Hello, I would like to understand the privilege elevation mechanism in Windows 7 (Vista) in more detail (see my questions below). Could you, please, point me to a relavant documentation? In particular I need to learn keywords that I can "google" in order to get some more info on this topic. (For instance, I tried to search "UAC", but all documentation to the UAC topic is too general, I have found no answers to my questions.) Questions: What happens exactly when I choose "Run as administrator" on an application? I noticed several things concerning processes with rights elevated this way: These processes do not see my disk letters mapped via the "subst" command. This probably means that they do not inherit my user context. (I found that when I execute the "subst" with elevated rights, then all my processes - both normal and with elevated rights - see the mapped disks.) How can I make the disk letters that I map in "Start -> All Programs -> Startup" (executed during logon) to be seen even by the "elevated" processes? In Project Explorer I see (on process details -> Security tab) that normal processes have "BUILTIN\Administrators"="Deny", while processes with elevated rights have "BUILTIN\Administrators"="Owner". What does it mean "Owner"? Are there other possible values? Moreover, normal processes have "Medium" in the "Process Image -> Integration" column in Process Explorer, while "elevated" processes have "High". Is the "Windows integrity mechanism" somehow related to the privilege elevation? E.g. in the sense that "High" integration means administrator privileges? How can I selectively (=for selected applications, not globally) turn off the UAC dialog "Do you want to allow the program to make changes to your computer"? In particular, I want some programs in "Start -> All Programs -> Startup" to be executed with administration rights (upon logon). Even when an application (notably cmd.exe) is executed with elevated administration rights, it still does *not* have all administrator privileges granted (automatically). For instance it does not obtain "SeRestorePrivilege" or "SeTakeOwnershipPrivilege", which prevents it e.g. from deleting some folders (for which administrators do not have "delete" privilege assigned). How am I to perform administration using batch scripts, if these scripts do not get all rights even with elevated administration privileges? Thank you, Martin.

I'm not sure if these articles will answer all your questions but these appear to be pertinent to it - UAC Processes and Interactions UAC Architecture UAC Group Policy Settings and Registry Key Settings MowGreen Windows Expert IT Pro - Consumer Security

The thread discussing my questions can be found here: http://www.wilderssecurity.com/showthread.php?t=290811 Martin.