User Account Control, Digital Signing, and Manifests in LabVIEW Built Applications

Issue Details

• How do I make my LabVIEW applications and installers compatible with Windows Vista and later?
• How do I sign my LabVIEW executables and installers?

Solution

User Account Control

Beginning with Windows Vista, Microsoft introduced additional levels of security, including User Account Control (UAC). By prompting the user to enter an administrative password prior to installing applications or completing other tasks, UAC helps prevent users from inadvertently introducing viruses or other types of changes that might destabilize the system. Additionally, a user who logs into Windows Vista as a standard user—the default login for Vista—can write only to specific locations on disk. 

On Windows 7 and later, UAC is less intrusive than on Vista. Still, these Windows security changes result in the following two issues to consider when using the LabVIEW Application Builder for Windows Vista and later:

• LabVIEW embeds an application manifest in every LabVIEW built application and installer.
• Built applications and installers for LabVIEW built applications are not signed.

Application Manifests

LabVIEW 8.2.1 and later embeds an application manifest in LabVIEW built applications and installers. Because the manifest is embedded in the application, you must retrieve the manifest before it appears in the directory with the application. The manifest is an XML file with the extension .manifest. You can specify the requested execution level in the manifest for an application you deploy on Windows.

Specifying the execution level of the application determines the required security privileges you need to launch an application. The execution level of the application determines if the application displays a dialogue box prompting the user to give administrator consent or to enter an administrator password before launching the application. Applications that require administrator privileges have a security shield overlay on the application icon.

Whether the application runs as an administrator or standard user then determines several properties of the application, including the directories to which the application can write. If you launch an application as a standard user, the application cannot write to protected directories and registries. The Program Files directory is an example of a protected directory on Windows Vista and later.

Microsoft recommends that applications run without requiring administrator privileges. Therefore, applications should be designed so they do not attempt to access protected areas of the operating system. Running without administrator privileges gives all users the opportunity to run the application as intended.

The following code is an example manifest for a LabVIEW built application:

processorArchitecture="X86"
name="National Instruments.LabVIEW.LabVIEW"
type="win32"/>LabVIEW Development System 
level="asInvoker"
uiAccess="false"/>

The requested execution level of a built application can be any of the following values:
asInvoker — (Default) The built application executes with the same access privileges as the user, either standard or administrator. The application does not display a dialogue box prompting the user for consent before it runs. If the application runs as standard user, the application cannot write to protected directories. If the application runs as administrator, the application can write to protected directories.

highestAvailable — The built application executes with the highest access privileges possible. If the user has only standard user privileges, the application does not display a dialogue box prompting the user for consent, but the application cannot write to protected directories. If the user has administrative privileges, the application displays a dialogue box prompting the user to either consent or to enter the administrator password and can write to protected directories.

requireAdministrator — The built application executes at the administrator level and can write to protected directories. If the user has only standard privileges, the application displays a dialogue box prompting the user to enter the administrator password. If the user has administrator privileges, the application displays a dialogue box prompting the user for consent before it runs.
Windows XP and earlier ignores the security section of the manifest. Therefore, a LabVIEW built application developed in LabVIEW 8.2.1 or later and deployed on Windows XP or earlier does not exhibit the Windows Vista behavior if it includes a manifest and has the requested execution level specified. 

The setup.exe in LabVIEW built installers also contains a manifest. The default requested execution level is requireAdministrator. Because the setup.exe updates system-level files, settings, and configurations, avoid changing the requested execution level of setup.exe. Changing the requested execution level of setup.exe might cause the installer to function incorrectly.

Note:  Versions of LabVIEW prior to 8.2.1 also embed a manifest; however, the manifest does not include a security section. The security section of the manifest is particularly important for applications deploying to systems running Windows Vista and later.
 

Editing the Application Manifest

Microsoft highly recommends that the requested execution level of an application be asInvoker. Therefore, asInvoker is the default requested execution level for all applications built in LabVIEW 8.2.1 or later. However, there might be occasions where you cannot adhere to this recommendation. Complete the following steps to edit the manifest.

