Windows User Account Control (UAC)
In Windows Vista or above, the correct way to mark your applications is to embed an application manifest within your program that tells the operating system what the application needs. The Windows application manifest has been enhanced with attributes that permit developers to mark their applications with a requested execution level.
The available options are:
- As Invoker - The application runs with the same access token as the parent process. (Recommended for standard user applications)
- Highest Available - The application runs with the highest privileges the current user can obtain. (Recommended for mixed-mode applications)
- Require Administrator - The application runs only for administrators and requires that the application be launched with the full access token of an administrator. (Recommended for administrator only applications)
- No Execution Level Information - Advanced Installer does not embed the requested execution level information in Windows application manifest.
When using an EXE bootstrapper or a Java product, Advanced Installer embeds an application manifest file with the selected execution level. Operating systems earlier than Windows Vista ignore the required execution level specified in the application's manifest.
The benefit of elevating the bootstrapper application is that privileges are elevated only once (if necessary) and these privileges are inherited by all of the installation's prerequisites and the MSI file without requiring multiple elevation prompts. In most cases, running an application with elevated privileges on Windows Vista or above platforms is not recommended.
Unless an application is designed to be run exclusively by system administrators, it should be run with the least privileges.
On Windows Vista and above, when no execution level information is set in the application's manifest and the application is not elevated previously the application runs in "legacy mode" for backwards compatibility support. In this mode the operating system uses a virtualization mechanism for the file system and registry to access. This means that its attempt to create or change files in restricted folder locations or to write in registry restricted hives is redirected (reflected) towards a "per-user" accessible location.
Windows Vista or above heuristically detects installation, updater, uninstallation programs and requests administrator credentials or administrator approval in order to run with access privileges. This heuristic detection checks such attributes like: filenames, keywords, versioning resources, etc. (e.g. keywords like: "install", "setup", "update", etc.). Note that this detection heuristic applies only if you do not add requested execution level information to the application's manifest. Beware, if you do not set an execution level information your application might be easily mistaken as an application that needs administrator privileges.
For additional information please check the online Microsoft documentation on Windows UAC.