Security Requirements
Use
the Security tab page of the project painter to specify whether an application has a manifest
file to set its requested execution level, and whether the
manifest file is external or embedded in the application.
This manifest file is not the same as the
manifest files generated when you publish a Windows Forms application
as a smart client (ClickOnce) application. The
concept of execution level is part of the User Account
Control (UAC) protocol.
If you want to deploy an application that meets the certification
requirements of the Windows Logo program, you must follow UAC guidelines.
The executable file must have an embedded manifest that defines
the execution level and specifies whether access to the user interface
of another window is required. The Application Information Service
(AIS) checks the manifest file to determine the privileges with
which to launch the process.
Generate options
Select Embedded manifest if your application needs to be certified
for Vista or later. A manifest file with the execution level you
select is embedded in the application�s executable file.
You can also select External manifest to generate a standalone
manifest file in XML format that you ship with your application�s
executable file, or No manifest if you do not need to distribute
a manifest file.
If you select Embedded manifest for a Windows Forms target,
you must have a supported version of the .NET Framework SDK installed
on your system, because the process that embeds the manifest in
the executable file uses the mt.exe tool that
is distributed with the SDK.
Execution level
Select As Invoker if the application does not need elevated
or administrative privileges. Selecting a different execution level
will probably require that you modify your application to isolate
administrative features in a separate process to receive Vista or
later certification.
Select Require Administrator if the application process must
be created by a member of the Administrators group. If the application
user does not start the process as an administrator, a message box
displays so that the user can enter the appropriate credentials.
Select Highest Available to have the AIS retrieve the highest
available access privileges for the user who starts the process.
UI access
If the application needs to drive input to higher privilege
windows on the desktop, such as an on-screen keyboard, select the �Allow
access to protected system UI� check box. For most applications
you should not select this check box. Microsoft provides this setting
for user interface Assistive Technology (Section 508) applications.
If you check the Allow access to protected system UI check
box, the application must be Authenticode signed and must reside
in a protected location, such as Program Files or Windowssystem32.