Training
Module
Configure User Account Control - Training
This module introduces how User Account Control works and how you can use UAC-related desktop features to reduce security risks.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
An application manifest (also known as a side-by-side application manifest, or a fusion manifest) is an XML file that describes and identifies the shared and private side-by-side assemblies that an application should bind to at run time. These should be the same assembly versions that were used to test the application. Application manifests might also describe metadata for files that are private to the application.
For a complete listing of the XML schema, see Manifest file schema.
Application manifests have the following elements and attributes.
Element | Attributes | Required |
---|---|---|
assembly | Yes | |
manifestVersion | Yes | |
noInherit | No | |
assemblyIdentity | Yes | |
type | Yes | |
name | Yes | |
language | No | |
processorArchitecture | No | |
version | Yes | |
publicKeyToken | No | |
compatibility | No | |
application | No | |
supportedOS | No | |
Id | Yes | |
maxversiontested | No | |
Id | Yes | |
dependency | No | |
dependentAssembly | No | |
file | No | |
name | Yes | |
hashalg | No | |
hash | No | |
activatableClass | No | |
name | Yes | |
threadingModel | Yes | |
activeCodePage | No | |
autoElevate | No | |
disableTheming | No | |
disableWindowFiltering | No | |
dpiAware | No | |
dpiAwareness | No | |
gdiScaling | No | |
highResolutionScrollingAware | No | |
longPathAware | No | |
printerDriverIsolation | No | |
ultraHighResolutionScrollingAware | No | |
msix | No | |
heapType | No | |
supportedArchitectures | No | |
trustInfo | No |
If possible, you should embed the application manifest as a resource in your application's .exe
file or .dll
. If you can't do that, then you can place the application manifest file in the same directory as the .exe
or .dll
.
For more info, see Installing side-by-side assemblies.
By convention an application manifest should have the same name as your app's executable file, with the .manifest
extension appended to it.
For example, an application manifest that refers to example.exe
or example.dll
should use the following file name syntax (if resource ID is 1, then you can omit the <resource ID> segment of the syntax).
example.exe.<resource ID>.manifest
example.dll.<resource ID>.manifest
Names of elements and attributes are case-sensitive. The values of elements and attributes are case-insensitive, except for the value of the type attribute.
A container element. Its first subelement must be a noInherit or assemblyIdentity element. Required.
The assembly element must be in the namespace urn:schemas-microsoft-com:asm.v1
. Child elements of the assembly must also be in this namespace, by inheritance or by tagging.
The assembly element has the following attributes.
Attribute | Description |
---|---|
manifestVersion | The manifestVersion attribute must be set to 1.0 . |
Include this element in an application manifest to set the activation contexts generated from the manifest with the "no inherit" flag. When this flag is not set in an activation context, and the activation context is active, it is inherited by new threads in the same process, windows, window procedures, and Asynchronous Procedure Calls. Setting this flag prevents the new object from inheriting the active context.
The noInherit element is optional and typically omitted. Most assemblies do not work correctly using a no-inherit activation context because the assembly must be explicitly designed to manage the propagation of their own activation context. The use of the noInherit element requires that any dependent assemblies referenced by the application manifest have a noInherit element in their assembly manifest.
If noInherit is used in a manifest, it must be the first subelement of the assembly element. The assemblyIdentity element should come immediately after the noInherit element. If noInherit is not used, assemblyIdentity must be the first subelement of the assembly element. The noInherit element has no child elements. It is not a valid element in assembly manifests.
As the first subelement of an assembly element, assemblyIdentity describes and uniquely identifies the application owning this application manifest. As the first subelement of a dependentAssembly element, assemblyIdentity describes a side-by-side assembly required by the application. Note that every assembly referenced in the application manifest requires an assemblyIdentity that exactly matches the assemblyIdentity in the referenced assembly's own assembly manifest.
The assemblyIdentity element has the following attributes. It has no subelements.
