With Windows Vista or above, the correct way to mark a program is to embed an application manifest within your application that tells the operating system what the application needs. There are attributes within this application manifest that permit developers to specify their programs level of execution or
requested execution level.
The request level options are as follows:
- As Invoker – The application runs with the same access token as the parent process. (Recommended for standard user applications)
- Highest Available – The application runs with the highest privileges the current user can obtain. (Recommended for mixed-mode applications)
- Require Administrator – The application runs only for administrators and requires that the application be launched with the full access token of an administrator. (Recommended for administrator only applications)
- No Execution Level Information – The application does not have an embeded request execution level manifest.
When making a PAF it can be good practice to embed an application manifest file with a
request execution level. Operating systems earlier than Windows Vista ignore the required execution level specified in the application's manifest.
The benefit of elevating your PAF is that privileges are elevated only once (if necessary) and these privileges are inherited by all of the process' that are executed from your PAF without requiring multiple elevation prompts. In most cases, running an application with elevated privileges on Windows Vista and above is not recommended and as such you should really try to just use
asInvoker where you can.
virtualization mechanismfor the file system and registry to access. This means that its attempt to create or change files in restricted folder locations or to write in registry restricted hives is redirected (reflected) towards a "per-user" accessible location. See VirtualStore for more information on how this applies here.
requested execution levelinformation to the application's manifest. Beware, if you do not set an execution level information your application might be easily mistaken as an application that needs administrator privileges.
Below is the code needed for adding a manifest in your PAF. This code should go somewhere within
PortableApps.comLauncher.nsi towards the beginning of the file. You can download the required files to use this code for your PAFs just below the example code. These files should be placed in a folder called Manifests inside the Contrib directory in the NSIS application folder. So if you are using this with your NSISPortable, then the full filepath would look like the following:
You would uncomment line 1 or line 2 depending on your particular needs. Remember to try and use
asInvoker or User when possible.