The security changes introduced by Windows Vista result in the following two issues to consider when using the LabVIEW Application Builder on Windows Vista or later:
In addition to this help topic, you can refer to the KnowledgeBase for the most up-to-date information about the LabVIEW Application Builder on Windows Vista and later.
LabVIEW embeds an application manifest in every stand-alone application and installer. Because the manifest is embedded in the application, you must retrieve the manifest before it appears in the directory with the application. The manifest is an XML file with the extension .manifest. The manifest contains information that describes the application properties to Windows. While manifests are not new to Windows, the security section of the manifest is a new feature. You can now specify the requested execution level in the manifest for an application you deploy on Windows Vista or later.
Specifying the execution level of the application determines the required security privileges you need to launch an application. The execution level of the application determines if the application displays a dialog box prompting the user to give administrator consent or to enter an administrator password before launching the application. Applications that require administrator privileges have a security shield overlay on the application icon. Whether the application runs as an administrator or standard user then determines several properties of the application, including the directories to which the application can write. If you launch an application as a standard user, the application cannot write to protected directories and registries. The Program Files directory is an example of a protected directory on Windows Vista and later.
Microsoft recommends that applications run without requiring administrator privileges. Therefore, design applications so they do not attempt to access protected areas of the operating system. Running without administrator privileges gives all users the opportunity to run the application as intended.
The following code is an example manifest for a stand-alone application.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0"
processorArchitecture="X86"
name="National Instruments.LabVIEW.LabVIEW"
type="win32"/>
<description>LabVIEW Development System</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
level="asInvoker"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
The requested execution level of a stand-alone application can be any of the following values:
If you develop a stand-alone application in LabVIEW 8.2.1 or later and deploy the application on Windows XP or earlier, a stand-alone application that includes a manifest and has the requested execution level specified does not exhibit the Windows Vista and later behavior. Windows XP ignores the security section of the manifest.
The install.exe in LabVIEW-built installers also contains a manifest. The default requested execution level is requireAdministrator. Because the install.exe updates system-level files, settings, and configurations, avoid changing the requested execution level of install.exe. Changing the requested execution level of install.exe might cause the installer to function incorrectly.
Digital signing lets users verify who created an application or installer and decide whether the application or installer is safe to install or run. Because Windows Vista and later offer additional levels of security, users might encounter additional dialog boxes warning them about the risks of installing or running unsigned applications or installers. By default, LabVIEW does not sign stand-alone applications or installers so you can customize the digital signature. To reduce the amount of dialog boxes a user encounters, sign stand-alone applications and installers using the Windows Security page of the Application Properties dialog box or the Windows Security page of the Installer Properties dialog box, respectively, when you build.
You need the following tools to sign an application or installer:
To sign a stand-alone application, you need to sign only the .exe file. To sign a LabVIEW-built installer, you need to sign only the install.exe. You do not need to sign any other files for stand-alone applications and installers. Digital signing involves procuring third-party providers for digital certificates, and no single procedure for signing code exists.