Windows UAC and Elevation for Self-Extracting Packages¶
Self-Extracting packages and installers created with Paquet Builder often need to perform tasks requiring administrative privileges, such as placing files into common folders, writing registry keys, or registering shared files.
Since Windows Vista, User Account Control (UAC) ensures that even administrators run applications with standard user privileges by default. If an application requires administrative privileges, a UAC prompt appears, requesting the user’s permission (or an administrator password) to proceed.
To ensure that your package works correctly under Windows Vista or later, it must be marked with the appropriate requested execution level in its application manifest.
Setting the Requested Execution Level in Paquet Builder¶
An application manifest specifies the privileges required for your package. In Paquet Builder, you can configure this by navigating to Build -> EXE Output Configuration.
You have the following options:
1. No Elevation (Default - "As Invoker")¶
- If you turn off the "Request elevated rights (User Account Control)" option, the package will run with the same privileges as the process that launched it.
- Suitable for packages that do not require administrative privileges.
2. Require Elevation¶
- Enable the "Request elevated rights" option and choose one of the following levels:
- Require Administrator:
- The package will always run with full administrative privileges.
- Users without administrative rights will be prompted to enter administrator credentials.
- Highest Available:
- The package will run with the highest privileges available to the current user.
- If the user is an administrator, the package runs with full privileges; if not, it runs with standard privileges.
Paquet Builder will automatically include a UAC-compliant manifest in your package based on your selection.
Best Practices for UAC and Elevation¶
- Use "Require Administrator" if your package modifies system settings or writes to protected locations such as
Program Files
orHKEY_LOCAL_MACHINE
. - Use "Highest Available" for applications that can function with limited privileges but take advantage of elevated rights if available.
- Digitally sign your installer:
- UAC prompts for unsigned applications display a warning, which may concern end users.
- Learn how to digitally sign your installer here.
Warning
Packages that require elevation will not run correctly without administrative rights. Always test your package on a standard user account to confirm proper behavior.