Yes, changing the manifest to
and DNI's configuration
does indeed work. DNI starts as a non-elevated process on reboot, and then immediately re-launches itself elevated (with the consequent UAC prompt to the user). This is the solution we decided upon for our project.
According to the Microsoft documentation, RunOnce is designed specifically for installers that require a reboot and does not suffer the same issue as Run for an elevated privilege process. This is explained in the second reference in my original post. I
haven't actually tried it though.
We're just making our release now. If I have the opportunity in our next development cycle I might look at a patch to make DNI use RunOnce instead of Run. But I'm not promising anything (sorry).