First posted to MSDN on Sep, 13 2009
Updated 17-Sept-2009
My friend
Aaron
has been trying to post a comment with his recommendation. However, it never, never, ever shows up because apparently we either don’t buy good software for our blogging system, or else the software has a personal vendetta from him (perhaps it’s angry at him for not posting often enough himself). But his comment is worthwhile, so here it is:
Rather than use that undocumented (and unsupported) environment variable, why not just change the "regedit" invocation to "REG.EXE IMPORT"? REG.EXE doesn't demand elevation -- it's manifested "asInvoker", and can import .reg files...
Here’s a trick I used to help out a customer:
My customer was using a logon script to set some per-user registry keys when the user logged in. This worked fine for their standard users on Windows XP, and it also worked fine for their standard users on Windows 7. However, it added an extra prompt for the few folks who had exceptions to be members of the Administrators group.
You see, they were using regedit.exe to import a .reg file. And, even though they didn’t need administrator privileges to edit the parts of the registry they wanted to modify, the entire application is manifested as highestAvailable, so it would always prompt for their administrators.
So I cooked up the following .bat file to achieve the same thing without annoying their administrators:
set __COMPAT_LAYER=RunAsInvoker
start regedit.exe
And they were off to the races.
Was there another way? Perhaps. But this let them keep their existing scripts and only have to add a single line at the front, so it was the path of least resistance.
