-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This patch adds automatic UAC elevation prompting for privileged users.
(signed patch attached) - -- Josh Cepek -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQGcBAEBAgAGBQJSeSgfAAoJENcx2Xpgb9Rj/JQL/1uXroXqY02BPv20/TmsZVPn 6OEKZvoBRkMwtj0Zjb83Vp5GA+Nhf0IWk2Dftk5Uss+ZYFtQD6yG5a8P8yPIm96d lD5Xd7/iKcbrb3GsZkUyrwICAKwtwWLBYn3QqOvso1r65kt4OVM13xBKLFnrL0Bn Tb8NHuzmRa48bUVACXL4UhF3W4mjIUGNp9P/ChzBRPVQISyZnzRi+6/mCLoRPnVV nypYV7CLqhMUsgZRuDoKPXyP2WWgn0vhfZ9WRE7Yh66sTX58lCJCv//l3dgLKsnA I7J0UOqB4Fp0Il8x+aLBnS2wezaiu3G29n/iS6EgX5fb263WB4reAyjbpoHoXzDy a0GzcXoXnaFbOQnPoxYyYJCv585e3XR2+uJPFuRpceGD8h85Ax9+JpPgUF4eJCW8 siYFpp5l+/C9q6bgnTJ0WeF9Qbh7NMZSJdA1VJ7zllS/ofseYrd+XmnOtIu/6p4c sJrVjYiQVvsgDg53JWhhmpvMlByLtrX2T9QEGgCWBw== =63k0 -----END PGP SIGNATURE-----
From 2d2ae7a30c013632927b931c541be5cfa29c6610 Mon Sep 17 00:00:00 2001
From: Josh Cepek <josh.ce...@usa.net>
Date: Tue, 5 Nov 2013 13:03:08 -0600
Subject: [PATCH] Add GUI UAC elevation under Vista and higher
Currently, nearly all usage of OpenVPN requires administrative rights
due to route addition needs, which involves manually running the GUI
with elevated permissions today.
This patch builds the GUI program with a manifest that automatically
requests elevation to the highest available permission held by the
current user. The benefit is that users who have administrative rights
automatically get prompted to elevate through UAC, which is generally
the expected behaviour.
For the use-case that specifically involves running with reduced
privileges, users lacking administrative access will not be prompted to
elevate as there is no higher privilege available. The only loss of
functionality with this change is administrative users are no longer
able to run without admin rights. This shouldn't be a problem because
that kind of security need generally involves account/role separation
anyway.
The benefit for the vast majority of users is that route addition won't
fail due to lacking permission, leaving the VPN connected but unable to
route expected traffic.
Signed-off-by: Josh Cepek <josh.ce...@usa.net>
---
res/openvpn-gui.manifest | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/res/openvpn-gui.manifest b/res/openvpn-gui.manifest
index 9371d71..45c34b5 100644
--- a/res/openvpn-gui.manifest
+++ b/res/openvpn-gui.manifest
@@ -21,7 +21,7 @@
<security>
<requestedPrivileges>
<requestedExecutionLevel
- level="asInvoker"
+ level="highestAvailable"
uiAccess="false"/>
</requestedPrivileges>
</security>
--
1.8.1.5
gui-uac.patch.sig
Description: PGP signature
