A system for providing application services in a computing environment having both user-mode processes and privileged-mode processes. An agent executes in privileged mode and exposes an interface to user-mode processes. A user-mode component is provided with an interface configured to access the agent's exposed interface. A configuration component specifies a list of installable code components that are authorized for installation, wherein the agent will only execute privilege mode functions in response to accesses by the user-mode code component when the installable code component is represented on the list.