Share via


HighestAvailable and requiresAdministrator when you’re neither Standard User nor Administrator

There is something between standard users and administrators. In UAC discussions we limit ourselves often times to members of the administrators group who get the filtered token and the full token when they log on. But what if you're a member of – say – Network Configuration operators. In that case you're not a standard user (you can do a little more) and you're certainly not an administrator.

Let's test. I have two applications: one manifested with highestAvailable and another with requiresAdministrator. Now I log in as a member of the Network Configuration Operators and I try to run both applications. Here is what happens when I run the first application:

 

Ah. The credentials dialog. So I need to retype my credentials (remember that if I were a member of administrators group, I would get the UAC prompt). This will allow me to give admin credentials as well. So I can see why this was chosen instead of the UAC prompt. At least it defaults to the logged in account.

When I launch the requireAdministrator application I get this one.

No surprise, just the regular over-the-shoulder credential dialog. Here is what happens if I type the Network Configuration Operators password:

As expected it won't elevate: the requested operation requires elevation. Elevation to a full administrator that is since it is manifested with requiresElevation.

Comments