Some legacy Windows applications always trigger a UAC prompt asking for administrator credentials when launched on Windows 10 or Windows 11.
This usually happens because the application contains an embedded manifest requesting elevated privileges such as:
requireAdministrator
or
highestAvailable
In many cases, these applications do not actually require administrator privileges to function correctly. The elevation requirement was added during development but is not necessary for normal operation.
This can become a problem in environments where users do not have local administrator rights.
Quick Solution
You can force Windows to ignore the application’s elevation request by applying the RunAsInvoker compatibility fix.
This can be done using Compatibility Administrator, which is included in the
Windows Assessment and Deployment Kit.
After applying the fix, the application will start without triggering a UAC prompt and will run with the same privileges as the current user.
Step-by-Step Fix
1. Install Compatibility Tools
Download and install the Windows Assessment and Deployment Kit.
Official Microsoft documentation:
https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install
During installation select the component:
Application Compatibility Tools
After installation open:
Compatibility Administrator
You will see two versions:
- Compatibility Administrator (32-bit)
- Compatibility Administrator (64-bit)
If the application is 32-bit, it is recommended to use the 32-bit version of the tool.
2. Create a Compatibility Fix
Inside Compatibility Administrator:
- Right-click Custom Databases
- Select:
New Database → Create New → Application Fix
This opens the Create new application fix wizard.
3. Configure the Application
Fill in the application information.
Example:
Program name
Legacy Camera Client
Vendor
IWMS
Program file location
Select the executable file of the application.
Click Next.
4. Apply the RunAsInvoker Fix
In the Compatibility Fixes list:
- Find RunAsInvoker
- Enable the checkbox
- Click Next
Configure Matching Information:
The wizard will display the Matching Information window:
This step defines how Windows will identify the target application when applying the compatibility fix.
For most cases, the default settings generated by the tool are sufficient.
The recommended approach is:
- Leave the automatically selected attributes unchanged
- Ensure that FILE_VERSION and PRODUCT_VERSION remain selected
- Click Finish
These attributes allow Windows to correctly match the compatibility fix to the executable file.
If you want the fix to remain valid even after minor software updates, you can keep only a few stable identifiers such as:
PRODUCT_NAMEFILE_DESCRIPTIONCOMPANY_NAME
Using too many matching attributes may cause the fix to stop working if the application is updated and some metadata changes.
This creates a compatibility shim that overrides the application’s elevation requirement.
Admin Tip
If the application is frequently updated, avoid strict matching rules such as:
PE_CHECKSUM LINK_DATE SIZE
These values often change between builds and may prevent the compatibility fix from applying.
5. Save the Compatibility Database
Save the database file.
Example:
LegacyCam_db.sdb
You can save the .sdb file in any location. A common and practical approach is to store it in the same directory as the application executable, especially if the fix is intended for a single machine.
This makes the fix easier to manage later because the compatibility database remains stored together with the application it was created for.
In larger environments or when deploying the fix to multiple computers, administrators often store the .sdb file in a central repository or deployment share and install it using scripts.
6. Install the Fix
To activate the fix:
Right-click the database in Compatibility Administrator and select:
Install
Windows will register the compatibility database and automatically apply the fix whenever the application starts.
Test the Application
Launch the application normally.
Expected behavior:
- The application starts without a UAC prompt
- The program runs using standard user privileges
If the application works correctly without administrative rights, the fix is successful.
Deploy the Fix to Multiple Computers
If you need to deploy the fix across multiple machines, copy the .sdb file and install it using the Windows shim installer.
Command:
sdbinst.exe LegacyAppsFix.sdb
This command registers the compatibility database on the target system.
To uninstall the fix later:
sdbinst.exe -u LegacyAppsFix.sdb
This method allows administrators to deploy compatibility fixes through:
- login scripts
- software deployment tools
- group policy startup scripts
Infrastructure Engineer with hands-on experience in Windows Server, Active Directory, SCCM, Exchange, and Linux environments. Concentrated on resolving production issues and keeping systems stable and reliable.