Not quite, but you can do the opposite—you can dropprivileges if you already have them. So, you can have your program start out running as an Administrator, using one of the methods listed by Kate Gregory. Then, drop your unneeded privileges; see Dropping privileges in C++ on Windowsfor how to do that.

不完全是，但你可以做相反的事情——如果你已经拥有特权，你可以放弃它们。因此，您可以使用Kate Gregory列出的方法之一让您的程序以管理员身份开始运行。然后，放弃你不需要的特权；有关如何执行此操作，请参阅在 Windows 上删除 C++ 中的权限。

If you want the application to always elevate, you can give it a manifest, either by building one in (not compiling technically) or by putting an external manifest in the same folder as the exe. If you want to decide, as a person, to run it elevated, you right click the exe or short cut and choose Run As Administrator. If you are launching it from code, then as @vcsjones comments, you use the runasverb when you launch that process. For example:

如果您希望应用程序始终提升，您可以通过在其中构建一个清单（不进行技术编译）或将外部清单放在与 exe 相同的文件夹中，为它提供一个清单。如果您想决定以个人身份运行它，请右键单击 exe 或快捷方式并选择以管理员身份运行。如果您是从代码启动它，那么正如@vcsjones 所评论的那样，您runas在启动该进程时使用动词。例如：

ShellExecute( NULL, 
    "runas",  
    "c:\windows\notepad.exe",  
    " c:\temp\report.txt",     
    NULL,                        // default dir 
    SW_SHOWNORMAL  
); 

You can elevate a process only during its creation. When a process already runs, there's no way to change its security token: it either runs elevated or not.

您只能在流程创建期间提升流程。当进程已经运行时，无法更改其安全令牌：它要么运行提升，要么不运行。

If your application needs to perform an administrative task, and it usually runs non-elevated, you have to create another .exe which will request elevation with its manifest. To start a process elevated, you have to use ShellExecuteor ShellExecuteExfunction. From your main process you will need a way to pass the commands to that new process that will run elevated.

如果您的应用程序需要执行管理任务，并且它通常以非提升方式运行，则您必须创建另一个 .exe，它将通过其清单请求提升。要启动提升的进程，您必须使用ShellExecute或ShellExecuteEx运行。从您的主进程中，您需要一种将命令传递给将运行提升的新进程的方法。

For more information about UAC, read Designing UAC Applications for Windows Vistaseries.

有关 UAC 的更多信息，请阅读Designing UAC Applications for Windows Vista系列。

Add a manifest file into your EXE as described here.

如此处所述，将清单文件添加到您的 EXE 中。

http://msdn.microsoft.com/en-us/library/bb756929.aspx

http://msdn.microsoft.com/en-us/library/bb756929.aspx

Your process (and threads) have a token assinged to them. That token already have all your groups set up. Under UAC, the Administrator group is disabled. UAC will remove that disabled group so you end up with a full administrator token.

您的进程（和线程）有一个分配给它们的令牌。该令牌已经设置了您的所有组。在 UAC 下，管理员组被禁用。UAC 将删除该禁用组，因此您最终会获得完整的管理员令牌。

To acheive the same, you must have the TCB priviledge. In other words, to elevate a process at runtime, you will need help from a process running under the SYSTEM account, and Microsoft isn't providing one, nor an API to control the current UAC implementation. Otherwise, it would defeat the purpose.

要实现相同的目标，您必须拥有 TCB 特权。换句话说，要在运行时提升进程，您将需要在 SYSTEM 帐户下运行的进程的帮助，而 Microsoft 既没有提供，也没有提供 API 来控制当前的 UAC 实现。否则，就达不到目的了。

For the sake of completness, there is a whitelist of process that can perform some elevated operations without prompting. In short, your executable needs :

为了完整起见，有一个进程白名单，可以在没有提示的情况下执行一些提升的操作。简而言之，您的可执行文件需要：

• To be signed by Microsoft
• To perform predefined operations, like with IFileOperation

• 由微软签署
• 执行预定义的操作，如 IFileOperation

The best explanation I found is this hack. It has been fixed since then, but is sheds some light on the whole thing.

我找到的最好的解释是这个 hack。从那以后它已经被修复，但它揭示了整个事情。