User account control (UAC) test
Tests the app to verify that it doesn't need unnecessarily elevated permissions to run.
An app that operates or installs only when the user is an administrator forces users to run the app with unnecessarily elevated permissions, which can allow malware to enter the user's computer.
When users are always forced to run applications with elevated access tokens, the app can server as an entry point for deceptive or malicious code. This malware can easily modify the operating system, or worse, affect other users. It is nearly impossible to control a user that has full administrator access, because Administrators can install applications and run any application or script on the computer. IT managers are always seeking ways to create "standard desktops" where users log on as standard users. Standard desktops greatly reduce help desk costs and reduce IT overhead.
Most applications don't require administrator privileges at run time. A standard-user account should be able to run them. Windows apps must have a manifest that defines execution levels and tells Windows what privileges the application requires to run. The app manifest only applies to .exe files, not .dll files. User Account Control (UAC) does not inspect DLLs during the creation of the process. UAC rules don't apply to Windows services. The app manifest can be embedded or external.
To create a manifest, create a file with the name <app_name>.exe.manifest and store it in the same directory as the EXE. Note that any external manifest is ignored if the application has an internal manifest.
For example, <requestedExecutionLevel level=""asInvoker | highestAvailable | requireAdministrator"" uiAccess=""true|false""/>
The main process of the application must be run as a standard user (asInvoker). Any administrative features must be moved into a separate process that runs with administrative privileges.
User facing applications that require elevated privileges must be Authenticode signed.
Note Applies to desktop app certification only.
A waiver is required for apps that run their main process with elevated privileges (requireAdministrator or highestAvailable). The main process is the process that provides the user’s entry point to the application.
Waivers will be considered for the following scenarios:
● Administrative or system tools with execution level set to highestAvailable, requireAdministrator , or both.
● Only Accessibility or UI automation framework application sets the uiAccess flag to TRUE to bypass the user interface privilege isolation (UIPI). To properly start app utilization, this flag must be Authenticode signed, and must reside in a protected location in the file system, such as Program Files.
Review the app's manifest file for the correct entries and permission levels.
- The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements for User Account Control (UAC)
Build date: 9/18/2012