Windows Dev Center

UAC: All Information Developers need about the User Account Control (UAC)

    General discussion

  • Hi and welcome.

    Since, so many users always are asking about UAC and they have a lot of different questions, I decided to share information and knowledge from my own experience.

    User Account Control (UAC) is a new security feature in Windows Vista™. This new security technology is used for malware execution prevention.

    UAC can also cause trouble: yes UAC will cause so called trouble for normal PC users who do NOT understand how to use the UAC technology.

    As a developer I want to make my application UAC aware: well this isn’t easy to do if you are a beginner in Microsoft® Development and in developing “windowsapplications”. However what’s great is that I will guide you through and give all information you might need.

    Consent prompt
    Figure A: UAC credential prompt dialog.

    Give my application full-rights at launch: by changing the
    requestExecutionLevel to “requireAdministrator
    ”, your application (*.exe) will be decorated with a shield icon (see picture below) and run through UAC elevation.

    <?xml version="1.0" encoding="utf-8"?>

    <asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="">

      <assemblyIdentity version="" name="" />

      <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">


          <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">

            <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />



            <PermissionSet class="System.Security.PermissionSet" version="1" Unrestricted="true" ID="Custom" SameSite="site" />

            <defaultAssemblyRequest permissionSetReference="Custom" />





    More details:

    <!-- UAC Manifest Options

                If you want to change the Windows User Account Control level replace the

                requestedExecutionLevel node with one of the following.


            <requestedExecutionLevel  level="asInvoker" uiAccess="false" />

            <requestedExecutionLevel  level="requireAdministrator" uiAccess="false" />

            <requestedExecutionLevel  level="highestAvailable" uiAccess="false" />


                If you want to utilize File and Registry Virtualization for backward

                compatibility then delete the requestedExecutionLevel node.


    To execute another process through UAC elevation: you use the
    ProcessStartInfo class; you also enable UseShellExecute and add “runas” for Verb



                    ProcessStartInfo proc = new ProcessStartInfo();

                    proc.UseShellExecute = true;

                    proc.WorkingDirectory = @"C:\Windows\System32\";

                    proc.FileName = @"C:\Windows\System32\cmd.exe";

                    proc.Verb = "runas";




                catch (Exception ex)




    I want to add the nice UAC shield icon to my button: this we can easy do by using the API which can be found in the User32.dll:


            public static extern UInt32 SendMessage

                (IntPtr hWnd, UInt32 msg, UInt32 wParam, UInt32 lParam);


            internal const int Normal = 0x1600; // Normal button.

            internal const int Shield = 0x160C; // UAC shield will be added to the button. Important Note: The APIs to decorate a button are the same in Windows® 7 as in Windows Vista™. To launch your app with full permission, as always the edit the  
    app.manifest the same settings apply for Windows® 7.  

    Additional information:

    Have a nice day…

    Best regards,

    If you have any feedback, please tell us.
    Send us any feedback you have about the help from MSFT at
    Friday, August 14, 2009 12:03 PM

All replies