Application Trust Levels
Depending on which certificate store contains the matching root certificate, the application is assigned one of the following trust levels:
Privileged trust. The application has full access to the system resources. The certificate chain maps to a root certificate in the Privileged Execution Trust Authorities certificate store. It is recommended that the application be installed with the SECROLE_MANAGER role.
If the restricted or standard application security configuration is implemented, applications assigned the privileged trust level must be signed with a privileged certificate, usually a Mobile2Market or mobile operator privileged certificate.
For more information about system resources accessible by only applications that are assigned the privileged trust level, see Restricted System Resources (SP Only).
Unprivileged trust. The certificate chain maps to a root certificate in the Unprivileged Execution Trust Authorities certificate store. It is recommended that the application be installed with the SECROLE_USER_AUTHENTICATED role.
If the restricted application security configuration is implemented, applications assigned the unprivileged trust level must be signed with a Mobile2Market unprivileged certificate. For more information about Mobile2Market certificates, see https://www.microsoft.com/mobile/developer.
If the Privileged Execution Trust Authorities or the Unprivileged Execution Trust Authorities certificate store does not contain a matching root certificate, the application is considered unsigned. In a two-tier security model, if the Unsigned Applications policy is set to allow unsigned applications to run, the application is assigned the unprivileged trust level.
See Also
Application Security | Security Policies and Roles | Security Policy Settings
Last updated on Friday, April 22, 2005
© 2005 Microsoft Corporation. All rights reserved.
Send feedback on this topic to the authors.