Tip

User Account Control (UAC): How to develop code for standard users

Yuval Shavit, Associate Editor
UAC Tips for Developers
1. Overview of UAC for developers
2. What is UAC?
3. Elevating privileges correctly
4. Writing installers with UAC
Vista's user account control (UAC) is one of the new operating system's most maligned features. To the typical user, UAC prompts -- dialog boxes that ask you if you really want to do what you just clicked to do -- are an annoyance at best, confusion at worst. But UAC is actually a good thing in that it forces the user to approve applications that work at the administrator level and can do some serious damage to the computer, such as spreading viruses and worms. It also forces you, the developers, to write applications that stay away from high-permission code as much as possible.

The trick is to write your code such that you avoid unnecessary UAC prompts, and that basically means not accessing administrator-level rights in Vista. Here are searchWinDevelopment.com's top three tips for how to develop code that works with Vista's standard user. These tips are based on a talk at PDC by Crispin Cowan, senior project manager at Microsoft's UAC team.

1. Don't rely on UAC -- or ignore it

User account control was designed to be a temporary tool -- or, as Cowan put it, "a softer, gentler standard user." Under Vista, administrator users are actually standard users who are allowed to launch applications with administrator approval -- as long as they go through the UAC prompt. Standard users can elevate applications using the over the shoulder (OTS) prompt, which requires an administrator's login. This introduction to UAC for developers will also teach you how to avoid the UAC prompt altogether by developing programs for standard users.

2. Elevate to administrator mode correctly

Of course, sometimes you legitimately need administrator access. For instance, management tools often need to write to those tender bits of the operating system, as do installers that install for more than just the current user. In those cases, there's a wrong way and three right ways to get elevated privileges. In increasing order of sophistication (and decreasing order of ease), those are: launching a new, elevated process; creating a privileged COM object with its own GUI; and refactoring the privileged code into services or tasks, their successors in Vista, tasks. An unprivileged application can't dynamically elevate itself, and a privileged application can't dynamically restrict itself to standard user permissions; this tip will show you how to elevate into administrator mode with UAC safely in Vista.

3. Know what to do, and what not to do, with administrator privileges

The whole point of UAC is to get applications away from the habit of running in administrator mode unnecessarily. Just as important as how you elevate to administrator access is knowing what you shouldn't do with it. For instance, installers that run in administrator mode (for per-machine installs) shouldn't launch read-me files or the first instance of the application, Cowan said. Our last tip in this series will show you how to write installers in Vista with UAC.

The upshot of all this is that user account control may present a painful transition for developers, but it's for a good cause. The new security model makes it harder for Trojans, viruses and other malware to do their harm silently and in the background. But here we defer to the expert, who said it as well as we could:

"The least privilege model that Vista introduced is good. It's good for the platform's security, it's good for your security. It saves us all from our own flawed software, because if everybody's running everything as administrator, then the security requirement is basically 'don't write vulnerable code,' and writing perfect code all the time is really tedious," Cowan said.

Yuval Shavit is the associate editor for searchWinDevelopment.com. Email Yuval to tell him what you thought about these tips. These tips are based on a talk by Crispin Cowan, product manage for Vista's UAC team, which he gave at Microsoft PDC. The talk, "Windows 7: Best Practices for Developing Windows Standard User" is available online.

This was first published in December 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.