Forcing a Delphi Program to Run with Administrator Privilege

No matter how hard you try to eliminate the need for administrator access from your programs, sometimes they just need to run as administrator in order to work.  I came across this requirement while recoding our application’s configuration utility.  I dutifully removed all configuration entries  from the registry and moved them to the “All Users” folder but I needed to be able to configure some of our programs to run as Windows services.  No matter how you look at it, this requires administrator privilege.

I didn’t want to force our users to “run as administrator” on Vista, Windows 7 and Windows 2008.  Can you imagine the number of support calls that would generate? :(  So, I starting looking for a way to force the program to request administrator privilege .

It turns out that you have to embed a manifest into your program.  This is both easier and more difficult than it sounds.  Microsoft has written reams of confusing bafflegab on the subject but what it boils down to is this.  A manifest is an XML file that describes certain or your executable’s attributes.  For our purposes we are only interested in two things.  Requesting administrator access and themes support.  Normally we don’t need to worry about themes support because it can be easily controlled via the “Enable Runtime Themes” project option.  However, allowing the Delphi IDE control themes support will cause us problems later when we try to add our own manifest to the mix.

First we need to create an XML file and save it as <your_app_name>.manifest.  If your application is named MyApp.exe you need to save the XML file as MyApp.exe.manifest.  The contents of the XML file should look like this:


<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestversion="1.0">
<assemblyIdentity version="1.1.1.1">
processorArchitecture="*"
name="your_app_name.exe"
type="win32" />
<description>elevate execution level</description>
<trustinfo xmlns="urn:schemas-microsoft-com:asm.v2"><security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustinfo>
</assembly>

Next we need to create a .RC file that references the .XML file that we just created.  Save the .RC file as <your_app_name>1.rc. If your application is named MyApp.exe you need to save the .RC file as MyApp1.rc.  This file contains just 1 line that looks like this:

1 24 <your_app_name>.manifest

Where 1 is the resource ID and 24 is the resource type.  For our purposes, it is sufficient to consider these to be magic numbers.  They need to be keyed exactly as shown in order for things to work.  Anyway, for an application named MyApp.exe we should now have a resource file named MyApp1.rc containing a single line:

1 24 MyApp.exe.manifest.

Add this file to your project by right clicking the project’s name in the project manager and selecting add.  Recompile your project.  This will include the .RC file in the executable.

At this point, if you have checked the “Enable Runtime Themes”  project option you will get a compile error that looks like this:

[DCC Warning] W1056 Warning: Duplicate resource: Type 24 (user-defined), ID 1; File M:\Aurora\Configuration\AurConfigMgr.res resource kept; file M:\Aurora\Configuration\AurConfigMgr1.res resource discarded.

This is telling us that our project’s default resource file (MyApp.res), which is maintained by the Delphi IDE already contains an entry for resource ID 1, type 24.  This is the Delphi generated manifest which enables themes support.  To fix this, we need to uncheck the “Enable Runtime themes” project option and add some more code to our XML file.  Specifically we need to add some code to tell Windows that we want to use Version 6 of the Windows common controls DLL.  This is done inside a <dependency> element.

After adding the code to enable themes support, our XML file will look like this:


<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestversion="1.0">
<assemblyIdentity version="1.1.1.1">
processorArchitecture="*"
name="your_app_name.exe"
type="win32" />
<description>elevate execution level</description>
<dependency>
<dependentAssembly>
<assemblyIdentity>
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
language="*"
processorArchitecture="*"/>
</dependentAssembly>
</dependency>
<trustinfo xmlns="urn:schemas-microsoft-com:asm.v2"><security>
<requestedPrivileges>
<requestedExecutionlevel level="requireAdministrator" uiAccess="false" />
</requestedPrivileges>
</security>
</trustinfo>
</assembly>

Now we just need to recompile our project.  The compile error should be gone and when we try to run our application under Vista or Windows 7 with UAC enabled we will be asked if we want to allow the program to run with administrator privilege.

10 Responses to “Forcing a Delphi Program to Run with Administrator Privilege”

  1. Barry Dirks Says:

    Very helpful article, much appreciated.

    Do you know if there’s a way to turn themes on and off in code? Or can themes only be enabled or disabled when the application is compiled/linked?

    Thanks.

  2. admin Says:

    Not that I am aware of, but I’ve never had a reason to find out.

  3. kredyty konsolidacyjne Says:

    Been looking for this article for long time ago and finally found here. thanks for sharing this post. appreciate!

  4. Mr .Hoek Says:

    Nice article….

    One addition: when using Delphi XE(2) or higher you can just specify in the project options if the application needs to compile with a custom manifest file, which you can ten place in you’re projects folder.

    Example of my manifest:

  5. Mr .Hoek Says:

    <?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?>
    <assembly xmlns=”urn:schemas-microsoft-com:asm.v1″ manifestVersion=”1.0″>
    <dependency>
    <dependentAssembly>
    <assemblyIdentity
    type=”win32″
    name=”Microsoft.Windows.Common-Controls”
    version=”6.0.0.0″
    publicKeyToken=”6595b64144ccf1df”
    language=”*”
    processorArchitecture=”*”/>
    </dependentAssembly>
    </dependency>
    <trustInfo xmlns=”urn:schemas-microsoft-com:asm.v3″>
    <security>
    <requestedPrivileges>
    <requestedExecutionLevel
    level=”requireAdministrator”
    uiAccess=”false”/>
    </requestedPrivileges>
    </security>
    </trustInfo>
    </assembly>

  6. Alex Says:

    Hi Mr .Hoek,

    I tried your approach with Delphi XE3 however when I try to run my project I get this error “Error: The application has failed to start because the side by side configuration is incorrect please see the application event log or use the command line sxstrace.exe tool for more detail”

    Let me know if you know anything about it. Thanks

  7. Craig Says:

    There is an unfortunate negative side-effect to unchecking the “Enable runtime themese” option. The Delphi IDE uses that option to know that it should also use the themes for the form designers. So turning it off means that design-time/run-time differences can result in “mistakes” in form layout that are trickier to catch and more work to test and check.

    Unfortunately, I haven’t yet found an elegant solution to this problem.

  8. Jørgen Lanesskog Says:

    elevate execution level

    With the above code and custom manifest in Delphi XE5 it Works perferctly :-)

    Just change the Application name in the code.

  9. John Drew Says:

    Using XE5 Starter (32 bit). Trying to implement the above and although I get a successful compile when I move the application along with the manifest file to my Vista machine the application does not run as administrator and cannot access files (Vista Business 32 bit).

    The program runs fine if I turn UAC off or Administrator on.
    I have RD1.rc and RD.exe.manifest in the project. Used Steve’s code but with the file name changed to RD.exe

    I kept “enable runtime themes” active although I tried putting the custom manifest in place as an experiment but it gave a compile error (side-by-side issue).

    Any thoughts?
    John

  10. David CoolWater Says:

    I am having a problem with my program for the same reason. I am trying to run my program on Windows 10 and I keep getting ‘Access Denied’ error box when my program is run without admin privileges. However, if I right click on my program executable and select ‘Run as an Administrator’, it runs without any error boxes popping up. So, I am trying to run my program as an administrator when it startup at boot. I learned I need to add custom manifest for my program. So, my search brought me here. I followed your tutorial by copying and pasting. Then, replacing the word with my program’s name. Still my program startup without admin privileges. What am I doing wrong? I am running Delphi XE.

Leave a Reply