This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We would like to bypass Interface Privilege Isolation (UIPI) for some applications by specifying UIAccess = true in manifest files. Is it possible to add our own folder as a secure location like,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXY%3C/text%3E%3C/svg%3E)
It seems It‘s impossible to configure the secure location. But you can create a dedicated directory under these predefined directories.
Why do you want to use a different file system location for the UIAccess application?
Hi there,
It is not configurable. You can see in the link that Relatively secure locations are limited to the following directories:
\Program Files\ including subdirectories
\Windows\system32\
\Program Files (x86)\ including subdirectories for 64-bit versions of Windows
So it is limited to only certain directories.
If the reply is helpful, please Upvote and Accept it as an answer
Thank you all for supports.
Is this a good option - https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-r2-and-2008/dd834830(v=ws.11)
i.e Disable User Account Control: Only elevate UIAccess applications that are installed in secure locations and completely rely on the signing mechanism.
Define "good". Disabling this control reduces the security of the system.
Thank you for your prompt replies.
Disabling this control reduces the security of the system.
As the certificate signing is there, is it a big problem? Can you give some examples?
We have a large system of binaries and folder structure. Sort out and moving that to a secure location is a hectic task. So to reduce the impact and cost we are trying the alternatives.
Well, by allowing a UIAccess enabled application to reside in an insecure file system location you make things easier for a bad actor since Administrator privileges are no longer needed.
Got it. Thanks.