Call to Action

Windows Vista is here, and user accounts are no longer administrators by default, so make sure your application runs correctly as a standard user.

Do not, under any circumstances, recommend that your customers disable UAC.

If your application runs successfully as a normal user account simply because of folder and registry virtualization, you should plan to fix your code as soon as possible, because virtualization will be removed eventually.

Do not use the fact that your application can write to the Program Files directory as a sign your application is running as an administrator or power user. It was true in most cases in Windows XP that a user writing the Program Files was an elevated user, but it is not the case in Windows Vista because of virtualization, because virtualization only applies to non-administrator processes.

It is highly recommended that you download the Standard User Analyzer tool, run your application through it, and triage the output. Any warning could indicate issues that may make your application fail to run correctly as a low-privilege user.

If your application is one socket away from the Internet, consider lowering the integrity level of the process to Low.

Digitally sign your application.