You are here: NI Home > Support > Product Reference > Manuals > LabVIEW 8.5 Help

Windows Vista from Microsoft introduces additional levels of security, including User Account Control. By prompting the user to enter an administrative password prior to installing applications or completing other tasks, User Account Control helps prevent users from inadvertently introducing viruses or other types of changes that might destabilize the system. Additionally, a user who logs into Windows Vista as a standard user can write only to specific locations on disk. Standard user is the default login for Windows Vista. Refer to the KnowledgeBase for more information about User Account Control on Windows Vista.

The security changes introduced by Windows Vista result in the following two issues to consider when using the LabVIEW Application Builder for Windows Vista:

• LabVIEW embeds an application manifest in every LabVIEW built application and installer.
• Built applications and installers for LabVIEW built applications are not signed.

In addition to this help topic, you can refer to the following resources for more information about developing applications for Windows Vista:

• Refer to the KnowledgeBase for more information about development considerations for Windows Vista applications.
• Refer to the KnowledgeBase for the most up-to-date information about Windows Vista and the LabVIEW Application Builder.

Application Manifests

LabVIEW embeds an application manifest in every LabVIEW built application and installer. Because the manifest is embedded in the application, you must retrieve the manifest before it appears in the directory with the application. The manifest is an XML file with the extension .manifest. The manifest contains information that describes the application properties to Windows. While manifests are not new to Windows, the security section of the manifest is a new feature. You can now specify the requested execution level in the manifest for an application you deploy on Windows Vista.

Specifying the execution level of the application determines the required security privileges you need to launch an application. The execution level of the application determines if the application displays a dialog box prompting the user to give administrator consent or to enter an administrator password before launching the application. Applications that require administrator privileges have a security shield overlay on the application icon. Whether the application runs as an administrator or standard user then determines several properties of the application, including the directories to which the application can write. If you launch an application as a standard user, the application cannot write to protected directories and registries. The Program Files directory is an example of a protected directory on Windows Vista.

Microsoft recommends that applications run without requiring administrator privileges. Therefore you should design applications so they do not attempt to access protected areas of the operating system. Running without administrator privileges gives all users the opportunity to run the application as intended.

The following code is an example manifest for a LabVIEW built application.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0>

<assemblyIdentity version="1.0.0.0"

processorArchitecture="X86"

name="National Instruments.LabVIEW.LabVIEW"

type="win32"/></assemblyIdentity>

<description>LabVIEW Development System</description>

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">

<security>

<requestedPrivileges>

<requestedExecutionLevel

level="asInvoker"

uiAccess="false"/>

</requestedPrivileges>

</security>

</trustInfo>

</assembly>

The requested execution level of a built application can be any of the following values:

• asInvoker—(Default) The built application executes with the same access privileges as the user, either standard or administrator. The application does not display a dialog box prompting the user for consent before it runs. If the application runs as standard user, the application cannot write to protected directories. If the application runs as administrator, the application can write to protected directories.
• highestAvailable—The built application executes with the highest access privileges possible. If the user has only standard user privileges, the application does not display a dialog box prompting the user for consent, but the application cannot write to protected directories. If the user has administrative privileges, the application displays a dialog box prompting the user to either consent or to enter the administrator password and can write to protected directories.
• requireAdministrator—The built application executes at the administrator level. If the user has only standard privileges, the application displays a dialog box prompting the user to enter the administrator password and can write to protected directories. If the user has administrator privileges, the application displays a dialog box prompting the user for consent before it runs. The application can write to protected directories.

If you develop a LabVIEW built application in LabVIEW 8.2.1 or later and deploy the application on Windows 2000/XP or earlier, a built application that includes a manifest and has the requested execution level specified does not exhibit the Windows Vista behavior. The Windows 2000/XP ignores the security section of the manifest.

The setup.exe in LabVIEW built installers also contains a manifest. The default requested execution level is requireAdministrator. Because the setup.exe updates system-level files, settings, and configurations, avoid changing the requested execution level of setup.exe. Changing the requested execution level of setup.exe might cause the installer to function incorrectly.

Refer to the KnowledgeBase for more information about application manifests.

Digital Signing

Digital signing lets users verify who created an application and decide whether the application is safe to install or run. Because Windows Vista offers additional levels of security, users might encounter additional dialog boxes warning them about the risks of installing or running unsigned applications. By default, LabVIEW does not sign built applications so you can customize the digital signature for an application. To reduce the amount of dialog boxes a user encounters, sign LabVIEW built applications and installers.

You need the following tools to sign an application or installer:

• Signing certificate—You can purchase signing certificates from a number of vendors, including Verisign. You can purchase signing certificates only for companies or organizations. Individuals cannot purchase signing certificates.
• Signing tool—The Windows Driver Kit includes the signing tool. You use the signing tool to apply the digital signature. Refer to the KnowledgeBase for more information about downloading the Windows Driver Kit.

To sign a LabVIEW built application, you need to sign only the .exe file. To sign a LabVIEW built installer, you need to sign only the setup.exe. You do not need to sign any other files for LabVIEW built applications and installers. Digital signing involves procuring third-party providers for digital certificates, and no single procedure for signing code exists. Refer to the KnowledgeBase for more detailed information about digitally signing applications or installers for deployment on Windows Vista.