> Once the task is complete, the token is destroyed.
It's less granular than a task though, it's an execution context. If you're running Notepad++ and it wants to update, it requires an elevation. The installer is now running in an admin context and can do whatever it wants, once it's finished installing it usually asks if you want to launch Notepad++ again. At that point the installer running in the admin context can launch Notepad++ within that admin context.
Thus there's a potential for the admin context to persist indefinitely.
In my mind, tasked based elevation is more granular. Something like "I need to write to the program files directory" and not a carte blanche "gimmie admin access to do whatever the hell I want".
It's less granular than a task though, it's an execution context. If you're running Notepad++ and it wants to update, it requires an elevation. The installer is now running in an admin context and can do whatever it wants, once it's finished installing it usually asks if you want to launch Notepad++ again. At that point the installer running in the admin context can launch Notepad++ within that admin context.
Thus there's a potential for the admin context to persist indefinitely.
In my mind, tasked based elevation is more granular. Something like "I need to write to the program files directory" and not a carte blanche "gimmie admin access to do whatever the hell I want".