Hi

Trying to use the 'both7.manifest' file provided by Jane Fleming (included
it in my App) but when I try to run the app on Windows 7 I get the following
error:

'Unable to open Security Access file'
'Consult your application supplier'

Not sure what it is in the manifest file which causes this
Any ideas ?

Regards
Bernhard

> Hi
>
> Trying to use the 'both7.manifest' file provided by Jane Fleming (included
> it in my App) but when I try to run the app on Windows 7 I get the following
> error:

Bernhard,

IF using C7 - C7 now includes Windows 7 manifest - Global Properties -
Application Manifest

This applies to C6, C7, etc - Correct name to include manifest

yourprogramname.exe.manifest

Plus, since you're in a Setupbuilder newsgroup - if you have Setupbuilder -
you can easily Windows 7 manifest within Setupbuilder.

Those are general statments about manifesting your program file.

Not sure what your error implies.

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

Hi
I know Setupbuilder takes care of Windows 7 manifest by itself - no problem.
I have code-signed both the install and my app - no problem
I am just struggling with the manifest file which I need to
include in my App - there are problems -tried to use Jane Fleming example
manifest file and got error.
I will dig into this further - Thanks for your help.

Regards

Bernhard

> Hi
> I know Setupbuilder takes care of Windows 7 manifest by itself - no problem.
> I have code-signed both the install and my app - no problem
> I am just struggling with the manifest file which I need to
> include in my App - there are problems -tried to use Jane Fleming example
> manifest file and got error.

Bernhard,

I'd suggest this - remove Jane Fleming's manifest from your working folder.

Instead, Windows 7 manifest it in SetupBuilder - screenshot shows where -
do it FIRST, Then Codesign your program exe - Test - see if that clears
your problem.

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

Bernhard,

Just to be clear on this - my suggestion is DON'T try to manifest in the
APP itself - Windows 7 manifest your PROGRAM.EXE using SetupBuilder
referring to the previous screenshot I displayed for location.

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

Hi

Arrgh ! - My mind was stuck in manifesting the APP
itself. Things work fine - thanks

Regards
Bernhard

Hi
I was litle bit to fast to say 'things ok'
I still get the error (see attachment).
I use Setupbuilder to manifest my program.
The install (setup) itself is ok when testing on Win 7
but if I try to run my APP (after install) I get the error.
If I skip the new manifest and use my old xp manifest
and manifest my APP myself then there are no errors
and the APP runs fine on win 7 - no questions asked.

Using Clarion EE ABC 6.3 buld 9056
SB 7.2.3015 and CodeSign from Comondo

Regards
bernhard

Bernhard,

> I was litle bit to fast to say 'things ok'
> I still get the error (see attachment).
> I use Setupbuilder to manifest my program.
> The install (setup) itself is ok when testing on Win 7
> but if I try to run my APP (after install) I get the error.
> If I skip the new manifest and use my old xp manifest
> and manifest my APP myself then there are no errors
> and the APP runs fine on win 7 - no questions asked.

IMO, this is a Capesoft Secwin error! Please note that the manifest makes
your application UAC-aware. So I think your application tries to write to a
protected area, but runs non-elevated and so does not have the access rights
to do this.

And of cause, it has nothing to do with SetupBuilder or the code-signature
at all.

Friedrich

BTW, when you launch your application from the installer, make sure you have
the "Launch non-elevated under UAC" enabled. This is VERY important.
Otherwise, your application will be executed elevated and you should never
do this from the installer.

So the next step is to make your application UAC-compatible (do not write to
protected areas) and you are done.

Friedrich

Hi
Yes I thought so - it is SecWin
Strange ! each time I skip the (Win7) manifest in my app
it runs fine on Win 7. No manifest then no UAC
how comes ?
One question though:
What is the pupose of manifesting my Program via
SetuBuilder (see attachment) if I already have inclduded manifest in my
Program via Clarion ?

regards

Bernhard

Hi Bernhard,

> Yes I thought so - it is SecWin
> Strange ! each time I skip the (Win7) manifest in my app
> it runs fine on Win 7. No manifest then no UAC
> how comes ?
> One question though:
> What is the pupose of manifesting my Program via
> SetuBuilder (see attachment) if I already have inclduded manifest in my
> Program via Clarion ?

No, it's not strange <g>. It's UAC (a Windows Vista, Windows Server 2008,
Windows 7 and Windows Server 2008 R2 feature)!

And your application does NOT run fine. If you do not add a manifest then
"virtualization" kicks in and you'll run into a support nightmare (very)
soon. Windows redirects your invalid write actions to a virtual folder and
suppresses the error. Adding a manifest makes your application UAC-aware
and it's not a legacy application any longer. Virtualization is disabled
now (good) and the application reports an error (correct).

Your application (as it is now) will also not run in a locked down
environment (e.g. XP Limited User account). So it's not a Windows 7 nor an
UAC thing per-se. It's a design issue in your application.

BTW, you can't manifest and already manifested executable. If you have
embedded a manifest with Clarion (make sure it's Windows 7 aware) then you
do not need the "Embed UAC Manifest" compiler directive in SB7.

Friedrich

BTW, although your problem is not an installation issue (it's an application
design issue), you'll find very interesting UAC-related information here in
our SetupBuilder forums and in the "Leanring SetupBuilder Part I" manual.

http://www.lindersoft.com/forums/forumdisplay.php?f=14

http://www.lindersoft.com/sb7_Examples.exe

Friedrich

Hi

Application design issue ????
Been in forum -did not provide any further info.
My conclusion is that if I make my App UAC aware
with manifest (win 7) the Secwin error seems to pop in.
Tried this many time - some SecWin/Manifest issue here.
I will dig into this - thanks

Regards

Bernhard

Bernhard,

> Application design issue ????

