locked
runasinvoker uiaccess = true gives error: application cannot start - not enough privileges for this operation RRS feed

  • Question

  • I have an applicaiton created in appv 4.6 SP1, enforced security descriptors is unchecked.

    My pc is windows 7 SP1 with UAC enabled.

    But when I try to start the application I get an error that I do not have the necessary permissions for this action.

     

    The only way I was able to solve this issue was deleting the security part in the manifest file or changing the value uiaccess to false belonging to the executable.

    <security>
          <requestedPrivileges>
            <requestedExecutionLevel level="asInvoker" uiAccess="true"> </requestedExecutionLevel>
     </requestedPrivileges>

    But in that case some functionality (keystrokes) do not work anymore. (keystroke button, with alt key)

    What I did also tried

    - When I set enableuipi=0 then it works again.

     But this gives a problem in ie9 and 10 (bug has been logged for it)

     shimming runasinvoker does not make a difference.

    So I think I have two options:

    1. find out why I get the "no privilige" message

    2. find a way to enable uiaccess out of the bubble only for the application. (does a shim exist?)

    I hope someone has already encountered something similar.

    Tom

    • Edited by tomnoels2 Thursday, July 18, 2013 12:34 PM
    Thursday, July 18, 2013 12:33 PM

All replies

  • For App-V 4.6 SP1. You can successfully use runasinvoker by putting the following in any OSD that requires this:

    <ENVLIST>
        <ENVIRONMENT VARIABLE="__COMPAT_LAYER">RunAsInvoker</ENVIRONMENT>
    </ENVLIST>


    PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog: rorymon.com Twitter: @Rorymon


    • Edited by RorymonMVP Thursday, July 18, 2013 1:14 PM typo
    Thursday, July 18, 2013 1:13 PM
  • thx for the responds.

    Is there a difference between creating a shim (application fix runasinvoker) and doing it in the package itself?

    Because that I have tested it already. That is why I thought beter to concentrate on the uiaccess property.


    But to be 100% sure I will test it.

    thx

    Thursday, July 18, 2013 2:38 PM
  • I did the test. I have added the environment variable in every osd file.

    Positive: Now the security message is gone. In other words the application starts without error with the original manifest file. so this means there is a difference between a shim and putting it directly in the osd file.

    the manifest includes again the default values:

            <requestedExecutionLevel level="asInvoker" uiAccess="true"> </requestedExecutionLevel>

    But the keystroke still do not work.

    - When I stop uac on the local machine, it works again

    - When uac is started and I add the key enableuipi=0, it works also (but then IE9 gets problems)

    so it seems an interaction between the bubble and explorer?

    Friday, July 19, 2013 7:24 AM