Application Trust Levels

Depending on which certificate store contains the matching root certificate, the application is assigned one of the following trust levels:

• Privileged trust. The application has full access to the system resources. The certificate chain maps to a root certificate in the Privileged Execution Trust Authorities certificate store. It is recommended that the application be installed with the SECROLE_MANAGER role.

  If the restricted or standard application security configuration is implemented, applications assigned the privileged trust level must be signed with a privileged certificate, usually a Mobile2Market or mobile operator privileged certificate.

• Unprivileged trust. The certificate chain maps to a root certificate in the Unprivileged Execution Trust Authorities certificate store. It is recommended that the application be installed with the SECROLE_USER_AUTHENTICATED role.

  If the restricted application security configuration is implemented, applications assigned the unprivileged trust level must be signed with a Mobile2Market unprivileged certificate. For more information about Mobile2Market certificates, see https://www.microsoft.com/mobile/developer.

If the Privileged Execution Trust Authorities or the Unprivileged Execution Trust Authorities certificate store does not contain a matching root certificate, the application is considered unsigned. In a two-tier security model, if the Unsigned Applications policy is set to allow unsigned applications to run, the application is assigned the unprivileged trust level.

See Also

Application Security | Security Policies and Roles | Security Policy Settings

Send feedback on this topic to the authors.

© 2005 Microsoft Corporation. All rights reserved.