The Standard User Analyzer is a tool to help independent software vendors ISVs, IT professionals, and end users to diagnose possible issues in an application when it is running as a stan
Trang 1Testing Application Compatibility with the Standard User Analyzer
What is the Standard User Analyzer?
The Standard User Analyzer is a tool to help independent software vendors (ISVs), IT
professionals, and end users to diagnose possible issues in an application when it is
running as a standard user The Standard User Analyzer is based upon the LUA Predictor
technology, which is part of the Microsoft Application Verifier
How the Standard User Analyzer works
To test application compatibility using the Standard User Analyzer, use the Standard
User Analyzer to launch the application to be tested The Analyzer will monitor the
application’s actions during startup Then close the application The Analyzer then
generates and parses a log for the application You can then view the log file for any
application issues
The Standard User Analyzer can detect the following types of issues:
• File system access issues For example, an application attempting to write to a file
that normally only administrators can access
• System registry access issues For example, an application attempting to write to a
registry key under HKEY_LOCAL_MACHINE, which is a location that normally
only administrators can access
Trang 2• WriteProfile API issues WriteProfile APIs were originally used for 16-bit versions
of Windows but are still popular among some modern applications One example is
the Calculator in Windows XP If the view is changed from Standard to Scientific,
calc.exe calls the WriteProfile API to write into \Windows\win.ini, which is writable only by administrators
• Access token–checking issues If an application explicitly checks for the
“Builtin\Administrators” security identifier (SID) in a user’s access token, the
application most likely will not work for a standard user
• Privilege issues For example, if an application explicitly enables the
SeDebugPrivilege privilege, it will not work for a standard user
• Namespace Issues Lists issues that are caused when an application creates system
objects in a restricted namespace Applications that have this error will not work for a standard user
• Other Objects Lists issues related to accessing objects other than files and registry
keys
Trang 3Demonstration 5: Using the Standard User Analyzer
In this demonstration, you will see how to use the Standard User Analyzer application to
identify potential application issues when running the application on Windows Vista
Key Points
The key point of this demonstration is that:
• The Standard User Analyzer application identifies several potential application
issues You can use this information to fix the application so that it will run on
Windows Vista
Trang 4Improving Security with User Account Control
Introduction
Another important issue to consider when running or developing applications in
Windows Vista is User Account Control, which is a new feature in Windows Vista to
restrict the running of applications with administrator privileges This section provides an
overview of User Account Control and what it means for application developers
Objectives
After completing this section, you will be able to:
• Describe User Account Control
• Explain how to run applications with elevated permissions
• Configure User Account Control settings
• Explain the best practices for developing applications to work with User
Account Control
Trang 5What Is User Account Control?
The goal of User Account Control
The main goal of User Account Control is to reduce the exposure and attack surface of
the operating system by requiring that all users run in standard user mode and by limiting
administrator-level access to authorized processes This limitation minimizes the ability
for users to make changes that could destabilize their computers or inadvertently expose
the network to viruses through undetected malware that has infected their computer
User Account Control features and benefits
User Account Control provides the following features and benefits:
• Standard user privileges Standard User accounts have been given additional
privileges that users require to perform common tasks, without needing administrator
access Windows Vista uses a shield icon throughout the operating system to identify
commands that require administrator privileges
• File system and registry virtualization File and registry virtualization gives an
application its own virtualized view of a resource it is attempting to change using a
copy-on-write strategy
Trang 6• Over-the-Shoulder (OTS) credentials Whenever standard users attempt an
administrative task, such as software installation, they will be prompted for an
administrator password In Windows Vista Beta, when User Account Control
prompts appear, the rest of the screen is darkened The prompts are being displayed
in the Secure Desktop mode, which helps protect the user from unknowingly
allowing a program to run with elevated privileges without their consent
• Admin approval mode This feature allows administrators to perform normal
day-to-day tasks such as checking e-mail or browsing the Web while running with
a standard user token If administrator privileges are needed for an operation, the
administrator will be notified and asked to provide either consent or credentials,
depending on system policy settings
• No need for the Power Users group User Account Control does not utilize the Power User mode because Standard mode users can now perform most common
configuration tasks
• Preventing application-based shatter attacks Running in standard user mode gives
users increased protection against inadvertent system-level damage caused by shatter attacks and malware such as root kits, spyware, and undetectable viruses A shatter
attack is a programming technique that can be used to bypass security restrictions
between processes in a session
Trang 7Running Applications with Elevated Permissions
There are four ways of running an application with elevated permissions:
• Using an application manifest In Windows Vista, the application manifest, an XML
file that describes and identifies the shared and private side-by-side assemblies
that an application should bind to at run time, now includes entries for UAC
application compatibility purposes Administrative applications that include an entry
in the application manifest will prompt the user for permission to access the user’s
access token
• Implement an application compatibility shim An IT professional can mark a legacy
application in their environment without having to make changes to the code The
Application Compatibility Toolkit includes a tool to build the shims
• Select the Run This Program As An Administrator check box on the Compatibility
tab This check box is available on the Compatibility tab under Program Properties
• Run the application as administrator by right-clicking the application executable file