Attribute | Description |
---|---|
type | Specifies the application or assembly type. The value must be win32 and all in lower case. Required. |
name | Uniquely names the application or assembly. Use the following format for the name: Organization.Division.Name . For example Microsoft.Windows.mysampleApp . Required. |
language | Identifies the language of the application or assembly. If the application or assembly is language-specific, specify the DHTML language code. In the assemblyIdentity of an application intended for worldwide use (language neutral) omit the language attribute. In an assemblyIdentity of an assembly intended for worldwide use (language neutral) set the value of language to * . Optional. |
processorArchitecture | Specifies the processor. Valid values include x86 , amd64 , arm and arm64 . You can also specify * , which ensures that all platforms are targeted. Optional. |
version | Specifies the application or assembly version. Use the four-part version format: mmmmm.nnnnn.ooooo.ppppp . Each of the parts separated by periods can be 0-65535 inclusive. For more information, see Assembly Versions. Required. |
publicKeyToken | A 16-character hexadecimal string representing the last 8 bytes of the SHA-1 hash of the public key under which the application or assembly is signed. The public key used to sign the catalog must be 2048 bits or greater. Required for all shared side-by-side assemblies. |
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
...
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
...
</assembly>
Contains at least one application. It has no attributes. Optional. Application manifests without a compatibility element default to Windows Vista compatibility on Windows 7.
The compatibility element must be in the namespace urn:schemas-microsoft-com:compatibility.v1
. Child elements of the compatibility must also be in this namespace, by inheritance or by tagging.
Contains at least one supportedOS element. Starting in Windows 10, version 1903, it can also contain one optional maxversiontested element. It has no attributes. Optional.
The supportedOS element has the following attribute. It has no subelements.
Attribute | Description |
---|---|
Id | Set the Id attribute to {e2011457-1546-43c5-a5fe-008deee3d3f0} to run the application using Vista functionality. This can enable an application designed for Windows Vista to run on a later operating system. Set the Id attribute to {35138b9a-5d96-4fbd-8e2d-a2440225f93a} to run the application using Windows 7 functionality. Applications that support Windows Vista, Windows 7, and Windows 8 functionality do not require separate manifests. In this case, add the GUIDs for all the Windows operating systems. For info about the Id attribute behavior in Windows, see the Windows 8 and Windows Server 2012 Compatibility Cookbook. The following GUIDs correspond with the indicated operating systems: {8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a} -> Windows 10, Windows 11, Windows Server 2016, Windows Server 2019 and Windows Server 2022 {1f676c76-80e1-4239-95bb-83d0f6d0da78} -> Windows 8.1 and Windows Server 2012 R2 {4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38} -> Windows 8 and Windows Server 2012 {35138b9a-5d96-4fbd-8e2d-a2440225f93a} -> Windows 7 and Windows Server 2008 R2 {e2011457-1546-43c5-a5fe-008deee3d3f0} -> Windows Vista and Windows Server 2008 You can test this on Windows 7 or Windows 8.x by running Resource Monitor (resmon), going to the CPU tab, right-clicking on the column labels, "Select Column...", and check "Operating System Context". On Windows 8.x, you can also find this column available in the Task Manager (taskmgr). The content of the column shows the highest value found or "Windows Vista" as the default. |
The maxversiontested element specifies the versions of Windows that the application was tested against starting with the minimum OS version the application supports up to the maximum version. The complete set of versions can be found here. This is intended to be used by desktop applications that use XAML Islands and that are not deployed in an MSIX package. This element is supported in Windows 10, version 1903, and later versions.
The maxversiontested element has the following attribute. It has no subelements.
Attribute | Description |
---|---|
Id | Set the Id attribute to a 4-part version string that specifies the maximum version of Windows that the application was tested against. For example, "10.0.18362.1" for Windows 10, version 1903. Required. |
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
...
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows 10, version 1903 -->
<maxversiontested Id="10.0.18362.1"/>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />
</application>
</compatibility>
...
</assembly>
Contains at least one dependentAssembly. It has no attributes. Optional.
The first subelement of dependentAssembly must be an assemblyIdentity element that describes a side-by-side assembly required by the application. Every dependentAssembly must be inside exactly one dependency. It has no attributes.
Specifies files that are private to the application. Optional.
The file element has the attributes shown in the following table.
