Here's a quick reference to help you navigate the User Account Control (UAC) mine field that was introduced in Microsoft's Windows Vista operating system.
If you're an application packager, you'll want to bookmark this bad boy.
This security setting determines the behavior of Admin Approval mode for the Built-in Administrator account.
The options are:
Default: Disabled
This security setting determines the behavior of the elevation prompt for administrators
Default: Prompt for consent
This security setting determines the behavior of the elevation prompt for standard users
Default: Prompt for credentials (home) / Automatically deny elevation requests (enterprise)
This security setting determines the behavior of application installation detection for the entire system.
Default: Enabled (home) / Disabled (enterprise)
This security setting will enforce PKI signature checks on any interactive application that requests elevation of privilege. Enterprise administrators can control the admin application allowed list thru the population of certificates in the local computers Trusted Publisher Store.
This security setting will enforce the requirement that applications that request execution with a UIAccess integrity level (via a marking of UIAccess=true in their application manifest), must reside in a secure location on the file system. Secure locations are limited to the following directories:
...\Program Files\, including subdirectories ...\Windows\system32\r ...\Program Files (x86)\, including subdirectories for 64 bit versions of Windows
Default: Enabled
This security setting determines the behavior of all UAC policies for the entire system.
This security setting determines whether the elevation request will prompt on the interactive users desktop or the Secure Desktop.
This security setting enables the redirection of legacy application write failures to defined locations in both the registry and file system. This feature mitigates those applications that historically ran as administrator and wrote runtime application data back to either %ProgramFiles%, %Windir%; %Windir%\system32 or HKLM\Software\....
Virtualization facilitates the running of pre-Vista (legacy) applications that historically failed to run as Standard User. An administrator running only Windows Vista compliant applications may choose to disable this feature as it is unnecessary.