Windows UAC Configuration
Relevant Platforms: Windows
Windows User Account Control (UAC) determines the execution privileges of your Wails application. By default, Wails v3 applications include explicit UAC configuration in their Windows manifest, ensuring consistent behavior across different machines.
UAC Execution Levels
Windows applications can request different execution levels through their manifest file. Wails v3 automatically includes UAC configuration with a default execution level that you can customize based on your application’s needs.
Available Execution Levels
| Level | Description | Use Case |
|---|---|---|
asInvoker | Runs with the same privileges as the parent process | Default for most applications |
highestAvailable | Runs with the highest privileges available to the user | Applications that may need elevated access |
requireAdministrator | Always requires administrator privileges | System utilities, installers |
Default Configuration
Wails v3 applications include a default UAC configuration in their Windows manifest:
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security></trustInfo>This configuration ensures your application:
- Runs with the same privileges as the launching process
- Does not require elevation by default
- Works consistently across different machines
- Does not trigger UAC prompts for normal users
Customizing UAC Configuration
Since Wails v3 encourages users to customize their build assets, you can modify the UAC configuration by editing your Windows manifest template directly.
Locating the Manifest Template
The Windows manifest template is located at:
build/windows/wails.exe.manifestModifying the Execution Level
To change the execution level, edit the level attribute in the requestedExecutionLevel element:
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator" uiAccess="false"/> </requestedPrivileges> </security></trustInfo>Examples
Standard Application (Default)
Most applications should use the default asInvoker level:
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>System Utility
Applications that need elevated access when available:
<requestedExecutionLevel level="highestAvailable" uiAccess="false"/>Administrative Tool
Applications that always require administrator privileges:
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>UI Access
The uiAccess attribute controls whether your application can interact with higher-privilege UI elements. In most cases, this should remain false.
Set to true only if your application needs to:
- Send input to other applications
- Drive the UI of other applications
- Access UI elements of higher-privilege processes
Building with Custom UAC Settings
After modifying your manifest template, build your application normally:
wails3 buildThe build process will automatically embed your custom UAC configuration into the executable.
Verifying UAC Configuration
You can verify that your UAC settings are properly embedded using the go-winres tool:
go-winres extract --in your-app.exe --out extracted-resources/Then examine the extracted manifest file to confirm your UAC configuration is present.
Troubleshooting
UAC Prompts Not Appearing
If you set requireAdministrator but don’t see UAC prompts:
- Verify the manifest is properly embedded in your executable
- Check that you’re not running from an already-elevated process
- Ensure the manifest syntax is valid XML
Application Not Starting
If your application fails to start after UAC changes:
- Check the manifest syntax for XML errors
- Verify the execution level value is valid
- Try reverting to
asInvokerto isolate the issue
Inconsistent Behavior Across Machines
If UAC behavior differs between machines:
- Ensure the manifest is embedded in the executable (not external)
- Check that the executable wasn’t modified after building
- Verify Windows UAC settings are enabled on the target machine