36 Session 1: Introduction to Windows Vista Application Development Testing Application Compatibility with the Standard User Analyzer What is the Standard User Analyzer? The Standard User Analyzer is a tool to help independent software vendors (ISVs), IT professionals, and end users to diagnose possible issues in an application when it is running as a standard user. The Standard User Analyzer is based upon the LUA Predictor technology, which is part of the Microsoft Application Verifier. How the Standard User Analyzer works To test application compatibility using the Standard User Analyzer, use the Standard User Analyzer to launch the application to be tested. The Analyzer will monitor the application’s actions during startup. Then close the application. The Analyzer then generates and parses a log for the application. You can then view the log file for any application issues. The Standard User Analyzer can detect the following types of issues: • File system access issues. For example, an application attempting to write to a file that normally only administrators can access. • System registry access issues. For example, an application attempting to write to a registry key under HKEY_LOCAL_MACHINE, which is a location that normally only administrators can access. Session 1: Introduction to Windows Vista Application Development 37 • WriteProfile API issues. WriteProfile APIs were originally used for 16-bit versions of Windows but are still popular among some modern applications. One example is the Calculator in Windows XP. If the view is changed from Standard to Scientific, calc.exe calls the WriteProfile API to write into \Windows\win.ini, which is writable only by administrators. • Access token–checking issues. If an application explicitly checks for the “Builtin\Administrators” security identifier (SID) in a user’s access token, the application most likely will not work for a standard user. • Privilege issues. For example, if an application explicitly enables the SeDebugPrivilege privilege, it will not work for a standard user. • Namespace Issues. Lists issues that are caused when an application creates system objects in a restricted namespace. Applications that have this error will not work for a standard user. • Other Objects. Lists issues related to accessing objects other than files and registry keys. 38 Session 1: Introduction to Windows Vista Application Development Demonstration 5: Using the Standard User Analyzer In this demonstration, you will see how to use the Standard User Analyzer application to identify potential application issues when running the application on Windows Vista. Key Points The key point of this demonstration is that: • The Standard User Analyzer application identifies several potential application issues. You can use this information to fix the application so that it will run on Windows Vista. Session 1: Introduction to Windows Vista Application Development 39 Improving Security with User Account Control Introduction Another important issue to consider when running or developing applications in Windows Vista is User Account Control, which is a new feature in Windows Vista to restrict the running of applications with administrator privileges. This section provides an overview of User Account Control and what it means for application developers. Objectives After completing this section, you will be able to: • Describe User Account Control. • Explain how to run applications with elevated permissions. • Configure User Account Control settings. • Explain the best practices for developing applications to work with User Account Control. 40 Session 1: Introduction to Windows Vista Application Development What Is User Account Control? The goal of User Account Control The main goal of User Account Control is to reduce the exposure and attack surface of the operating system by requiring that all users run in standard user mode and by limiting administrator-level access to authorized processes. This limitation minimizes the ability for users to make changes that could destabilize their computers or inadvertently expose the network to viruses through undetected malware that has infected their computer. User Account Control features and benefits User Account Control provides the following features and benefits: • Standard user privileges. Standard User accounts have been given additional privileges that users require to perform common tasks, without needing administrator access. Windows Vista uses a shield icon throughout the operating system to identify commands that require administrator privileges. • File system and registry virtualization. File and registry virtualization gives an application its own virtualized view of a resource it is attempting to change using a copy-on-write strategy. Session 1: Introduction to Windows Vista Application Development 41 • Over-the-Shoulder (OTS) credentials. Whenever standard users attempt an administrative task, such as software installation, they will be prompted for an administrator password. In Windows Vista Beta, when User Account Control prompts appear, the rest of the screen is darkened. The prompts are being displayed in the Secure Desktop mode, which helps protect the user from unknowingly allowing a program to run with elevated privileges without their consent. • Admin approval mode. This feature allows administrators to perform normal day-to-day tasks such as checking e-mail or browsing the Web while running with a standard user token. If administrator privileges are needed for an operation, the administrator will be notified and asked to provide either consent or credentials, depending on system policy settings. • No need for the Power Users group. User Account Control does not utilize the Power User mode because Standard mode users can now perform most common configuration tasks. • Preventing application-based shatter attacks. Running in standard user mode gives users increased protection against inadvertent system-level damage caused by shatter attacks and malware such as root kits, spyware, and undetectable viruses. A shatter attack is a programming technique that can be used to bypass security restrictions between processes in a session. 