今天新建了一個VS控制檯工程RegTrustedInstallerDemo，編譯出來的可執行檔案RegTrustedInstallerDemo.exe居然請求以管理員許可權執行。

經過一番探索之後發現，只要檔名裡包含setup、install、patch、update，執行時都會請求管理員許可權。

具體原因可以參考微軟的連結：

Installer Detection Technology

Installation programs are applications designed to deploy software, and most write to system directories and registry keys. These protected system locations are typically writeable only by an administrator user, which means that standard users do not have sufficient access to install programs. Windows Vista heuristically detects installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows Vista also heuristically detects updater and uninstallation programs. Note that a design goal of UAC is to prevent installations from being executed without the user's knowledge and consent since they write to protected areas of the file system and registry.

Installer Detection only applies to:

1. 32 bit executables

2. Applications without a requestedExecutionLevel

3. Interactive processes running as a Standard User with LUA enabled

Before a 32 bit process is created, the following attributes are checked to determine whether it is an installer:

• Filename includes keywords like "install," "setup," "update," etc.
• Keywords in the following Versioning Resource fields: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
• Keywords in the side-by-side manifest embedded in the executable.
• Keywords in specific StringTable entries linked in the executable.
• Key attributes in the RC data linked in the executable.
• Targeted sequences of bytes within the executable.

解決方案：為工程新增清單檔案，在清單檔案中包含執行級別即可。

<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
        <requestedPrivileges>
            <requestedExecutionLevel level="asInvoker" uiAccess="false" />
        <!--
            可任選以下配置之一指定一個程序許可權：
            <requestedExecutionLevellevel="asInvoker" uiAccess="false" />
            <requestedExecutionLevellevel="requireAdministrator" uiAccess="false" />
            <requestedExecutionLevellevel="highestAvailable" uiAccess="false" />

            requireAdministrator 為管理員許可權，
            highestAvailable 為可以獲取到的最高許可權，
            asInvoker 為預設值,即呼叫程序當前許可權,一般不需要顯式指定,指定後會禁用虛擬化。    
        -->
        </requestedPrivileges>
    </security>
</trustInfo>