The following diagram represents the process flow for executable launches in Windows Vista®.
The following is a description of the process flow displayed in the UAC architecture diagram and how UAC is implemented when an executable attempts to launch.
Standard User Launch Path
The Windows Vista standard user launch path is similar to the Windows XP launch path, but includes some modifications.
ShellExecute() calls CreateProcess().
CreateProcess() calls AppCompat, Fusion, and Installer Detection to assess if the application requires elevation. The executable is then inspected to determine its requestedExecutionLevel, which is stored in the executable's application manifest. The AppCompat database stores information for an application's application compatibility fix entries. Installer Detection detects setup executables.
CreateProcess() returns a Win32 error code stating ERROR_ELEVATION_REQUIRED.
ShellExecute() looks specifically for this new error and, upon receiving it, calls across to the Application Information service (AIS) to attempt the elevated launch.
Elevated Launch Path
The Windows Vista elevated launch path is a new Windows launch path.
AIS receives the call from ShellExecute() and reevaluates the requested execution level and Group Policy settings to determine if the elevation is allowed and to subsequently define the elevation user experience.
If the requested execution level requires elevation, AIS launches the elevation prompt on the caller’s interactive desktop (based on Group Policy), using the HWND passed in from ShellExecute().
Once the user has given consent or valid administrator credentials, AIS will retrieve the corresponding access token associated with the appropriate user, if necessary. For example, an application requesting a requestedExecutionLevel of highestAvailable will retrieve different access tokens for a user that is only a member of the Backup Operators group than for a member of the local Administrators group.
AIS reissues a CreateProcessAsUser() call, supplying the administrator access token and specifying the caller’s interactive desktop.