When I start my application with administrative permissions (right click on the EXE | Run as administrator), the UAC dialog with an orange or yellow banner appears with the warning that the publisher is unknown. Instead of purchase a certificate, I would like to do it differently. I think there must be possibilities to accomplish that without a purchased certificate. Basically, I want the look and feel when I start, for example, the calc.exe (Calculator in Windows) with administrative permissions. Which options or alternatives do I have?
None!
For the publisher to be known, you application must have a digital signature and the certificate used to sign it must be trusted. The only possibility to achieve it is to buy a digital certificate from a well-known certificate authority.
The digital signature should also contain timestamp. It will keep your application trusted even when the certificate expires. If there's no timestamp on the digital signature, the application will become untrusted again as soon as the certificate expires.
You can create a self-signed digital certificate and sign your application with it. But it won't be trusted. There's a workaround: if users install this certificate into Trusted Root Certificate Authorities or Trusted Publishers, then and only then your application will become trusted, and UAC prompt would have blue background instead of yellow. But it requires users to explicitly express trust to your digital certificate.
So the only solution that requires no steps from the users is to buy a digital certificate.
来源:https://stackoverflow.com/questions/7378661/how-to-get-a-trusted-verified-publisher