your question!

Edit: I wanted to add using a phone book in a custom location also means any entires in the file will not show in the network connections section of the Control Panel in Windows.

Dec 13, 2010 at 4:31 PM

Thanks a lot for your help,, it works fine now :)

I decided to create a custom phonebook instead of editing the manifest because my application must be working on "Guest" user accounts. With a custom account, he works without any problem :)



Apr 18, 2014 at 1:59 AM
Thanks for this information. I have been pulling my hair out for an hour. The use of a private pbk solves 2 issues at once. 1. I don't need to elevate, and 2. I don't need to delete the connection on program exit. (I think). If I understand it, a private pbk will keep end users from finding and using the connection? I'm using this to connect to my server and backup certain critical files, (in addition to a backup scheme), and I don't want anybody mucking with the off-site copies. Is there any good reason I should continue to delete the pbk entry if I go to a private PBK?
Apr 18, 2014 at 10:47 PM
Edited Apr 18, 2014 at 10:47 PM
If I understand it, a private pbk will keep end users from finding and using the connection?
It won't prevent them from finding it if they're determined to figure it out, it'll just make it less easy to locate them since they won't show up anywhere that isn't aware of your particular phone book.

Is there any good reason I should continue to delete the pbk entry if I go to a private PBK?
The users cannot directly dial the connection manually by clicking the pbk file.

If it was me, I'd probably create a temporary file, store the connection there, and then delete the file once whatever I was needing to connect to had finished its work. This will keep users from being able to dial the connection themselves outside of the application unless they disassemble the app, translate the code into a usable entry, and dial it themselves. It doesn't prevent them from being able to dial it, but it does give them a couple hurdles to get through to do it. All you need to worry about then is security around the credentials.