Secondary File Filters are complicated to set up, but well worth it, if you understand how they work. This topic will attempt to explain how they work and give A Secondary File filter addresses situations where the intended target is not the primary executable file, such as RunDll.exe, but is rather a secondary file specified within the command line.
This document gives you a working example of how they can be used. You can create application filters that are based on the applications file target which is taken from the command line.to use Secondary File filters.
MSI File Example
If you want to elevate .msi files that are in a network share, you cannot use a commandline filter because the following syntax does not work:
"\\SERVER\Share(WILDCARD).msi"
If instead you tried to use a commandline command line filter, then you would have to specify each .msi file explicitly and then create several individual elevation policies. The tedium of doing this would ensure that this would never happen.*NOTE: *You could just have a commandline as policies–an extremely tedious task. Or you could create a commandline like \\SERVER\Share\ which , but this would then elevate anything in the share folder, but if you are specifically only wanting . To target and elevate only .msi files efficiently, the best option would be solution is to use the Secondary File Filter.By using a secondary file filter, you target the msiexec.exe (the actual application that launches the .msi files) and then use a secondary file filter to limit the scope.
A secondary file filter is a file filter that takes another filter as a parameter and uses it to filter the second - half of the command-line. For example if the commandline is "msiexec.exe \\SERVER\Share\new_program.msi," then the secondary file filter only checks the only the "\\SERVER\Share\new_program.msi" parameter against the filter it references.
For an example of a secondary file Secondary File filter for use with msiexec and a file share containing msi files to be elvated, go to Elevate MSI files on the network share and see the alternative solution under http://portal.arellia.com/wiki/display/KB/MSI+Files+not+elevated+by+Network+Share+Elevation+Policy