0

I'm using signtool.exe to create a digital signature for my Installer.exe, but I want the installer's manifest file to have the requestedExecutionLevel = "requireAdministrator". To do so I'm running a build.bat file that contains the following: steps

    • extract the manifest:
      mt -inputresource:\Installer.exe;#1 -out:\Installer.exe.manifest
    • change the elevation from asInvoker to requireAdministrator
    • update the manifest file with the new value:
      mt.exe -nologo -manifest "\Installer.exe.manifest" -outputresource:"\Installer.exe;#1
  2. sign the Installer.exe using the signtool.exe
    signtool.exe sign /f ....\Common\ /p "password" /t http://tsa.starfieldtech.com /v build\Installer.exe

First step worked smoothly, but when the digital signature is executed, the manifest file gets updated with the requestedExecutionLevel = "asInvoker".

I tried first signing and afterwords setting the requestedExecutionLevel, but that removes my digital signature.

Didn't find a similar issue. Any ideas?

Improve this question

1 Answer 1

Reset to default
-1

Ok, so I found out how to solve the problem.

When trying to run mt.exe it was failing because I didn't have the PATH set, so what I did was simply set the path localy in the batch file that is calling the extract manifest and update manifest. My batch file looks like this: 

SETLOCAL

SET PATH=%PATH%;C:\Program Files (x86)\Windows Kits\8.1\bin\x64;

CALL extractManifest.bat

CALL changeElevation.bat

CALL updateManifest.bat

CALL codeSigning.bat

Now it works, I have both the digital signature and the requestedExecutionLevel=requireAdministrator.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.