Поделиться через


Step 2: Classify Your Application (UAC)

Step Two: Classify Your Application as a Standard User, Administrator, or Mixed User Application

Administrative applications in Windows Vista® often have a mixture of both administrative and standard user functionality. As a result, a number of options must be considered when deciding how your application will work in Windows Vista. The administrative functionality can be removed completely or separated from the standard user account functionality by prompting the user for approval.

Questions to Help Classify Your Application

Answer the following questions to determine whether your application will require any redesign for Windows Vista compatibility:

  • Does your application run as a standard user?

  • Can the administrative functionality be fixed to no longer require an administrator access token?

  • Can the administrative sections be removed from the program's functionality?

Does Your Application Run as a Standard User?

To answer this question, ensure that the application or feature be fully used by standard users. If any part of your feature requires the user to be an administrator, the answer to this question is "No."

How to verify that the application or control panel can be used by standard users:

  • Thoroughly test the application as both a standard user and an administrator. Verify that the user interactions are all exactly the same for both standard users and administrators.

  • Check where the settings are stored in the registry. If any settings are stored in HKEY_LOCAL_MACHINE, the application or control panel will most likely require an administrator access token.

  • If any of the settings are per-computer, the application or control panel will require an administrator access token.

  • If any of the settings do anything in other users' profiles, the application or control panel will require an administrator access token.

Can the Administrative Functionality Be Fixed to No Longer Require an Administrator Access Token?

If your application or control panel has settings or interactions that require a full administrator access token, can it be changed to work correctly as a standard user? Specifically, can the program store information in per-user locations instead? If it cannot, the answer to this question is "No."

A good example of the kind of feature/setting that can be fixed is Calc.exe (the Windows Calculator). In Windows XP, the setting of whether Windows Calculator was in "Scientific" versus "Standard" mode was a per-computer setting. This setting meant that a full administrator access token was needed to change the setting. In Windows Vista, this setting is stored in the user's profile.

How to verify that administrative sections can be removed from the program's functionality:

  • Thoroughly test the application as both a standard user and as an administrator. Can the experience be the same for both types of users?

  • Is it possible to lower the ACLs required to write to the HKEY_LOCAL_MACHINE key?

Note

This course should not be taken lightly. Be cautious not to compromise the overall security of the system by lowering the control afforded by the ACL.

  • Is it possible to change the user interface to set per-user state rather than global state (and do not expose global state modification through the user interface)?

Can the Administrative Sections Be Removed from the Program’s Functionality?

Does your feature absolutely have to have this functionality? If you cannot cut the administrative features or functionality, the answer to this question is "No."

To determine whether the administrative sections can be removed from the program's functionality, do the following:

  • Test the application as a standard user and as an administrator. What is the user scenario for retaining this feature?

  • