Sat, July 29, 2006, 02:30 PM under Windows
You, yes *you*, may not be gearing up to Windows Vista just yet but there is one core security element of Vista that IMO you must understand as soon as possible, and start working for it today on whatever Windows OS you are on. The feature in question is User Account Control. Please follow the links from item 5 here
(it allows me a central place for updating resources).
Now that you've read those, I hope you understand UAC. In essence, when you set up user accounts on Vista, even if you set some of them as administrator, all interactive processes will run as standard user! The benefit is that any malicious code that gets on the user's machine also runs as standard user. If your applications require administrator privileges for some features, they will basically break on Vista (oversimplification aimed to scare you, but essentially true if you choose to ignore understanding UAC).
To work with this security feature, you must understand elevation, shields, virtualisation and security configuration options plus what you need to do programmatically for you applications to run on Vista. So, watch my nugget here
or download it here
to get the full picture...
There is one important bit of UAC that I do not cover in that short video (due to time): manifests. So after you’ve watched the video, come back and continue reading…
Fundamentally, on Vista you should declare that your app is aware of UAC (logo certification requirement). To do that you must embed a manifest in your application. Here are the steps on how to do that for managed applications in Visual Studio 2005 on Windows Vista:
1. Add to your VS2005 C# project this manifest file
with your actual project name). Open the file in notepad and replace
with your actual project name, same for description and Version.
2. Add this rc file
to your project (replacing
with your actual project name and removing the .txt extension). Open it with notepad and change
to your actual project name.
3. Open your project file (csproj) in your favorite XML editor, scroll to the bottom and add/paste the following just before the closing Project element (replacing
with your actual project name):
<prebuildevent>"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\rc.exe" "$(ProjectDir)$(ProjectName).rc"</prebuildevent>
The big clue that this has worked for you, apart from no compilation errors, is that virtualization gets turned off for your app (regardless of the security policy setting, which I show in my nugget
). Try writing to HKLM and watch it fail with the manifest and succeed without.
If you change the
attribute of the
element in the manifest from
, then you'll get the elevation prompt at startup (do this only if your app is explicitly aimed at administrators).
--UPDATE: Also see this