Requesting elevation
A program can request elevation in a number of different ways. One way for program developers is to add a requestedPrivileges section to an XML document, known as the manifest, that is then embedded into the application. A manifest can specify dependencies, visual styles, and now the appropriate security context:
Setting the level attribute for requestedExecutionLevel to "asInvoker" will make the application run with the token that started it, "highestAvailable" will present a UAC prompt for administrators and run with the usual reduced privileges for standard users, and "requireAdministrator" will require elevation.[16] In both highestAvailable and requireAdministrator modes, failure to provide confirmation results in the program not being launched.
An executable that is marked as "
requireAdministrator" in its manifest cannot be started from a non-elevated process using CreateProcess(). Instead, ERROR_ELEVATION_REQUIRED will be returned. ShellExecute() or ShellExecuteEx() must be used instead. If an HWND is not supplied, then the dialog will show up as a blinking item in the taskbar.Inspecting an executable's manifest to determine if it requires elevation is not recommended, as elevation may be required for other reasons (setup executables, application compatibility). However, it is possible to programmatically detect if an executable will require elevation by using
CreateProcess() and setting the dwCreationFlags parameter to CREATE_SUSPENDED. If elevation is required, thenERROR_ELEVATION_REQUIRED will be returned.[17] If elevation is not required, a success return code will be returned at which point you can use TerminateProcess() on the newly created, suspended process. This will not allow you to detect that an executable requires elevation if you are already executing in an elevated process, however.