1. Verify that mt.exe has been installed on the computer before editing the manifest (required). Use mt.exe to interact with the manifest using command-line arguments. If mt.exe is not on the computer, download the Microsoft Windows Software Development Kit (SDK) from Microsoft's website. The Windows SDK (for Vista and later) and the .NET Framework (3.0 and later) Runtime Components contains mt.exe.

 

2. To edit the manifest, it must first be retrieved. Complete the following steps to retrieve the manifest.
   1. Open the command line window. 

 

2. Enter the following command to retrieve the manifest:  mt.exe -inputresource:directory path\Application Name.exe -out:Application Name.manifest in the command line window where directory path is the path to the built application and Application Name is the name of the application.

 

3. Press the key to run the command. The application manifest with the file extension .manifest appears in the same directory as the application.

 

3. Complete the following steps to edit the manifest. 

 

1. Right-click the manifest in the destination folder and open the file in a text editor or an XML editor.
2. Locate the code . Change the value asInvoker to requireAdministrator or highestAvailable depending on the execution level desired for the built application.
3. Save the manifest file.

Validating the Manifest

The tags within the manifest are case sensitive. It is good practice to validate the changes being made to the manifest after it is edited. However, validating the manifest does not find spelling errors. Complete the following steps to validate the manifest.

1. In the command line window, enter the following command to validate the manifest: mt.exe -manifest Application Name.manifest -validate_manifest in the command line window where Application Name is the name of the application.
2. Press the key to run the command.

Applying the Manifest

After the manifest is edited and validated, apply the changes. Complete the following steps to apply the manifest.

1. In the command line window, enter the following command to apply the manifest: mt.exe -manifest Application Name.manifest -outputresource:directory path\Application Name.exe;#1 in the command line window where directory path is the path to the built application and Application Name is the name of the application.
2. Press the key to run the command.

 

Digital Signing

Digital signing lets users verify who created an application and decide whether the application is safe to install or run. Because Windows Vista and later offer additional levels of security, users might encounter additional dialogue boxes warning them about the risks of installing or running unsigned applications. By default, LabVIEW does not sign built applications, so the digital signature can be customized for an application. To reduce the amount of dialogue boxes a user encounters, sign LabVIEW built applications and installers.

Note:  You cannot sign applications or installers in versions of LabVIEW prior to 8.0.

You need the following tools to sign an application or installer:

• Signing certificate — You can purchase signing certificates from a number of vendors, including Verisign. You can purchase signing certificates only for companies or organizations. Individuals cannot purchase signing certificates. Signing certificates must be personal information exchange (PFX) files.
• Timestamp URL - Add a timestamp authority's URL to append a verified timestamp to the digital signature of your LabVIEW application or installer. An example of a timestamp URL would be  "http://timestamp.verisign.com/scripts/timestamp.dll"
• Signing tool - The Windows Driver Kit includes the signing tool, which is used to apply the digital signature.To sign a LabVIEW built application, you need to sign only the .exe file. You do not need to sign any other files for LabVIEW built applications and installers. Digital signing involves procuring third-party providers for digital certificates, and no single procedure for signing code exists. 

 

Examples

When you edit manifests and sign applications or installers, you must do so in the correct order to avoid overwriting the manifest or voiding the digital signature. You must always edit and apply the manifest before signing the application or installer. The following examples suggest the order you should follow for editing manifests and applying digital signatures.

• LabVIEW Built Applications

1. Build the application.
2. Edit the application manifest, if necessary.
3. Sign the application .exe file.
4. Build the installer.

•   LabVIEW Built Installers

1. Build the installer.
2. Sign the setup.exe file.

Rebuilding a LabVIEW built application or a LabVIEW built installer results in setting the manifest back to the default settings. If you make changes in the manifest and then rebuild the application or installer, you must change the manifest again. Additionally, if you rebuild an application or installer that you signed, you must sign the application or installer again.