Quote Originally Posted by baja_yu View Post
Vista and 7 has compatibility mechanisms that detect keywords like setup, install, update in the exe name and project description (file properties) and will automatically elevate such a process. This is good and bad. Good it makes old installers work (most of them) without the need to do right click > Run as administrator, but on the other hand if you named your exe or project something like "InfoUpdater" it will be automatically elevated every time which you will most likely not want to happen.
This only happens for a legacy program, i.e. one that does not declare itself Vista Aware, i.e. one that does not have a proper application manifest with ExecutionLevel set to "asInvoker" if you don't want to require elevation.
Quote Originally Posted by baja_yu View Post
Aside how stupid this thing is, MS also never provided a way of downgrading the privilege level. This means that if an application running with admin rights shells another application, that other application will be launched with admin rights too. On the other hand, applications running as standard user can request elevation of a process to admin level (followed by the UAC prompt).
How is this an issue?

If your program has elevated privileges and it spawns an external process it should "know where that process has been." I.e. don't write programs that run arbitrary programs.

If a program is running unelevated and the user wants to request an elevated action it is perfectly reasonable to elevate just that function (either via the Elevated COM Moniker or RunAs or just Shell-ing an external process that has an elevation manifest.

Finer control is always available through the use of security tokens and the various CreateProcessXXX API calls.