Installing and Running Desktop Programs
You install desktop apps via the Windows Store. You install programs using a downloaded installer or installation media. Part of the installation process involves checking the credentials and prompting for consent if the user doesn't have appropriate privileges. As part of installing a program, you might also need to specify whether you want to make the program only available to you or to all users of the computer.
With older programs, Windows might not be able to properly determine the permissions required for installation. Solve this problem by canceling the installation and then rerunning the setup program with elevated privileges. To do this, locate the executable file for the installer. Right-click this file, and then click Run As Administrator. With a downloaded installer, you typically need to double-click the file you downloaded to begin the setup process. Next, you may be prompted to confirm that you want to make changes to your computer. If so, click Yes and begin the setup process. Follow the prompts to complete the installation.
Not all downloaded programs use direct installation. With some downloaded programs, you'll be prompted for a folder location where the setup files can be extracted and stored. Afterward, you'll then need to initiate setup by running the setup program for the application. Typically, this program is named Setup.exe.
To install an application using installation media, you insert the disc in the DVD drive. Windows should then check for an autorun file, such as Autorun.inf. If present, the autorun file specifies the action that the operating system should take and might also define other installation parameters. Autorun in turn invokes a setup program, such as Setup.exe.
If the autorun process doesn't start for some reason, access the installation media in File Explorer and then double-click the setup program. Next, you may be prompted to confirm that you want to make changes to your computer. If so, click Yes to continue and begin the setup process. Follow the prompts to complete the installation.
Compliant versus Legacy Applications
The way that applications are installed and run, where applications write data, and what permissions applications have is controlled by User Account Control (UAC). Applications used with Windows 10 are divided into two general categories. Either they are UACcomplaint or considered to be legacy applications.
Compliant applications use UAC to reduce the attack surface of the operating system. This prevents unauthorized applications from installing or running without the user's consent and restricts the default privileges granted to applications. Both of which make it harder for malicious software to take over a computer.
Applications that run on Windows 10 derive their security context from the current user's access token. By default, UAC turns all users into standard users even if they are administrators. Before an administrator user can use administrator privileges, she must consent to the elevation. During the elevation process, a new access token is created containing the user's privileges, and this new access token is used to start the elevated application.
Whether applications need to run with standard or administrator privileges depends on the actions the application performs. Administrator user applications differ from standard user applications because they require elevated privileges to run and perform core tasks. Once started in elevated mode, an application with a user's administrator access token can perform tasks that require elevated privileges and can also write to system locations of the registry and the file system.
In contrast, standard user applications don't require elevated privileges to run or to perform core tasks. Once started in standard user mode, an application with a user's standard access token must request elevated privileges to perform administration tasks. For all other tasks, the application runs using standard user privileges and can only write data to nonsystem locations of the registry and the file system.
Applications not written for UAC compliance run with a user's standard access token by default and must use a special compatibility mode. This compatibility mode allow the non-compliant application to use virtualized views of file and registry locations. When the non-compliant application attempts to write to a system location, Windows 10 gives the application a private copy of the file or registry value. Any changes are then written to this private copy, and this private copy is then stored in your profile data. If the application attempts to read or write to this system location again, Windows 10 gives the application the private copy from your profile to work with. For more information about UAC and related prompts.
Setting Run Levels for Applications
Generally, only applications running with an administrator user access token run in elevated mode. Sometimes, however, you'll want an application running with a standard user access token to be in elevated mode. For example, you might want to open the Command Prompt window in elevated mode so that you can perform administration tasks. There are two basic ways to set the run level for applications. You can run an application once as an administrator or you can always run an application as an administrator. To run an application once as an administrator, right-click the application's menu item on Start, and then click Run As Administrator. Or if an application shortcut is pinned to the taskbar, you must right-click the pinned item, right-click the item again in the jump list, and then click Run As Administrator.
UAC controls whether you can elevate applications in this way:
- If you are using an administrator user account and prompting for consent is enabled, you are prompted for consent before the application is elevated and run in administrator mode.
- If you are using a standard user account and prompting is enabled, you are prompted for consent before the application is elevated and run in administrator mode.
- If you are using a standard user account and prompting is disabled, the application will fail to run.
You also can mark an application so that it always runs with administrator privileges, which is useful for resolving compatibility issues with legacy applications that require administrator privileges. This approach also is useful for UAC-compliant applications that normally run in standard mode but that you use to perform administration tasks.
To mark a program to always run as an administrator, follow these steps:
- Locate the program shortcut by right-clicking the program on Start and selecting Open File Location. This opens File Explorer with the .exe file for the program selected.
- Right-click the program's .exe file, select Send To and then select Desktop (Create Shortcut).
- On the desktop, right-click the shortcut and then select Properties.
- In the Properties dialog box, on the Compatibility tab, select Run This Program As An Administrator and then click Apply.
The program will now always run with the access token for an administrator user. Keep in mind that if you are using a standard account and prompting is disabled, the program will fail to run. If note that if the option is dimmed (unavailable), the application is blocked from always running at an elevated level, the application does not require administrator credentials to run, or you are not logged on as an administrator.
