Without being a member of the windows build team you only have two options
- Start your program from another program that was already running that has administrator privileges
- Make it so your update process does not require administrative privileges.
The only real way to perform #1 is to have a windows service that runs in the background and executes the downloaded update package as an administrative user, this process is hard to do "right" without leaving security holes in the end users system that malware (or users that want to get around IT's restrictions) could exploit.
Option #2 is the better option, and is what many popular software packages use. The way to accomplish this is to either change the permissions of your folder inside ProgramFiles
to allow the Authenticated Users
group to have write privileges. This is not the optimal solution but likely the easiest to implement. Another way to accomplish this is install the updateable resources in to a folder that your user has write access to by default, for example the %LocalAppData%
folder (which is what Chrome does (I think) and any applications deployed with ClickOnce)