User Account Control (UAC): How to develop code for standard users

One of the most annoying features of Vista is the dreaded UAC prompt, but it's actually there for security reasons. Instead of telling users to work with UAC turned off, learn the top 3 tips for how to develop code that works in UAC's standard user mode.

UAC Tips for Developers
1. Overview of UAC for developers
2. What is UAC?
3. Elevating privileges correctly
4. Writing installers with UAC
Vista's user account control (UAC) is one of the new operating system's most maligned features. To the typical user, UAC prompts -- dialog boxes that ask you if you really want to do what you just clicked to do -- are an annoyance at best, confusion at worst. But UAC is actually a good thing in that it forces the user to approve applications that work at the administrator level and can do some serious damage to the computer, such as spreading viruses and worms. It also forces you, the developers, to write applications that stay away from high-permission code as much as possible.

The trick is to write your code such that you avoid unnecessary UAC prompts, and that basically means not accessing administrator-level rights in Vista. Here are searchWinDevelopment.com's top three tips for how to develop code that works with Vista's standard user. These tips are based on a talk at PDC by Crispin Cowan, senior project manager at Microsoft's UAC team.

1. Don't rely on UAC -- or ignore it

User account control was designed to be a temporary tool -- or, as Cowan put it, "a softer, gentler standard user." Under Vista, administrator users are actually standard users who are allowed to launch applications with administrator approval -- as long as they go through the UAC prompt. Standard users can elevate applications using the over the shoulder (OTS) prompt, which requires an administrator's login. This introduction to UAC for developers will also teach you how to avoid the UAC prompt altogether by developing programs for standard users.

2. Elevate to administrator mode correctly

Of course, sometimes you legitimately need administrator access. For instance, management tools often need to write to those tender bits of the operating system, as do installers that install for more than just the current user. In those cases, there's a wrong way and three right ways to get elevated privileges. In increasing order of sophistication (and decreasing order of ease), those are: launching a new, elevated process; creating a privileged COM object with its own GUI; and refactoring the privileged code into services or tasks, their successors in Vista, tasks. An unprivileged application can't dynamically elevate itself, and a privileged application can't dynamically restrict itself to standard user permissions; this tip will show you how to elevate into administrator mode with UAC safely in Vista.

3. Know what to do, and what not to do, with administrator privileges

The whole point of UAC is to get applications away from the habit of running in administrator mode unnecessarily. Just as important as how you elevate to administrator access is knowing what you shouldn't do with it. For instance, installers that run in administrator mode (for per-machine installs) shouldn't launch read-me files or the first instance of the application, Cowan said. Our last tip in this series will show you how to write installers in Vista with UAC.

The upshot of all this is that user account control may present a painful transition for developers, but it's for a good cause. The new security model makes it harder for Trojans, viruses and other malware to do their harm silently and in the background. But here we defer to the expert, who said it as well as we could:

"The least privilege model that Vista introduced is good. It's good for the platform's security, it's good for your security. It saves us all from our own flawed software, because if everybody's running everything as administrator, then the security requirement is basically 'don't write vulnerable code,' and writing perfect code all the time is really tedious," Cowan said.

Yuval Shavit is the associate editor for searchWinDevelopment.com. Email Yuval to tell him what you thought about these tips. These tips are based on a talk by Crispin Cowan, product manage for Vista's UAC team, which he gave at Microsoft PDC. The talk, "Windows 7: Best Practices for Developing Windows Standard User" is available online.

This was first published in December 2008

Dig deeper on .NET Framework 3.5 and Visual Studio 2008 development

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudComputing

SearchSoftwareQuality

SearchSOA

TheServerSide

SearchCloudApplications

Close