Hi Colin,

The original "wucheck.exe" is a standalone application. Because it is "asInvoker" manifested, it runs "non-elevated" by default and will only request administrator execution level privileges if the "parent" process instructs wucheck.exe to run elevated. For example, if you run wucheck.exe elevated through ShellExecuteEx (using the "runas" verb).

But are you sure that "wucheck.exe" triggers the elevation prompt? Perhaps it is the following:

Let us assume, you have a new web update on your server. Because you do a per-machine update (to write to protected Windows resources), the update is "requireAdministrator" manifested. Okay, you do the following:

wucheck.exe /S

wucheck.exe checks for a new web update. This is done non-elevated by default (so there is no elevation prompt). If an update is available, it downloads and executes it. Because your update (located on the server) is "requireAdministrator" manifested, the update (and not wucheck.exe) gives the elevation prompt.

What do you think?

Friedrich