Introduction to Vista's user account control (UAC) for developers

Vista's new security model includes the user account control (UAC) prompt, which users know as the confirmation dialog box that pops up before applications can gain privileged access to the operating system. Learn what UAC is, why Microsoft included it in its latest version of Windows and how you can develop programs that work well with it.

UAC Tips for developers
1. Overview of UAC for developers
2. What is UAC?
3. Elevating privileges correctly
4. Writing installers with UAC
In order to develop programs to run under Vista's user access control (UAC), it's important to understand what it is. UAC, which users know as the annoying prompt that pops up before they can run privileged programs, is intended to bridge the gap between the old, Windows XP security model and Vista's more robust model, said Crispin Cowan, senior project manager at Microsoft's UAC team. This tip, based on his talk at PDC in October, will explain UAC in more depth and show you why it's important not to ignore it or assume users will just turn it off.

You may want to check out our tips on how to elevate UAC privileges correctly in Vista and how to write installers with UAC, both of which are also based on Cowan's talk.

In the days of Windows XP, all users were by default administrators on their machines. This gave developers a lot of flexibility, but it also meant that malware could work without users knowing that anything was happening. Starting with Vista, Microsoft is encouraging people to use computers in standard user mode as much as possible, and even administrator-level users operate with standard user permissions by default. If a program needs administrator privileges, Windows pops up the UAC prompt to elevate it. In essence, Vista has replaced the administrator user mode with a standard user mode that's allowed to temporarily elevate to administrator.

UAC is meant to be a transitional system in Vista for applications that were written for Windows XP, Cowan said. In fact, it's disabled in 64-bit versions of Windows; the reasoning is that developers who are advanced enough to write 64-bit code shouldn't need the "training wheels" UAC provides, Cowan said. It's also not a good idea to ignore UAC and assume that users will turn it off, he said: contrary to conventional wisdom, about 88% of Vista users keep UAC on, according to Microsoft's customer usage data.

You're also going to be under pressure from competitors to eliminate UAC prompts. The number of unique applications that cause UAC prompts is going down, from almost 800,000 in August 2007 to fewer than 200,000 a year later, Cowan said.

The best approach to UAC is to write programs that don't need it. In fact, some large enterprises require you to write programs that work in standard user mode, Cowan said. "If your app doesn't work as standard users, they are not your customer," he said.

Elevating to administrator levels makes you a target for malware, Cowan said. If your code has vulnerabilities but runs in standard user mode, hackers won't be able to use it to gain access to the rest of the machine, so they're more likely to find another program that can gain them that access; if your code has vulnerabilities but runs in administrator mode, it is that other program.

You can ensure your code runs in standard user mode by putting marking your manifest with "asInvoker" and staying away from what Cowin called "the tender bits" of the OS, like DLLs and registry keys. It's often acceptable to read such resources, but opening them in read-write mode will often trigger a UAC prompt, Cowin said; be more specific than GENERIC_ALL when specifying access masks.

Yuval Shavit is the associate editor for Email Yuval to tell him what you thought about these tips. These tips are based on a talk by Crispin Cowan, product manage for Vista's UAC team, which he gave at Microsoft PDC. The talk, "Windows 7: Best Practices for Developing Windows Standard User" is available online.

This was last published in December 2008

Dig Deeper on Windows Vista security and .NET Framework 3.0

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.