We have switched on 'Sign the assembly' for each project in a solution, which means everything is signed automatically using our certificate. Unfortunately, UAC don't seem to recognise this method of signing.
To make UAC see the signature on the binaries, we run signtool.exe in a post-build step, using the same code signing certificate that VS has already used to sign the assemblies.
Is it necessary to run signtool like this, or is there a way to get VS to sign the .EXE files properly? It seems strange that it would sign them in a way that is incompatible with UAC (and in fact Windows Explorer doesn't see the signature unless we use the signtool method).