Attribute | Description |
---|---|
name | Name of the file. For example, Comctl32.dll. Required. |
hashalg | Algorithm used to create a hash of the file. This value should be SHA1. Optional. |
hash | A hash of the file referred to by name. A hexadecimal string of length depending on the hash algorithm. Optional. |
Allows non-packaged desktop apps to make use of user-defined Windows Runtime (WinRT) Components. This element is supported in Windows 10, version 1903, and later versions. For more information, see this article.
The activatableClass element must be in the namespace urn:schemas-microsoft-com:winrt.v1
.
The activatableClass element has the following attributes.
Attribute | Description |
---|---|
name | Specifies the class identifier for the activatable class. Required. |
threadingModel | Represents the apartment threading model to use for activating an in-process server. Valid values include both , STA , or MTA . See this article for more info. Required. |
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
...
<file name="WinRTComponent.dll">
<activatableClass
name="WinRTComponent.MessageHolder"
threadingModel="both"
xmlns="urn:schemas-microsoft-com:winrt.v1"
/>
</file>
...
</assembly>
On Windows 10, this element forces a process to use UTF-8 as the process code page. For more information, see Use the UTF-8 code page. On Windows 10, the only valid value for activeCodePage is UTF-8.
Starting in Windows 11, this element also allows selection of either the legacy non-UTF-8 code page, or code pages for a specific locale for legacy application compatibility. Modern applications are strongly encouraged to use Unicode. On Windows 11, activeCodePage may also be set to the value Legacy or a locale name such as en-US or ja-JP.
This element was first added in Windows 10 version 1903 (May 2019 Update). You can declare this property and target/run on earlier Windows builds, but you must handle legacy code page detection and conversion as usual. This element has no attributes.
The following example demonstrates how to use this element to force the current process to use UTF-8 as the process code page.
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
...
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2019/WindowsSettings">
<activeCodePage>UTF-8</activeCodePage>
</asmv3:windowsSettings>
</asmv3:application>
...
</assembly>
Specifies whether auto elevate is enabled. TRUE indicates that it is enabled. It has no attributes. The executable file must be digitally signed by Windows Publisher. For internal use.
Specifies whether giving UI elements a theme is disabled. TRUE indicates disabled. It has no attributes.
Specifies whether to disable window filtering. TRUE disables window filtering so you can enumerate immersive windows from the desktop. disableWindowFiltering was added in Windows 8 and has no attributes.
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
...
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2011/WindowsSettings">
<disableWindowFiltering>true</disableWindowFiltering>
</asmv3:windowsSettings>
</asmv3:application>
...
</assembly>
Specifies whether the current process is dots per inch (dpi) aware.
Windows 10, version 1607: The dpiAware element is ignored if the dpiAwareness element is present. You can include both elements in a manifest if you want to specify a different behavior for Windows 10, version 1607 than for an earlier version of the operating system.
The following table describes the behavior that results based upon the presence of the dpiAware element and the text that it contains. The text within the element is not case-sensitive.
State of the dpiAware element | Description |
---|---|
Absent | The current process is dpi unaware by default. You can programmatically change this setting by calling the SetProcessDpiAwareness or SetProcessDPIAware function. |
Contains "true" | The current process is system dpi aware. |
Contains "false" | Windows Vista, Windows 7 and Windows 8: The behavior is the same as when the dpiAware is absent. Windows 8.1 and Windows 10: The current process is dpi unaware, and you cannot programmatically change this setting by calling the SetProcessDpiAwareness or SetProcessDPIAware function. |
Contains "true/pm" | Windows Vista, Windows 7 and Windows 8: The current process is system dpi aware. Windows 8.1 and Windows 10: The current process is per-monitor dpi aware. |
Contains "per monitor" | Windows Vista, Windows 7 and Windows 8: The behavior is the same as when the dpiAware is absent. Windows 8.1 and Windows 10: The current process is per-monitor dpi aware. |
Contains any other string | Windows Vista, Windows 7 and Windows 8: The behavior is the same as when the dpiAware is absent. Windows 8.1 and Windows 10: The current process is dpi unaware, and you cannot programmatically change this setting by calling the SetProcessDpiAwareness or SetProcessDPIAware function. |
For more information about dpi awareness settings, see High DPI Desktop Application Development on Windows.
dpiAware has no attributes.
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
...
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
...
</assembly>
Specifies whether the current process is dots per inch (dpi) aware.
