Otherwise old prefixes will never get changed (cf. [1] for why this is a bad
thing). I don't think there's any reason the user should be manually modifying
this; in theory it's configurable but in practice there's no way to ask the
user to enter credentials.
[1] https://bugs.winehq.org/show_bug.cgi?id=40613#c39
This patch set, as an alternative approach to advapi32-Token_Integrity_Level,
creates all processes as a limited administrator by default. This doesn't
actually seem to break most applications, apparently since they assume that
their manifest is enough to force them to run as administrator and don't bother
verifying that's what they get, and since we don't actually prevent accessing
low-integrity objects. I'm adding this patch to wine-staging in order to smoke
out any applications that might be broken, as it's still a very risky patch.
