Currently, the product works without this access on modern versions of Windows purely because the OS activates UAC virtualisation for the re7.exe process, so any writes to protected areas of the hard disk or registry get redirected.

However, the product should not attempt to do this. Allowing users to write to program directories should never be a requirement, especially in today's world of ransomware and increasing prevalence and complexity of virus / malware attacks. Once a business user can write to a directory from which they can also execute programs, the business has a serious security problem.

By extension, the current version of the Outlook add-in (RE7.96.6401.4) will still not work by default on a secure system, because the OS doesn't activate UAC virtualisation for Outlook (this is expected; Outlook is a modern application which does not in itself require it). Unfortunately, to perform a login to The Raiser's Edge, the RE7 Outlook add-in requires write access to the SysDB directory within the program directory, and fails to perform the login if this access is not available. Consequently, the only way to get it to work is to enable UAC virtualisation for the outlook.exe process itself.