There wouldn't be much point to file permissions if they could be easily bypassed.

如果可以轻松绕过文件权限，就没有多大意义。

You could bypass them if you wrote a kernel driver that accessed disk blocks directly, but then you need to be an Administrator to install kernel drivers anyway.

如果您编写了直接访问磁盘块的内核驱动程序，则可以绕过它们，但是无论如何您都需要成为管理员才能安装内核驱动程序。

At the end of the day, the only way to "bypass" file permissions is to run your program as Administrator.

归根结底，“绕过”文件权限的唯一方法是以管理员身份运行您的程序。

Don't bypass, use "Application Data" directory.

不要绕过，使用“应用程序数据”目录。

Program Files is intended to store files that do not change during run of application. Files stored there should be changed only during installation/update.

程序文件旨在存储在应用程序运行期间不会更改的文件。存储在那里的文件只能在安装/更新期间更改。

Files to be changed during application run (profiles, settings etc.) should be stored "Application Data" directory in users folder.

要在应用程序运行期间更改的文件（配置文件、设置等）应存储在用户文件夹中的“应用程序数据”目录中。

To obtain the path use SHGetFolderPathfunction passing:
CSIDL_APPDATA- to obtain current user "Application Data" directory
CSIDL_COMMON_APPDATA- to obtain all users "Application Data" directory
(and eventually) CSIDL_LOCAL_APPDATA- to obtain current user "Local Application Data" directory which is intended to store informations specific only to local machine that cannot be moved to other machines, in opposition to "Application Data" (also called "Roaming Application Data") where files can be freely moved from machine to machine (i.e. you can preserve them during OS reinstallation).

获取路径使用SHGetFolderPath函数传递：
CSIDL_APPDATA- 获取当前用户的“Application Data”目录
CSIDL_COMMON_APPDATA- 获取所有用户的“Application Data”目录
（并最终）CSIDL_LOCAL_APPDATA- 获取用于存储信息的当前用户“Local Application Data”目录仅针对不能移动到其他机器的本地机器，与“应用程序数据”（也称为“漫游应用程序数据”）相反，其中文件可以在机器之间自由移动（即您可以在操作系统重新安装期间保留它们）。

If your application do really need to alter Program Files directory then asking the user for permission is that what you should do. You can give your application special manifest so it'll try to obtain administrator rights every time it's run. You can also obtain privileges on-the-fly.

如果您的应用程序确实需要更改 Program Files 目录，那么您应该做的是询问用户的权限。您可以为您的应用程序提供特殊清单，以便它在每次运行时尝试获取管理员权限。您还可以即时获得特权。

If you are writing specific application that hardly interferes with the OS, then you can create a service (daemon). Every time the service is started it will obtain privileges given during service registration. For more information see "DLLs, Processes, and Threads -> Services" on MSDN

如果您正在编写几乎不会干扰操作系统的特定应用程序，那么您可以创建一个服务（守护进程）。每次服务启动时，都会获得服务注册时赋予的权限。有关详细信息，请参阅MSDN 上的“DLL、进程和线程 -> 服务”

// EDIT
You can also easily crate a service in .NET (C# is most suitable). Service application can communicate with client application written in other language. But to register a service you will need administrator rights. With this kind of application you must consider all security issues.

// EDIT
您还可以轻松地在 .NET 中创建服务（C# 最合适）。服务应用程序可以与用其他语言编写的客户端应用程序通信。但是要注册服务，您将需要管理员权限。对于这种应用程序，您必须考虑所有安全问题。

Is there anyway to bypass this?

有没有办法绕过这个？

You should not do that. Even if there is a way, then it is a security hole, and will be fixed eventually.

你不应该那样做。即使有办法，那也是一个安全漏洞，最终会被修复。

If your software is running from non-admin account, it should behave properly, and shouldn't try to mess system folders (renaming file in program files is exactly that - potentially damaging the system). That's the whole point of permissions and separation between user and admin - program running from user account should not be able to corrupt or destroy system files, unless administrator permits that.