Yes, Sir :-) It is not allowed to write to a protected area from an
"asInvoker" manifested and "non-elevated" running application.

And your application will have the very same problem on XP from a "Limited
User" account. So it's not a UAC problem per-se. The problem is that your
application does not follow the Windows development guidlines.

> Been in forum -did not provide any further info.
> My conclusion is that if I make my App UAC aware
> with manifest (win 7) the Secwin error seems to pop in.
> Tried this many time - some SecWin/Manifest issue here.
> I will dig into this - thanks

Just follow my very brief description of how to make an application
"UAC-aware" (posted an hour ago) and you should be able to fix it in your
application. I assume you write to the root fo the C:\ drive and this
causes it. If you run your application elevated (not recommended) then it
has permission to do this. If it runs non-elevated then it can't write to
C:\

It's NOT a CapeSoft SecWin problem nor a manifest issue!

Friedrich

> Hi
>
> Application design issue ????
> Been in forum -did not provide any further info.
> My conclusion is that if I make my App UAC aware
> with manifest (win 7) the Secwin error seems to pop in.
> Tried this many time - some SecWin/Manifest issue here.
> I will dig into this - thanks

Bernhard,

In addition to all the great advice - Friedrich has given you, if you are
using Secwin, here are some additional rules to follow:

http://www.capesoft.com/docs/secwin/secwin.htm#FAQ6.2

6.2. Question: My app was running fine in Windows XP - but in Vista, it
does not find the security file?

Answer: It's almost certainly got to do with the location of your dssw4
file. See the Secwin Global Extension, Files tab.

Under XP it's ok to place the dssw4 file in the windows directory. In Vista
(Windows 7, I added this) this isn't going to work. Recommended practice is
setting the dssw4 file to be the same location as the rest of the data.

However the data MUST be in UAC Safe folders. That is one of the points,
Friedrich is making in his "make your application "UAC-aware" rules list.

My company provides a CHM version of this blog - many helpful hints in the
CHM for designing your Clarion program to be UAC Safe and follow Windows
guidelines.

Product Description - App Data UAC Safe, MFG - Encourager Software
Internet Link - http://profileexchanges.com/blog/?p=120

IF you are using C6, C7 ABC only - ProPath is an easy to use template for
helping you set the CORRECT UAC Safe folders.

Product Description - ProPath, MFG - LANSRAD
Internet Link - http://www.clarionproseries.com/html/propath.html

David

--
From David Troxell - Encourager Software
Microsoft Forums NNTP Bridge - Instructions to use
http://profileexchanges.com/blog/?p=397

Hi David
Actually I came across this before you sent this
but thanks anyway.
I will use Winevent from CapeSoft to move the security
file.

Regards

Bernhard

Bernhard,

Without a manifest, Windows will put things in strange places, not report an
error, and just want you to be happy.
You may think that amounts to "running fine."
But as Friedrich wrote, that creates a support nightmare because your files
and registry entries won't be where you think they are, and will be visible
to one user and not to another one.

Having a manifest tells Windows that you know the rules. But then you'll
get error messages if you break them.

Jane

Hi Jane

As I said in previous message I suspect SecWin - the loacation of SecWin
security file seems to be the main issue here. I need to move this file to
different folder I think - have not tested this yet.
By the way:
Why should Win 7 wants to make me happy running
Program without manifest. ??

Regards

Bernhard

Because Microsoft loves you <g>

(Actually, virtualization was created to allow old applications that don't
know the rules to "sort of work".
If only one person uses the computer, he may never notice a problem.
The problem comes if a different person logs onto the computer. Now, he
won't see any information entered by the first person.
If you have a subscription to clarionmag.com, I wrote some articles a few
years ago with pictures illustrating what happens.)

Jane


> Why should Win 7 wants to make me happy running
> Program without manifest. ??
>
> Regards

Here is the attachment.

Bernard

The following is a very brief description of how to make an application
"UAC-aware"

-- Standard Application:

1. Embed an UAC manifest into your main application (.EXE). A manifest
basically tells Windows how aware the program is about the recent
Windows versions (and disables "Virtualization"). You should include
a manifest for Windows 7 (it's fully backward compatible with all
previous Windows versions).

2. Request "asInvoker" execution level privileges through the manifest for
your application.

3. Code-sign all your application files (e.g. .EXE, .DLL).

4. Your application should not depend on any administrative APIs.

5. Do not write per-user information or user-writable information to Program
Files or Program directories.

6. Do not write to any other protected Windows area (e.g. the OS drive root
folder, the "Windows" folder tree, etc.).

7. Do not write to the HKEY_LOCAL_MACHINE or any other protected registry
key.


-- Standard Installation:

1. Use an UAC-aware installation system. By default, installations run
elevated.

2. Install applications per-machine (all users) and store per-user data in
different locations.

3. Do not install Quick Launch shortcuts.

4. Never write to per-user locations from the elevated running installer.
That means, never write to the HKEY_CURRENT_USER registry key or to
per-user file locations.

5. Launch applications non-elevated at the end of the installation process.

6. Code-sign the installer.

Note: if you have to install "per-user" data, install it to a common
location and as a "first run" action of your main application, copy the
data from the common location into a per-user location.

Respect the recommended (default) locations for applications and data files,
but provide users with an option to select another installation location for
both. A true "Mixed User Application" should work elevated and
non-elevated.

That's it :-)

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows 7 installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner