Give Administrator rights to the application

I wonder if there is any simple way to grant admin privileges to the app itself

You need to provide a UAC manifest for your app that has its requestedExecutionLevel value set to requireAdministrator.

Create a text file with a .manifest file extension, and put the following XML in it:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="MyAppAssemblyNameHere" type="win32"/>
  <description>My App Description</description>
  <!-- uncomment this to enable ComCtl v6 Visual Styles...
  <dependency>
    <dependentAssembly>
      <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"/>
    </dependentAssembly>
  </dependency>
  -->
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>

Create a text file with a .rc file extension, and have it reference the .manifest file:

1 24 "myapp.manifest"

Compile the .rc file into a .res file using the command-line brcc32.exe utility.

brcc32 myapp.rc

In your project, go to Project > Options > Application and uncheck the "Enable runtime themes" checkbox. This disables Delphi's default manifest, which only enables ComCtl v6 Visual Styles (which is why you need to enable styles manually in a custom manifest).

Now add the compiled .res file to your project, and build.

or conversly, grant those privileges by code.

Not directly, no. UAC elevation only happens at process startup. Once a process has started running, it cannot be elevated dynamically. However, what you CAN do is either:

1. call ShellExecute/Ex() with the "runas" verb to launch another copy of your app with an extra command-line parameter (or a separate .exe) to run your administrative logic as needed. "runas" will elevate that process, even if it does not have a UAC manifest. If your main app needs to wait for the admin process to finish, it can specify the SEE_MASK_NOCLOSEPROCESS flag to ShellExecuteEx() and then use WaitForSingleObject() or related function to wait on the returned HANDLE, which will be signaled when the launched process exits.

2. move your administrative logic into a COM object that your main .exe can instantiate in an elevated state using the COM Elevation Moniker when needed.

This way, your main .exe does not need to use a requireAdministrator manifest, which you should always strive to avoid unless you REALLY need the entire app to run with admin rights.

Author by

user2383818

Updated on June 07, 2022