Digitally Sign Installed LaunchAnywhere Launchers
Summary
This article describes how to digitally sign the LaunchAnywhere launchers installed by InstallAnywhere on Windows. After digitally signing the launchers, the Publish field of the UAC prompt will be populated rather than referencing an 'Unknown Publisher'.
Synopsis
This article describes how to digitally sign the LaunchAnywhere launchers installed by InstallAnywhere on Windows. After digitally signing the launchers, the Publish field of the UAC prompt will be populated rather than referencing an 'Unknown Publisher'.
It is recommended that all executable files that are distributed to Windows target systems be digitally signed. This includes 'but is not limited to' product files that have following file extensions: .exe, .dll, .ocx, .sys, .cpl, .drv, and .scr. It also includes the installer files and the LaunchAnywhere files.
If you do not sign your files and end users launch an .exe file or installer that requires elevated privileges on a Windows Vista or later system, the UAC prompt that Windows displays shows the unknown publisher type of UAC prompt.
If the files are signed, Windows displays a UAC prompt that shows the name of the publisher that is identified by the digital certificate.
Discussion
In order to sign the LaunchAnywhere launchers an executable installed with InstallAnywhere must be signed prior to building. The executable which needs to be signed depends on the type of launcher that is being created. There are two properties of the Create LaunchAnywhere action which will determine the executable that must be signed.
Launcher Type
This can have a value of either Graphical or Console. When launched from a command prompt, Graphical launchers run asynchronously, meaning control is immediately returned to the command prompt and the launcher runs in a separate process. When launched from a command prompt, Console launchers run synchronously and do not return control to the command prompt until its process ends.
Windows Execution Level
This property controls how the executable is manifested for UAC.
The following table lists the executable that must be signed based on the setting of these two properties. All of these executables are installed with InstallAnywhere at:<IA_HOME>\resource\launchanywheres\windows
| Graphical | Console | |
|---|---|---|
| As Invoker | lax_gui_invoker.exe | lax_console_invoker.exe |
| Highest Available | lax_gui_highest.exe | lax_console_highest.exe |
| Administrator | lax_gui_admin.exe | lax_console_admin.exe |
After signing the appropriate executable, the installer must be rebuilt. After rebuilding and installing the product, when the installed LaunchAnywhere launcher is executed, the Verified Publisher UAC prompt will be displayed.
The method of actually signing the executable is left to be determined by the developer. One method of digitally signing Windows executable is to use the signtool utility which is distributed as part of the Microsoft Windows Software Development Kit. Please see the Additional Information section for links to the Microsoft documentation for signtool.
Additional Information
For more information regarding LaunchAnywhere launchers, please see this HelpNet article.
For information regarding the signtool utility distributed by Microsoft, please see this MSDN page.