42 Session 1: Introduction to Windows Vista Application Development Running Applications with Elevated Permissions There are four ways of running an application with elevated permissions: • Using an application manifest. In Windows Vista, the application manifest, an XML file that describes and identifies the shared and private side-by-side assemblies that an application should bind to at run time, now includes entries for UAC application compatibility purposes. Administrative applications that include an entry in the application manifest will prompt the user for permission to access the user’s access token. • Implement an application compatibility shim. An IT professional can mark a legacy application in their environment without having to make changes to the code. The Application Compatibility Toolkit includes a tool to build the shims. • Select the Run This Program As An Administrator check box on the Compatibility tab. This check box is available on the Compatibility tab under Program Properties. • Run the application as administrator by right-clicking the application executable file icon and clicking Run As Administrator. This is how a user of Windows Vista would run an application with elevated permissions without permanently changing the configuration. Session 1: Introduction to Windows Vista Application Development 43 Demonstration 6: Working with User Account Control In this demonstration, you will see how to how to work with applications that use different User Account Control settings. Key Points The key points of this demonstration are that: • Windows Vista uses file and registry redirection to avoid most issues when applications try to write to restricted files or registry locations. • When writing applications that only administrators should be able to use, make sure to mark the application as requiring administrator access. 44 Session 1: Introduction to Windows Vista Application Development Configuring User Account Control Settings You can manage User Account Control settings by modifying the Group Policy settings for computers that are members of a domain or by modifying the local security policy for stand-alone computers. The eight Group Policy Object (GPO) settings that can be configured for User Account Control are listed in the following table. Setting Options Default Value Behavior of the elevation prompt for administrators in Admin Approval Mode. • No prompt: The elevation occurs automatically and silently. • Prompt for consent: UAC asks for consent before elevating. • Prompt for credentials: UAC requires valid administrator credentials before elevating. Prompt for consent Behavior of the elevation prompt for standard users. • No prompt: No elevation prompt is presented, and the user cannot perform administrative tasks without using Run As Administrator or by logging on with an administrator account. • Prompt for credentials: UAC requires valid administrator credentials before elevating. Prompt for credentials Detect application installations and prompt for elevation. • Enabled: The user is prompted for consent or credentials when Windows Vista detects an installer. • Disabled: Application installations will silently fail or fail in a non-deterministic manner. Enabled Session 1: Introduction to Windows Vista Application Development 45 (continued) Setting Options Default Value Run all applications in Admin Approval Mode. • Enabled: Both administrators and standard users will be prompted when attempting to perform administrative operations. • Disabled: UAC is essentially turned off, and the AIS service is disabled from automatically starting. Enabled Virtualize file and registry write failures to per-user locations. • Enabled: Applications that lack an application compatibility database entry or a requested execution level marking in the application manifest are not UAC compliant. Environments that utilize software that is non-compliant should keep this setting enabled. • Disabled: UAC-compliant applications should not write to protected areas and cause write failures. As a result, environments that are utilizing only UAC- compliant applications should disable this setting. Non-compliant applications that attempt to write to the Program Files folder and systemroot will silently fail if this setting is disabled. Enabled Elevate only executable files that are signed and validated. • Enabled: Only signed executable files will run. • Disabled: Both signed and unsigned code will be run. Disabled Switch to the secure desktop when prompting for elevation. • Enabled: Displays the UAC elevation prompt on the secure desktop. The secure desktop can receive messages only from Windows processes, which eliminates messages from malicious software. As a result, consent and credential prompts cannot be spoofed on the secure desktop. • Disabled: The UAC elevation prompt is displayed on the user desktop. Enabled Admin Approval Mode for the Built-in Administrator account. • Enabled: When the built-in Administrator account is used to launch an application, it will be run in Admin Approval Mode. • Disabled: When the built-in Administrator account is used to launch an application, it with a full administrator access token. Disabled for new installations and for upgrades in which the built-in administrator is not the only local administrator on the computer. Enabled for upgrades when the built-in administrator account is the only local administrator on the computer. [...]