I have developed a winform app that I am deploying via clickonce. I have signed the manifest and the executable with a Thawte certificate and it is deployed via the internet. My understanding was that as long as it is signed and the certificate is installed on the client computer (which it is) then you could enable full trust for the app even if the user is not an administrator and they wouldn't be prompted for administrator approval.
The install and updates still prompt though.
Resolved this.
You need to install your own certificate as 'Trusted Publisher' and the Thawte certificate as 'Intermmediate Certification Authority'. Then, the most important step which I couldn't seem to find documented anywhere, right click your project in VS, go to the 'Publish' tab, click 'Options', then 'Manifests', then 'Use application manifest for trust information'
Abracadabra - magic click once fairy dust is sprinkled all over your app.
Hope this helps someone.