Administrative Permission Is Required for Installation/Patching (UAC)

Since installation of a program requires adding files to the Program Files directory, it will always require administrative permissions and, therefore, must be run as a user with elevated permissions.


You can also "push" the patch with SMS or Group Policy in conjunction with the Add or Remove Programs (ARP) control panel. In this method, the user selects the software to install, and the system installer completes the installation; the user does not have to be an administrator. For initial installations, this can be dealt with by packaging the software for an installation agent to push out. However, some applications rely on frequent automatic updates that may not align well with a centrally managed application model.

Applications that detect updates and attempt to apply patches will be unable to do so, as they will not have permission to modify files in the system directories.


  • Package your application/patch for deployment with SMS. Applications can still detect that an upgrade is available (as long as they do it without requiring administrative permissions) and can redirect to the provisioning site.

  • Question whether your application needs elevated computer permissions, such as file system, registry access, or COM interoperability. If not, then it might be possible to rewrite the application as a ClickOnce deployment package, which will run in the Microsoft .NET sandbox.

  • Convert to a Web application without any client-side dependencies.

Community Additions