Gavin Stevens's Blog

the ramblings of another developer....

  Home  |   Contact  |   Syndication    |   Login
  34 Posts | 0 Stories | 57 Comments | 212 Trackbacks

News

Archives

Post Categories

I've seen a lot of developers clueless when it comes to UAC in Vista.  The whole point to UAC is give your application the minimum amount of privileges required for it to run.  If you wrote your application, you should have a pretty good idea of what system resources your application needs to access. 

The solution here is not to require your users to "turn off UAC", or to set your application to run in compatibility mode.  This is the biggest reason UAC has gotten such a bad reputation.. its our fault! Most apps shouldn't require full privilege to run (with exceptions of course, depending on the app) Don't claim your application is "Vista-Compliant" because it works if you run it as administrator.  Microsoft is doing a good thing by working to control the privilege an application can have.

This is a good video done by Chris Corio (Windows Security Team) this will give you a good understanding of UAC.

http://www.microsoft.com/emea/msdn/spotlight/sessionh.aspx?videoid=326

The best advice I have is "Run your app as a standard user" see if everything works as standard.  If it doesn't, why?  What resources are you trying to access that a standard user can't have?  Are you storing things on the file system, outside of the users App Data Context?  Are you writing to the registry?  If your creating WCF endpoints you will have to run as an admin.

Microsoft has a good tool for seeing how an app runs and what it accesses under different privilege levels, the Vista Application Compatibility Toolkit this app acts as a startup wrapper around your app to run it in different security modes and find warnings, errors, etc.  It can help you find the parts of your application that are requiring a higher level privilege and help you fix them if necessary.

Take it upon yourself to learn more about UAC, Code Access Security and Vista security.  Vista is a great operating system if people would stop complaining and take a minute to learn why security had to change.  The plague of spyware, malware, adware and the like is being cured... way to go Microsoft!

posted on Friday, August 1, 2008 11:02 AM