如果您的软件是从非管理员帐户运行的，它应该运行正常，并且不应该试图弄乱系统文件夹（在程序文件中重命名文件就是这样 - 可能会损坏系统）。这就是用户和管理员之间权限和分离的全部意义 - 从用户帐户运行的程序不应能够损坏或破坏系统文件，除非管理员允许。

So if you can't rename files due to permissions, report "permission denied" to user. Let the user handle situation. Silently bypassing permissions (even if it is possible) is extremely dangerous - eventually some not-very-bright user will kill the system using your software AND blame YOU for his problems.

因此，如果您由于权限无法重命名文件，请向用户报告“权限被拒绝”。让用户处理情况。悄悄绕过权限（即使可能）是极其危险的——最终，一些不太聪明的用户会使用你的软件杀死系统，并将他的问题归咎于你。

As many said before, you shouldn't try to bypass restrictionsimposed by the Operating System.

正如许多人之前所说，您不应该试图绕过操作系统施加的限制。

If your application needs to change files that only the Administrator can change, your program requires Administrator privileges. Now, if you want to consider this, there are some useful APIs to elevate an application's privileges.

如果您的应用程序需要更改只有管理员才能更改的文件，则您的程序需要管理员权限。现在，如果您想考虑这一点，有一些有用的 API 可以提升应用程序的权限。

In Vista/Win7/Server2k8, for instance, you can use the UAC. I'm not citing the specific APIs here because there are different ways to elevate or gain privileges through the UAC. An important thing to note is that UAC relies on the user interaction for granting this, and this is a positive thing :-)

例如，在 Vista/Win7/Server2k8 中，您可以使用UAC。我没有在这里引用特定的 API，因为有不同的方法可以通过 UAC 提升或获得权限。需要注意的重要一点是，UAC依赖于用户交互来授予此权限，这是一件积极的事情:-)

Hopefully, this will guide you, and others as well, to the right direction.

希望这将引导您和其他人走向正确的方向。

If you are asking for yourself because you just want to run this app there are many things you can do. First, you can turn off UAC which as we all agree is a bad idea. But no-one has listed your other options:

如果您问自己是因为您只想运行这个应用程序，那么您可以做很多事情。首先，您可以关闭 UAC，我们都同意这是一个坏主意。但是没有人列出您的其他选项：

• sign on to your machine as Administrator. Not as a user in the Administrators group, but as Administrator. Everything you launch will be elevated.
• open an elevated command prompt and consent once to doing that. Now everything you launch from there will be elevated without a dialog.
• use Scheduled Tasks to run the app under certain specific circumstances (every Tuesday at 10, or every time you log on) and check the box to have it run elevated. You will need to consent to UAC once to set this up, then never again.

• 以管理员身份登录到您的计算机。不是作为管理员组中的用户，而是作为管理员。你启动的一切都会被提升。
• 打开提升的命令提示符并同意一次这样做。现在，您从那里启动的所有内容都将在没有对话框的情况下提升。
• 使用计划任务在某些特定情况下（每周二 10 点或每次登录时）运行应用程序，并选中该框以使其运行提升。您需要同意 UAC 一次才能进行设置，以后再也不同意了。

Off-topic'ish answer but I need somewhere to save this so that I can find it again later.

离题的答案，但我需要在某个地方保存它，以便我以后可以再次找到它。

If you need to work with a specific folder somewhere like 'Program Files' but don't want the UAC prompt every time, one workaround is to take ownership of the folder:

如果您需要使用某个特定文件夹（例如“Program Files”）但不想每次都出现 UAC 提示，则一种解决方法是获取该文件夹的所有权：

1. Copy/paste the following into a new text file:

1. 将以下内容复制/粘贴到新的文本文件中：

takeown /F %1  
icacls %1 /grant %username%:F /t /q

1. Save it as 'letmewrite.bat' or whatever.

2. Get a couple of Explorer windows open so that you can see both the folder you want access to and 'letmewrite.bat'.

3. Drag the folder you want access to onto 'letmewrite.bat'

2. 将其另存为“letmewrite.bat”或其他格式。

3. 打开几个资源管理器窗口，以便您可以看到要访问的文件夹和“letmewrite.bat”。

4. 将您要访问的文件夹拖到“letmewrite.bat”上

Just completely turn off UAC. I have mine turned off, and I have no security issues whatsoever since I am quite careful and don't execute a variety of programs or even download anything, executable.

只需完全关闭UAC。我已经关闭了，我没有任何安全问题，因为我非常小心，不执行各种程序，甚至不下载任何可执行文件。