icon and clicking Run As Administrator This is how a user of Windows Vista would
run an application with elevated permissions without permanently changing the
configuration
Trang 8Demonstration 6: Working with User Account Control
In this demonstration, you will see how to how to work with applications that use
different User Account Control settings
Key Points
The key points of this demonstration are that:
• Windows Vista uses file and registry redirection to avoid most issues when
applications try to write to restricted files or registry locations
• When writing applications that only administrators should be able to use, make sure
to mark the application as requiring administrator access
Trang 9Configuring User Account Control Settings
You can manage User Account Control settings by modifying the Group Policy settings
for computers that are members of a domain or by modifying the local security policy for
stand-alone computers The eight Group Policy Object (GPO) settings that can be
configured for User Account Control are listed in the following table
• Prompt for credentials: UAC requires valid administrator credentials before elevating
Prompt for credentials
Detect application
installations and prompt
for elevation
• Enabled: The user is prompted for consent
or credentials when Windows Vista detects
an installer
• Disabled: Application installations will silently fail or fail in a non-deterministic manner
Enabled
Trang 10(continued)
Run all applications in
Admin Approval Mode
• Enabled: Both administrators and standard users will be prompted when attempting to perform administrative operations
• Disabled: UAC is essentially turned off, and the AIS service is disabled from
automatically starting
Enabled
Virtualize file and
registry write failures to
per-user locations
• Enabled: Applications that lack an application compatibility database entry or a requested execution level marking in the application manifest are not UAC compliant
Environments that utilize software that is non-compliant should keep this setting enabled
• Disabled: UAC-compliant applications should not write to protected areas and cause write failures As a result, environments that are utilizing only UAC- compliant applications should disable this setting Non-compliant applications that attempt to write to the Program Files folder
and systemroot will silently fail if this setting
is disabled
Enabled
Elevate only executable
files that are signed and
Switch to the secure
desktop when prompting
for elevation
• Enabled: Displays the UAC elevation prompt on the secure desktop The secure desktop can receive messages only from Windows processes, which eliminates messages from malicious software As a result, consent and credential prompts cannot be spoofed on the secure desktop
• Disabled: The UAC elevation prompt is displayed on the user desktop
Enabled
Admin Approval Mode
for the Built-in
Administrator account
• Enabled: When the built-in Administrator account is used to launch an application, it will be run in Admin Approval Mode
• Disabled: When the built-in Administrator account is used to launch an application, it with a full administrator access token
Disabled for new installations and for upgrades in which the built-in administrator is not the only local administrator on the computer
Enabled for upgrades when the built-in administrator account is the only local administrator
on the computer
Trang 11Best Practices for Developing User Account Control–Compatible
Applications
To develop applications that are User Account Control compliant, implement the
following guidelines during application development
Setup and Saving State
• Perform administrative actions, such as completing the application configuration
processes, as part of the initial setup process, not at first run
• Never write directly to the Windows directory or subdirectories For example, use the
correct methods for installing files such as fonts
• Do not write per-user information or user information to Program Files or Program
directories
• Do not use hard-coded paths in the file system For example, take advantage of the
KnownFolders API and ShGetFolder to find where to write data
• Use MSI 3.1 or ClickOnce to perform application installation and updates Avoid
self-updating code because self-updating code is the largest application compatibility
problem for home user applications
Trang 12Run and test under a limited user account
• Write per-user data to the user profile Place per-user data into the AppData folder in the user profile
• Write per-machine data to the All Users profile
• Write the application so that it does not depend on any administrative APIs For
example, a program that expects to successfully call the SetTokenInformation()
Windows function will fail under a limited user account
Be fast user switching (FUS) aware
• The application’s per-user setup should be performed at first run
• If the per-user settings do not exist at first run, provide options to rebuild them Do
not assume that the setup process took care of the settings
Trang 13Session Summary
The session provided an overview of the major goals and benefits related to developing
applications for Windows Vista The session focused on the new features available in
Windows Vista and an overview of the application compatibility issues for deploying
existing applications that may not be Windows Vista compatible in a corporate
environment
This session described:
• The Windows Vista user interface and how the new user interface will affect
developers
• The characteristics of Windows Vista applications
• How to develop gadgets for the Windows Vista Sidebar
• How to test application compatibility and migrate applications to Windows Vista
• User Account Control and how to develop applications that are User Account Control
compatible
Trang 14Questions and Answers
Trang 16Microsoft NET Framework 3.0
Trang 17real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred Complying with all applicable copyright laws is the responsibility of the user Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation
The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these
manufacturers or the use of the products with any Microsoft technologies The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product Links are provided to third party sites Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites Microsoft is not responsible for webcasting or any other form of transmission received from any linked site Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks,
copyrights, or other intellectual property
© 2006 Microsoft Corporation All rights reserved.
Microsoft, Microsoft Press, Aero, BizTalk, ClearType, Expression, IntelliSense, Internet Explorer, MSDN, MSN, Segoe, Tahoma, Visual Basic, Visual C#, Visual Studio, Visual Web Developer, Windows, Windows Media, Windows Server, Windows Vista, and WinFX are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries
The names of actual companies and products mentioned herein may be the trademarks of their respective owners