windows - Difference between "highestAvailable" and "requireAdministrator" in manifest in terms of Elevation?

Question

I used "highestAvailable" in my exe's manifest. But in standard user and UAC ON its not elevating the exe.

Is this the behavior of "highestAvailable"?

I referred this MSDN link but its not clear whether "highestavailable" will elevate the exe or not. My requirement is to elevate the exe if UAC is on.

I changed to "requireAdministrator" and my exe is getting elevated in standard user with UAC ON.

Can someone explain me in detail about the elevation behavior of these two options "highestAvailabe" and "requireAdministrator"?

Answer 1

highestAvailable will elevate if the current user is an administrator. Which is consistent with what you have observed. When a standard user runs the process, no UAC dialog is shown and the process runs with the standard token. When an admin user executes, the UAC consent dialog is shown and the process will then run elevated.

If your program requires admin rights to function then you need to use requireAdministrator. When a standard user starts such a process, the over-the-shoulder UAC dialog is shown. That gives the user an opportunity to ask an admin to supply their credentials.

You should only use highestAvailable if your program is capable of running with a limited functionality in case the user is not able to elevate. This is what is meant by mixed-mode in the MSDN topic linked by your question.