User Account Control: Only elevate UIAccess applications that are installed in secure locations

Applies To: Windows Server 2008 R2

The User Account Control: Only elevate UIAccess applications that are installed in secure locations policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following:

  • …\Program Files, including subfolders

  • …\Windows\system32

  • …\Program Files (x86), including subfolders for 64-bit versions of Windows

Note

Windows enforces a public key infrastructure (PKI) signature check on any interactive application that requests to run with a UIAccess integrity level regardless of the state of this security setting.

The options are:

  • Enabled. (Default) If an application resides in a secure location in the file system, it runs only with UIAccess integrity.

  • Disabled. An application runs with UIAccess integrity even if it does not reside in a secure location in the file system.