It should be something like
Code:
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator"/>
</requestedPrivileges>
within the security container, as you can't just set the file unrestricted. The execution level has to be requested and UAC sets the file unrestricted after the user acknowledges it.
But that may not work as well. Last time I played around with it for my own updater, Vista just ignored the manifest file as long as it was not embedded into the executable itself. Microsoft delivers a file called mt.exe with their SDK which is able to stream the manifest into the application.
Another option is to call UAC from within your application when it is really needed. You can get an example here:
http://www.codeproject.com/KB/vista-...Elevation.aspx
And the easiest solution is to not write to the program directory at all :P But EQ2 has to be outside the \program files directories as well.