Tip

Introduction to Vista's user account control (UAC) for developers

Yuval Shavit, Associate Editor
UAC Tips for developers
1. Overview of UAC for developers
2. What is UAC?
3. Elevating privileges correctly
4. Writing installers with UAC
In order to develop programs to run under Vista's user access control (UAC), it's important to understand what it is. UAC, which users know as the annoying prompt that pops up before they can run privileged programs, is intended to bridge the gap between the old, Windows XP security model and Vista's more robust model, said Crispin Cowan, senior project manager at Microsoft's UAC team. This tip, based on his talk at PDC in October, will explain UAC in more depth and show you why it's important not to ignore it or assume users will just turn it off.

You may want to check out our tips on how to elevate UAC privileges correctly in Vista and how to write installers with UAC, both of which are also based on Cowan's talk.

In the days of Windows XP, all users were by default administrators on their machines. This gave developers a lot of flexibility, but it also meant that malware could work without users knowing that anything was happening. Starting with Vista, Microsoft is encouraging people to use computers in standard user mode as much as possible, and even administrator-level users operate with standard user permissions by default. If a program needs administrator privileges, Windows pops up the UAC prompt to elevate it. In essence, Vista has replaced the administrator user mode with a standard user mode that's allowed to temporarily elevate to administrator.

UAC is meant to be a transitional system in Vista for applications that were written for Windows XP, Cowan said. In fact, it's disabled in 64-bit versions of Windows; the reasoning is that developers who are advanced enough to write 64-bit code shouldn't need the "training wheels" UAC provides, Cowan said. It's also not a good idea to ignore UAC and assume that users will turn it off, he said: contrary to conventional wisdom, about 88% of Vista users keep UAC on, according to Microsoft's customer usage data.

You're also going to be under pressure from competitors to eliminate UAC prompts. The number of unique applications that cause UAC prompts is going down, from almost 800,000 in August 2007 to fewer than 200,000 a year later, Cowan said.

The best approach to UAC is to write programs that don't need it. In fact, some large enterprises require you to write programs that work in standard user mode, Cowan said. "If your app doesn't work as standard users, they are not your customer," he said.

Elevating to administrator levels makes you a target for malware, Cowan said. If your code has vulnerabilities but runs in standard user mode, hackers won't be able to use it to gain access to the rest of the machine, so they're more likely to find another program that can gain them that access; if your code has vulnerabilities but runs in administrator mode, it is that other program.

You can ensure your code runs in standard user mode by putting marking your manifest with "asInvoker" and staying away from what Cowin called "the tender bits" of the OS, like DLLs and registry keys. It's often acceptable to read such resources, but opening them in read-write mode will often trigger a UAC prompt, Cowin said; be more specific than GENERIC_ALL when specifying access masks.

Yuval Shavit is the associate editor for searchWinDevelopment.com. Email Yuval to tell him what you thought about these tips. These tips are based on a talk by Crispin Cowan, product manage for Vista's UAC team, which he gave at Microsoft PDC. The talk, "Windows 7: Best Practices for Developing Windows Standard User" is available online.

This was first published in December 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.