Hi, I am working on migration of applications from XP to WIndows 7 environment. We have set of UAC non complaint applications which need to be migrated to win7. The issue is whether to use a shim (RunAsInvoker) or to give the users of these non complaint apps admin rights. My querries are : 1. Will it be a security breach if RunAsInvoker shim is applied to applications that are UAC non complaint?(We do not have manifest files to all the applications in this set to make changes and to make the apps understand UAC) 2. On applying the shim the user will no longer be prompted and so the basic functionality of the uac is changed and so it could be a security breach. Instead is it better to give the users of all these applicaitons be given admin rights, so that the prompt comes before launching the app and they still go on working? As any decision would affect a large number of users or would require a major change in the group policies, could you please suggest the most feasible and long term feasible solution to this issue. Thanks in Advance..

Hi, The RunAsInvoker compatibility fix should be considered as a possible resolution if the application prompts for elevation, but can also run successfully as a Standard User. I think there is no security breach if RunAsInvoker shim is applied to applications. The RunAsAdmin compatibility fix causes an application to require administrator privileges. If you use this shim, you need to provide admin rights to all users who use the application. Using the RunAsInvoker Fix http://technet.microsoft.com/en-us/library/dd638389(v=ws.10).aspx Using the RunAsAdmin Fix http://technet.microsoft.com/en-us/library/dd638315(v=ws.10).aspx Niki Han TechNet Community Support