问题
I need to sign an installer executable for Windows using a p12 file.
Before signing, this EXE file icon has a "shield icon" on it indicating that it requires administrative privileges, as it should.
However, after I sign using the signtool and the following command:
signtool.exe sign /f mycert.pfx /p <password> /t http://timestamp.verisign.com/scripts/timstamp.dll /v "<file to be signed>"
the signing succeeds but the shield icon disappears. When I run the resulting executable, it fails because it is no longer running under administrative privileges.
What do I need to do in order to sign an executable and have it keep its administrative privileges?
回答1:
You should set the requestedExecutionLevel to requireAdministrator in your app's manifest to declare it as needing administrative privileges.
I suspect that your app is named "install" or similar, and so the non signed-and-manifested version picked up the administrator requirement as part of backwards compatibility settings, but now it looks like a current application and so Windows checks to see which privileges it requests, and since it doesn't request any the app doesn't get elevated.
See Create and Embed an Application Manifest with Your Application Depending on how the app is created also look at /MANIFESTUAC (Embeds UAC information in manifest) and /win32manifest (C# Compiler Options)
来源:https://stackoverflow.com/questions/26787393/microsoft-signtool-removes-administrative-privileges