Windows 7 / Security and Privacy

How UAC Examines the Application Manifest

For applications to receive a Certified For Windows Vista or Certified For Windows 7 logo, they must include an embedded requested execution level manifest that specifies the privileges required. The privilege level is one of the following:

  • asInvoker or RunAsInvoker The application runs using the standard user privileges and will not initiate a UAC prompt.
  • highestAvailable or RunAsHighest The application requests privileges higher than standard users and generates a UAC prompt. However, if the user does not provide additional credentials, the application will run anyway, using standard privileges. This is useful for applications that can adjust to either higher or lower privilege levels, or for applications that might need more privileges than a standard user, but fewer than a full administrator. For example, backup applications typically need the user to be a member of the Backup Operators group but do not require the user to be a member of the Administrators group.
  • requireAdministrator or RunAsAdmin The application requires administrative privileges, generating a UAC prompt. The application will not run with standard privileges.

Note To add a manifest to existing applications, use the Application Compatibility Toolkit (ACT), which you can download at http://go.microsoft.com/fwlink/?LinkId=23302. The ACT also includes the Microsoft Standard User Analyzer tool, which allows you to diagnose issues that would prevent a program from running properly as a standard user.

[Previous] [Contents] [Next]

In this tutorial:

  1. Windows 7 Client Protection
  2. Understanding the Risk of Malware
  3. User Account Control in Windows 7
  4. UAC for Standard Users
  5. UAC for Administrators
  6. UAC User Interface
  7. Secure Desktop
  8. How Windows Determines Whether an Application Needs Administrative Privileges
  9. How to Control UAC Using Application Properties
  10. How UAC Examines the Application Manifest
  11. UAC Heuristics
  12. UAC Virtualization
  13. UAC and Startup Programs
  14. Compatibility Problems with UAC
  15. How to Configure UAC
  16. Group Policy Settings
  17. Control Panel
  18. Msconfig.exe
  19. How to Configure Auditing for Privilege Elevation
  20. Other UAC Event Logs
  21. Best Practices for Using UAC
  22. AppLocker
  23. AppLocker Rule Types
  24. Auditing AppLocker Rules
  25. DLL Rules
  26. Custom Error Messages
  27. Using AppLocker with Windows PowerShell
  28. Using Windows 7 Defender
  29. Understanding Windows Defender
  30. Automatic Scanning
  31. Real-Time Protection
  32. Windows Defender Alert Levels
  33. Understanding Microsoft SpyNet
  34. Configuring Windows Defender Group Policy
  35. Configuring Windows Defender on a Single Computer
  36. How to Determine Whether a Computer Is Infected with Spyware
  37. Best Practices for Using Windows Defender
  38. How to Troubleshoot Problems with Unwanted Software
  39. Network Access Protection
  40. Forefront