... applications for Windows Vista The session focused on the new features available in Windows Vista and an overview of the application compatibility issues for deploying existing applications that may not be Windows Vista compatible in a corporate environment This session described: • The Windows Vista user interface and how the new user interface will affect developers • The characteristics of Windows Vista. .. programming model for the Microsoft Windows operating system .NET Framework 3.0 builds on the foundation of NET Framework 2.0 and adds new technologies such as Windows Communication Foundation, Windows Workflow Foundation, and CardSpace .NET Framework 3.0 is installed with the Microsoft Windows Vista operating system and forms the core component for developing applications for Windows Vista Objectives... Windows Vista applications • How to develop gadgets for the Windows Vista Sidebar • How to test application compatibility and migrate applications to Windows Vista • User Account Control and how to develop applications that are User Account Control compatible Session 1: Introduction to Windows Vista Application Development Questions and Answers 49 Session 2: Introduction to Microsoft NET Framework... information online The NET Framework 3.0 will be shipped as part of Windows Vista At the same time, Microsoft will make NET Framework 3.0 available for Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 4 Session 2: Introduction to Microsoft NET Framework 3.0 Technologies The technologies included with NET Framework 3.0 are described in the following table: Technology Description Windows. .. Foundation Provides classes for building next-generation smartclient applications that combine UI, documents, and media (WPF, formerly code-named Avalon) Windows Communication Foundation (WCF, formerly code-named Indigo) Windows Workflow Foundation (WF) Windows CardSpace (WCS) (formerly code-named InfoCard) Microsoft NET Framework 2.0 Offers a unified programming model and runtime for building service-oriented... directly to the Windows directory or subdirectories For example, use the correct methods for installing files such as fonts • Do not write per-user information or user information to Program Files or Program directories • Do not use hard-coded paths in the file system For example, take advantage of the KnownFolders API and ShGetFolder to find where to write data • Use MSI 3.1 or ClickOnce to perform application... Framework 3.0 Programming Model The Microsoft NET Framework 3.0 (formerly WinFX®), is the new managed code programming model for Windows It combines the power of the NET Framework 2.0 components with four new technologies: Windows Presentation Foundation (WPF), Windows Communication Foundation (WCF), Windows Workflow Foundation (WF), and Windows CardSpace (WCS) Use the NET Framework 3.0 to build applications.. .46 Session 1: Introduction to Windows Vista Application Development Best Practices for Developing User Account Control–Compatible Applications To develop applications that are User Account Control compliant, implement the following guidelines during application development Setup and Saving State • Perform administrative actions, such as completing the... successfully call the SetTokenInformation() Windows function will fail under a limited user account Be fast user switching (FUS) aware • The application’s per-user setup should be performed at first run • If the per-user settings do not exist at first run, provide options to rebuild them Do not assume that the setup process took care of the settings 48 Session 1: Introduction to Windows Vista Application Development... compatibility problem for home user applications Session 1: Introduction to Windows Vista Application Development 47 Run and test under a limited user account • Write per-user data to the user profile Place per-user data into the AppData folder in the user profile • Write per-machine data to the All Users profile • Write the application so that it does not depend on any administrative APIs For example, a . • The Windows Vista user interface and how the new user interface will affect developers. • The characteristics of Windows Vista applications. • How to develop gadgets for the Windows Vista. Framework 3.0 is installed with the Microsoft Windows Vista operating system and forms the core component for developing applications for Windows Vista. Objectives After completing this session,. information online. The .NET Framework 3.0 will be shipped as part of Windows Vista. At the same time, Microsoft will make .NET Framework 3.0 available for Windows XP Service Pack 2 and Windows