Getting a poorly designed ClickOnce application to Run As Administrator

One of our vendors distributes a couple tools as ClickOnce applications, but these applications perform privileged tasks that do not work with UAC enabled.

Rant: UAC has been around since Windows Vista was released in 2006. As of this writing, that would be 6 years. Windows 7 has been out for 3 years. As much as some people might dislike the extra dialogs, UAC is a very good thing, and should not be disabled. There is no excuse for applications that do not handle UAC correctly. Adding the appropriate application manifest is not difficult, and when using ClickOnce it is practically trivial.

Add the Application Manifest to require elevation; or better yet modify your app to not require elevation at all, but do not just pretend it doesn’t exist. 6 years… come on!

Ok, now that my rant is out of the way, if you are in a similar situation – a ClickOnce app that needs elevation to run, but doesn’t request it is a real pain in the butt.

image

“Run as Administrator” is conspicuously missing from the context menu:
image

 

if you try to create a shortcut to the app you will have the same problem. If you try to open the raw .appref-ms file, notepad automatically gives you the contents of the executable… It’s a bloody mess.

 

The (simple) solution requires both a batch file and a shortcut.

  1. Right Click on the ClickOnce shortcut, and select Properties. Copy the content of the location field and paste into notepad.
    image
    Add the trailing slash, and paste (or type) the filename (in this case “GoSyncUpdater”) followed by “.appref-ms”
    eg: “C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Company Name\GoSyncUpdater.appref-ms”
    Finally surround this with quotes, and save the file as a .bat file (e.g. runasadmin.bat)
    image

    At this point, you can right-click on the batch file, and you will have the option to “Run as Administrator” – If this is all you need you are done.
    image
    However, if you go to the Compatibility property tab to make the elevation required, the Privilege Level is disabled / grayed out…
    image

  2. Create a shortcut to your batch file.
    (You will notice that the Compatibility tab is similarly useless)
  3. Edit the properties, Under the Shortcut tab Click “Advanced…”
    image
  4. OK out of the dialogs.

 

You now have a shortcut to a batch file that runs a shortcut to an executable. Convoluted, but it works. (The reason we don’t just make a shortcut to the executable directly is that the path will change when it is upgraded)

If you know of a better way, feel free to share.

7 thoughts on “Getting a poorly designed ClickOnce application to Run As Administrator

  1. Hm. Are you aware of the fact that you cannot add “the appropriate application manifest” if you deploy an application with clickonce? ClickOnce explicitly forbids your application to run as admin.

    Your workaround, albeit tedious, is the only way one can launch a clickonce deployed app as admin. Don’t rant against the programmers that wrote the app. If you really have to, rant against Microsoft.

    • I stand corrected and will updated the post accordingly.
      I’m not letting the developers off the hook, however. If an application requires elevation to function, it should never have been deployed with ClickOnce – they should have used a setup project. Or better yet, modify the application to function without elevation.

  2. Thanks. After trying for a long time my Suunto Moveslink2 App works now. But Software design but with your help I gat it to work.
    Thanks

    • I have just tried this and the moveslink2 application still won’t open. I have the .bat file and then the short cut with the admin option. It just opens a window for a brief second with text then disappears. Too quick to read. I have tried numerous things such as clearing the click once cache, ensuring the .NET framework is correct and now this. All suggested by suunto. Everytime I try and open it all it says is the “program has stopped..” windows is looking for a solution. Then the window disappears.

  3. Open Powershell (This assumes run as admin is blocked by GPO):
    In PS Window:

    >Start-Process Powershell -Verb RunAs

    In new PS Window:
    >$RunPath=”PathToappref-ms”
    >Explorer.exe $RunPath

    This should call your ClickOnce app with admin perms. Works with Office 365 MFA Powershell Module

Leave a Reply

Your email address will not be published. Required fields are marked *