When IE is in Protected Mode on Windows Vista, ActiveX controls running in the IE process cannot install updates themselves. This is because IE and ActiveX controls do not have write access to most locations in the file system or registry under Protected Mode. As a result, it’s best to use a separate executable to download and install the update. You can further protect users against “man-in-the-middle” attacks by using an SSL connection to download updates. For more information on Protected Mode see the technical article Understanding and Working in Protected Mode.

Similar to the initial install process, your executable will need administrative privileges to install updates for all users on the machine.  To request administrative privileges on Windows Vista, create an application manifest for your executable with the following requested execution level:

<requestedExecutionLevel
level=”requireAdministrator”/>

Note that Windows Vista will see the requested execution level and display a User Account Control (UAC) dialog so the user can elevate the update executable out of Protected Mode.