You can simply act as an administrator and modify permissions of the file system objects in question, that the application will be able to access them with its default permissions. But would it be good to do so? I would answer: it's no good at all. So, how else you can add extra permissions?
The application cannot possible get more rights than the user who starts the application. The best you can do to get more rights is to request administrative privileges by the application itself, assuming that the user account already has administrative rights. With Windows 7, just logging as Administrator is not enough to give any application administrative permission. Additionally, such user should request of just confirm this when given a UAC "Do you want to allow…" message box by the OS, to
elevate the application permission to administrative level. This is explained here:
http://en.wikipedia.org/wiki/User_Account_Control[
^].
From the user standpoint, there are different ways to do it:
http://www.sevenforums.com/tutorials/11841-run-administrator.html[
^].
All the application can do is to request the elevated permission from the very beginning. In this case, the user will see the UAC dialog immediately and will be confirm or deny the request when the application is about to be finally loaded for execution. This option be prescribed in the application manifest.
Whatever you do, there is no a way to bypass the user confirmation with the UAC dialog, unless you reduce the safety level of the system in general.
Please see how can you request the elevation using the manifest:
http://www.gregcons.com/KateBlog/AddingAManifestToAVistaApplication.aspx[
^].
(Credit to
Abhinav who provided the reference above, but unfortunately did not interpret its effect correctly; it does really elevate the privileges, only requests.)
Here is how you can disable or turn off UAC in Windows 7:
http://www.mydigitallife.info/how-to-disable-and-turn-off-uac-in-windows-7/[
^].
I strongly recommend to avoid doing it.
However, instructions to "disable UAC for certain applications" circulate. Please see:
http://www.wintuts.com/Disable-UAC-for-certain-applications[
^].
And my final advice is: better avoid it. It's the best for the application to use only file system object placed in predefined legitimate directories. For read-only access, it could be the executable directory, or its sub-directory, but for read-write access, it should be one of the "special directories" predefined per user account, or the one for "all users". The .NET libraries provides standard ways to determine the location of these directories.
I provide complete code and explanation of how to find these directories in my past answers. Please see:
How to find my programs directory[
^] (executable directory),
How to find my programs directory[
^] ("special" directories).
Again,
best security is to
avoid violation of the principles of best safety practices.
—SA
Submit an article or tip