Standard User Changes (User Account Control)
AdminStudio 2021 | 21.0 | Application Manager
For this operating system compatibility test, the Windows Installer database is scanned for the presence of .exe files (other than installations and upgrades) that cause the User Account Control (UAC) prompt to be displayed.
Test Group/Test Category
| • | 0020—Operating System Compatibility/Windows 7 (32-Bit) |
| • | 0220—Operating System Compatibility/Windows 7 (64-Bit) |
| • | 0320—Operating System Compatibility/Windows 8.1 (32-Bit) |
| • | 0420—Operating System Compatibility/Windows 8.1 (64-Bit) |
| • | 2620—Operating System Compatibility/Windows 10-1803 (32-Bit) |
| • | 2820—Operating System Compatibility/Windows 10-1809 (and 2019 LTSC) (32-Bit) |
| • | 5020—Operating System Compatibility/Windows 10-1903 (32-Bit) |
| • | 5220—Operating System Compatibility/Windows 10-1909 (32-Bit) |
| • | 5420—Operating System Compatibility/Windows 10-2004 (32-Bit) |
| • | 5620—Operating System Compatibility/Windows 10-20H2 (32-Bit) |
| • | 2720—Operating System Compatibility/Windows 10-1803 (64-Bit) |
| • | 2920—Operating System Compatibility/Windows 10-1809 (and 2019 LTSC) (64-Bit) |
| • | 5120—Operating System Compatibility/Windows 10-1903 (64-Bit) |
| • | 5320—Operating System Compatibility/Windows 10-1909 (64-Bit) |
| • | 5520—Operating System Compatibility/Windows 10-2004 (64-Bit) |
| • | 5720—Operating System Compatibility/Windows 10-20H2 (64-Bit) |
| • | 0120—Operating System Compatibility/Windows Server 2008 R2 |
| • | 0520—Operating System Compatibility/Windows Server 2012 |
| • | 0620—Operating System Compatibility/Windows Server 2016 |
| • | 1020—Operating System Compatibility/Windows Server 2019 |
Severity
Warning
Message
This Windows Installer database contains an unmanifested file [FILE_NAME] (Table: File, Key: [FILE_KEY]).
Background
On Windows Vista and later systems, all applications are run by default with standard user privileges, even when the logged-on user is a member of the Administrators group. If an application requires elevated privileges, an accompanying manifest file can indicate this. At run time, Windows confirms that the privilege elevation that is declared in the manifest aligns with the user’s intention by displaying a UAC prompt for consent or credentials. Unmanifested executable files do not trigger a UAC prompt, and any actions that require elevated privileges—including any changes to system or global settings—silently fail. Therefore, unmanifested applications that require elevated privileges might not function properly.
Resolution
The following resolutions are available.
Manual Fix
For each unmanifested executable file, create a manifest file that sets the required privilege level. For applications that do not require administrative privileges, the required privilege level should be set to asInvoker. (That is, the UAC prompt is not shown, and permissions are not elevated.) Otherwise, the required privilege level should be set to either requireAdministrator or highestAvailable. If an application seeks an unsuited privilege level (and the manifest cannot be corrected), you can create a shim database specify the desired privilege level.
Basic Auto Fix
A manifest file is added in a Windows Installer transform to each application that requires administrative privileges but does not already have an embedded or associated manifest file. The content of the manifest depends on whether a given executable file is UAC aware. If the executable file is UAC aware, the manifest file sets the privilege level to requireAdministrator. If the executable is not UAC aware, the manifest file sets the privilege level to asInvoker.
This fix is enabled by default.
Advanced Auto Fix
No resolution is available.
See Also
The Windows Vista and Windows Server 2008 Developer Story: Application Compatibility Cookbook