How to set allowElevation flag for MSIX packages

Written by Horatiu Vladasel · March 28th, 2019

Opposite to old Win32 apps, Modern Windows 10 apps come with full control of their access, just like modern mobile apps. You can control their access to certain APIs or resources like pictures, music, or hardware such as the camera or the microphone. Permissions must be requested within the package manifest.

Old Win32 apps do not use modern APIs and therefore they do not need any app capabilities declared. They will continue to work without any issue without having any app capabilities declared within the package.

It is very likely you all have come across at least one application which requires auto-elevation on launch. And to put some more clarity on those who are not so familiar with this concept, this is nothing else than User Account Control window which you have seen in earlier versions of Windows too. Below it’s a screenshot of UAC Window which we get if you launch MSIX Packaging Tool shortcut. As this is a Microsoft developed tool used by IT Pros to create and edit MSIX packages, it is easily understandable why auto-elevation is required on launch for this specific application.

As I said at the beginning, all these capabilities can be found in the "Capabilities" section within the manifest file. Though, if you plan to submit your application to Microsoft Store, please be aware that it is very unlikely to be approved if you declared allowElevation capability in your application.

       <Capabilities>
       <Capability Name="internetClient">
       <rescap:Capability Name="runFullTrust">
       <rescap:Capability Name="allowElevation">
       <Capabilities>
        

Setting this flag alone in the package manifest will not enable your application to request for elevation. As its name implies, this flag only allows your application to request for elevation. How does an application request elevation rights? It does so by setting the execution level to “requireAdministrator” from the app’s main EXE manifest

If your application does not have this value in its EXE manifest then the “allowElevation” capability will simply be ignored and the application will not try to elevate automatically when the user launches it. The user can still manually run it as an admin, if he has the credentials.

Equivalent Option in Advanced Installer

When it comes to app capabilities, Advanced Installer comes with its own way to define these easily within Advanced Installer’s interface, by selecting them from a predefined list. All you need to do is to go to “Capabilities” page and once in there, you will be presented with the full predefined list of capabilities which can be easily managed. Just by enabling “Elevation” option (see screenshot below), you can allow your package to preserve existing desktop functionality that requires auto-elevation on launch and/or during application’s lifetime.

Are you keen to find out what other capabilities you could define within Advanced Installer’s GUI along with a short description about each of them? Please have a look here.

Comments: