Don't call it 'Update'

After some minor changes a simple Windows application asked at startup for 'elevated rights'.

The application manifest did not contain the 'requireAdministrator' option and nothing indicated that the application was doing anything controlled by security restrictions.

To check an application for security restrictions Microsoft provides the 'Microsoft Application Compatibility Toolkit'. When loading the application in the 'Standard User Analyzer', it indicated that there is a 'shim' for this application.

'Shims' are modules, which intercept API calls made by an application in order to patch known incompatibilities or for example pretend a different operating system or version. 'Shims' exist for a variety of known Windows applications, but a shim for this new test application was rather unlikely. Well, to locate the shim(s) there is the 'Compatibility Administrator'. Using its 'Search' toolbar button the shim related to our test application was identified as the 'Update' shim.

Selecting the shim in the 'Compatibility Administrator' showed its filter conditions for the software modules, to which it applied.

Obviously it looks for the word 'Update' in various file properties, e.g. in 'COMPANY_NAME' and 'PRODUCT_NAME'. A look at the file properties of our test app made it obvious: we had placed the word 'Update' in the product name field of the version resource.

By this we had unwittingly changed the application in a way that all of a sudden it wanted to be run with administrator rights. By removing the word 'Update' from the version resource the application become humble again and was content with being run by any user.