"highestAvailable" confuses many people.

As I understand it, it means exactly what it says.

Suppose, for example, somebody has permissions as a Backup Operator, Power
User, Server Operator, or whatever (depends on the operating system as to
what are available). But he is not an Administrator.

requireAdministrator will fail unless he gets an over-the-shoulder
authorization from somebody who is an Administrator.

highestAvailable will try the existing user's unrestricted token (with his
Backup Operator or whatever other privileges) and run the application at
that level.

Jane