The minimum version of the operating system that supports the dpiAwareness element is Windows 10, version 1607. For versions that support the dpiAwareness element, the dpiAwareness overrides the dpiAware element. You can include both elements in a manifest if you want to specify a different behavior for Windows 10, version 1607 than for an earlier version of the operating system.
The dpiAwareness element can contain a single item or a list of comma-separated items. In the latter case, the first (leftmost) item in the list recognized by the operating system is used. In this way, you can specify different behaviors supported in future Windows operating system versions.
The following table describes the behavior that results based upon the presence of the dpiAwareness element and the text that it contains in its leftmost recognized item. The text within the element is not case-sensitive.
dpiAwareness element status: | Description |
---|---|
Element is absent | The dpiAware element specifies whether the process is dpi aware. |
Contains no recognized items | The current process is dpi unaware by default. You can programmatically change this setting by calling the SetProcessDpiAwareness or SetProcessDPIAware function. |
First recognized item is "system" | The current process is system dpi aware. |
First recognized item is "permonitor" | The current process is per-monitor dpi aware. |
First recognized item is "permonitorv2" | The current process uses the per-monitor-v2 dpi awareness context. This item will only be recognized on Windows 10 version 1703 or later. |
First recognized item is "unaware" | The current process is dpi unaware. You cannot programmatically change this setting by calling the SetProcessDpiAwareness or SetProcessDPIAware function. |
For more information about dpi awareness settings supported by this element, see DPI_AWARENESS and DPI_AWARENESS_CONTEXT.
dpiAwareness has no attributes.
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
...
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">
<dpiAwareness>PerMonitorV2, unaware</dpiAwareness>
</asmv3:windowsSettings>
</asmv3:application>
...
</assembly>
Specifies whether GDI scaling is enabled. The minimum version of the operating system that supports the gdiScaling element is Windows 10 version 1703.
The GDI (graphics device interface) framework can apply DPI scaling to primitives and text on a per-monitor basis without updates to the application itself. This can be useful for GDI applications no longer being actively updated.
Non-vector graphics (such as bitmaps, icons, or toolbars) cannot be scaled by this element. In addition, graphics and text appearing within bitmaps dynamically constructed by applications also cannot be scaled by this element. For more information, see Improving the high-DPI experience in GDI based Desktop Apps.
You can programmatically change this setting by calling the SetThreadDpiAwarenessContext or SetProcessDpiAwarenessContext function with DPI_AWARENESS_CONTEXT_UNAWARE_GDISCALED
value.
TRUE indicates that this element is enabled. It has no attributes.
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
...
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2017/WindowsSettings">
<gdiScaling>true</gdiScaling>
</asmv3:windowsSettings>
</asmv3:application>
...
</assembly>
Specifies whether high-resolution-scrolling aware is enabled. TRUE indicates that it is enabled. It has no attributes.
Enables long paths that exceed MAX_PATH in length. This element is supported in Windows 10, version 1607, and later. For more information, see this article.
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
...
<asmv3:application>
<asmv3:windowsSettings xmlns:ws2="http://schemas.microsoft.com/SMI/2016/WindowsSettings">
<ws2:longPathAware>true</ws2:longPathAware>
</asmv3:windowsSettings>
</asmv3:application>
...
</assembly>
Specifies whether printer driver isolation is enabled. TRUE indicates that it is enabled. It has no attributes. Printer driver isolation improves the reliability of the Windows print service by enabling printer drivers to run in processes that are separate from the process in which the print spooler runs. Support for printer driver isolation started in Windows 7 and Windows Server 2008 R2. An app can declare printer driver isolation in its app manifest to isolate itself from the printer driver and improve its reliability. That is, the app won't crash if the printer driver has an error.
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
...
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2011/WindowsSettings">
<printerDriverIsolation>true</printerDriverIsolation>
</asmv3:windowsSettings>
</asmv3:application>
...
</assembly>
Specifies whether ultra-high-resolution-scrolling aware is enabled. TRUE indicates that it is enabled. It has no attributes.
Specifies the identity info of a package with external location for the current application (see Grant package identity by packaging with external location). This element is supported in Windows 10, version 2004, and later versions.
The msix element must be in the namespace urn:schemas-microsoft-com:msix.v1
. It has the attributes shown in the following table.
Attribute | Description |
---|---|
publisher | Describes the publisher information. This value must match the Publisher attribute in the Identity element in the package manifest of your packaged app with external location. |
packageName | Describes the contents of the package. This value must match the Name attribute in the Identity element in the package manifest of your packaged app with external location. |
applicationId | The unique identifier of the application. This value must match the Id attribute in the Application element in the package manifest of your packaged app with external location. |
<?xml version="1.0" encoding="utf-8"?>
<assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1">
<assemblyIdentity version="1.0.0.0" name="Contoso.PhotoStoreApp"/>
<msix xmlns="urn:schemas-microsoft-com:msix.v1"
publisher="CN=Contoso"
packageName="ContosoPhotoStore"
applicationId="ContosoPhotoStore"
/>
</assembly>
Overrides the default heap implementation for the Win32 heap APIs to use.
This element has no attributes.
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
...
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2020/WindowsSettings">
<heapType>SegmentHeap</heapType>
</asmv3:windowsSettings>
</asmv3:application>
...
</assembly>
For IL-only .NET Framework executables, specifies a list of native processor architectures the application is compatible with. Can contain one or more of the following values, separated by spaces:
This element has no attributes.
This element is supported in Windows 11, version 24H2 and later.
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
...
<asmv3:application>
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2024/WindowsSettings">
<supportedArchitectures>amd64 arm64</supportedArchitectures>
</asmv3:windowsSettings>
</asmv3:application>
...
</assembly>
All UAC-compliant apps should have a requested execution level added to the application manifest. Requested execution levels specify the privileges required for an app. For more information, see How User Account Control (UAC) Affects Your Application.
The requested execution level is specified with the level attribute of the requestedExecutionLevel descendent of the trustInfo element. Allowed values for level are:
Value | Description |
---|---|
asInvoker | The application runs at the same permission level as the process that started it. You can elevate the application to a higher permission level by selecting Run as Administrator. |
requireAdministrator | The application runs using administrator permissions. The user who starts the application must be a member of the Administrators group. If the opening process isn't running with administrative permissions, the system prompts for credentials. |
highestAvailable | The application runs at the highest permission level that it can. If the user who starts the application is a member of the Administrators group, this option is the same as level="requireAdministrator" . If the highest available permission level is higher than the level of the opening process, the system prompts for credentials. |
Setting the level to highestAvailable
ensures that the application will run successfully with both users who are members of the Administrators group and those who are not. If the application can only function with administrative access to the system, then marking the app with a requested execution level of requireAdministrator
ensures that the system identifies this program as an administrative app and performs the necessary elevation steps.
By default, the Visual C++ linker embeds a UAC fragment into the manifest of an application with an execution level of asInvoker
.
The requestedExecutionLevel element also has an optional attribute uiAccess. Set this value to true
if you want the application to bypass user interface protection levels and drive input to higher-permission windows on the desktop. Set this attribute to true
only for user interface accessibility applications. Defaults to false
. Additional restrictions from security policy settings may be applied, see User Account Control: Only elevate UIAccess applications that are installed in secure locations. For more information, see Security Considerations for Assistive Technologies.
Specifying requestedExecutionLevel node will disable file and registry virtualization. If you want to utilize File and Registry Virtualization for backward compatibility then omit the requestedExecutionLevel node.
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
The following is an example of an application manifest for an application named MySampleApp.exe. The application consumes the SampleAssembly side-by-side assembly.
<?xml version="1.0" encoding="UTF-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity type="win32" name="MyOrganization.MyDivision.MySampleApp" version="6.0.0.0" processorArchitecture="*" />
<dependency>
<dependentAssembly>
<assemblyIdentity type="win32" name="Proseware.Research.SampleAssembly" version="6.0.0.0" processorArchitecture="*" publicKeyToken="0000000000000000" />
</dependentAssembly>
</dependency>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows 10 and Windows 11 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}" />
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}" />
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}" />
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}" />
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}" />
</application>
</compatibility>
</assembly>
Training
Module
Configure User Account Control - Training
This module introduces how User Account Control works and how you can use UAC-related desktop features to reduce security risks.