Steps:
http://social.msdn.microsoft.com/Forums/en-US/toolsforwinapps/thread/8529357f-3ff8-4c83-baaf-5215ca9cc14a
- Create new Win32 Project
- Finish the wizard with no changes
- Change the CreateWindow call to CreateWindowEx and set WS_EX_TOPMOST
- Go to Project.Properties... Linker.Manifest File
- Change UAC Bypass UI Protection to: Yes (/uiAccess='true')
- Build
- Use signtool to sign the test app
- Copy the test app into Program Files
- Run test app
- Bring up the Start screen -> test app is on top
- The application must demand uiAccess (app.manifest)
- The application must assert “topmost” window positioning (either in Win32/SetWindowPos or WinForms/WPF’s “Topmost” property, programmatically or otherwise)
- Without making changes to the group policy setting, it must be installed to some trusted location [C:\Windows, C:\Program Files, C:\Program Files (x86)].
- Note: If you want to be able to run it out of an arbitrary location, you must disable the security setting: “User Account Control: Only elevate UIAccess applications that are installed in secure locations”.
- Note2: This is the same as setting HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ValidateAdminCodeSignatures to 0
- Said application cannot be ran in the debugger
- If it’s a .NET application
- The manifest must be embedded in a post-build step
- The application must have “delayed signing” (meaning it cannot be ran from the built-in debugger, although you can build and attach – this is what Microsoft does)
- The application must be signed with a trusted certificate.
- Said trusted certificate must be installed to the Trusted Root Certificate Authority (this is important! It must not just simply installed)
1) Open an elevated command prompt
- Click start
- Find Cmd Shell or command prompt
- Right-click, click Run As Administrator
2) Create a trusted root certificate
- Browse to the folder that you wish to contain a copy of the certificate
- In the command shell, execute the following commands:
makecert -r -pe -n "CN=Test Certificate - For Internal Use Only" -ss PrivateCertStore testcert.cer
certmgr.exe -add testcert.cer -s -r localMachine root
3) Sign your file
- In the command shell, browse to the location of your exe
- In the command shell, type:
SignTool sign /v /s PrivateCertStore /n "Test Certificate - For Internal Use Only" /t http://timestamp.verisign.com/scripts/timestamp.dll APP.exe
Where APP.exe is your application.