Command line application with manifest asInvoker

The recommendation for command line applications is to use requestedExecutionLevel=asInvoker in the manifest. If you would mark your console application as “requireAdministrator” (or “highestAvailable” and you are a member of the administrators group) and launch it from a filtered token prompt, you will see a new console window popping up. All the output will go to that console and when your app is done the window will disappear. Hardly useful if you need to see the output.

The reason for this is that command line applications share the UI with the cmd.exe console that hosts the command line app. Since we can’t change the token mid-flight we have to open a new console if the launched application requires a full administrator and the token of the original prompt is the filtered admin token.

So the guidance is to mark your application with asInvoker in the manifest. If you need to perform tasks in the application that require admin privileges, you can check with IsUserAnAdmin() or GetTokenInformation whether you have those privileges. If you don’t, you can prompt the user to launch the application from an elevated command prompt. Chkdsk.exe is a nice example on how it should be done.

Maarten