• Applications run with the same security privileges as the currently logged-on user. In older operating systems such as Windows 2000 and Windows XP, the Run As option existed to run an application as a different user without having to log off and log on again as the other user. This Run As feature has been modified in Windows 7 to now be known as the Run as administrator option. Details of the security privileges that apply to the currently logged-on user are stored in a security token that is compiled when the user first logs on. When User Account Control is active, the user may have a secondary administrative security token linked to their identity. This is true if the logged-on user is an administrator equivalent account for the local computer. As mentioned in the File and Registry virtualization section in this chapter, some applications can automatically trigger the prompt for administrator-level access when an application is started. If an application or the operating system do not trigger this, and it is required, it can be manually initiated by right-clicking on the program and clicking Run as administrator from the resulting pop-up menu.
• User Account Control prompts for confirmation to allow this action and, if the logged-on user confirms it, their administrative security token will be used to launch the application in a separate security space.
• This is useful for the occasional time when a program must run at an elevated level. If this is required all the time and the developer cannot rewrite the application to support User Account Control, then the application's properties can be modified. By bringing up the application's properties and selecting the Compatibility tab, an option is present to Run this program as an administrator. If this is selected, User Account Control always prompts for administrative access when the application is started.

Activity 11-10