Vista: User Account Control

Sat, July 29, 2006, 02:30 PM under Windows | Vista | UAC
You, yes *you*, may not be gearing up to Windows Vista just yet but there is one core security element of Vista that IMO you must understand as soon as possible, and start working for it today on whatever Windows OS you are on. The feature in question is User Account Control. Please follow the links from item 5 here (it allows me a central place for updating resources).

Now that you've read those, I hope you understand UAC. In essence, when you set up user accounts on Vista, even if you set some of them as administrator, all interactive processes will run as standard user! The benefit is that any malicious code that gets on the user's machine also runs as standard user. If your applications require administrator privileges for some features, they will basically break on Vista (oversimplification aimed to scare you, but essentially true if you choose to ignore understanding UAC).

To work with this security feature, you must understand elevation, shields, virtualisation and security configuration options plus what you need to do programmatically for you applications to run on Vista. So, watch my nugget here or download it here to get the full picture...

There is one important bit of UAC that I do not cover in that short video (due to time): manifests. So after you’ve watched the video, come back and continue reading…

Fundamentally, on Vista you should declare that your app is aware of UAC (logo certification requirement). To do that you must embed a manifest in your application. Here are the steps on how to do that for managed applications in Visual Studio 2005 on Windows Vista:

1. Add to your VS2005 C# project this manifest file (replacing MyProjectNamewith your actual project name). Open the file in notepad and replace MyProjectNamewith your actual project name, same for description and Version.
2. Add this rc file to your project (replacing MyProjectName with your actual project name and removing the .txt extension). Open it with notepad and change MyProjectName to your actual project name.
3. Open your project file (csproj) in your favorite XML editor, scroll to the bottom and add/paste the following just before the closing Project element (replacing MyProjectNamewith your actual project name):
<propertygroup>
<win32resource>MyProjectName.res</win32resource>
</propertygroup>
<propertygroup>
<prebuildevent>"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\rc.exe" "$(ProjectDir)$(ProjectName).rc"</prebuildevent>
</propertygroup>

4. Rebuild!

The big clue that this has worked for you, apart from no compilation errors, is that virtualization gets turned off for your app (regardless of the security policy setting, which I show in my nugget). Try writing to HKLM and watch it fail with the manifest and succeed without.

If you change the level attribute of the requestedExecutionLevel element in the manifest from asInvoker to requireAdministrator, then you'll get the elevation prompt at startup (do this only if your app is explicitly aimed at administrators).
--
UPDATE: Also see this
Tuesday, April 01, 2008 9:39:00 PM (Pacific Standard Time, UTC-08:00)
I watched the video and I like your explanation a lot. Thank you.
Thursday, October 16, 2008 5:48:00 AM (Pacific Daylight Time, UTC-07:00)
I presume you meant to say "Try writing to HKLM and watch it fail without the manifest and succeed with."
Anonymous
Friday, January 23, 2009 7:28:00 AM (Pacific Standard Time, UTC-08:00)
no, anonymous, his original statement is correct: if you have a manifest, then your app will FAIL to write to HKLM, otherwise it will use virtualization, something you want to avoid at all costs.
Anonymous
Comments are closed.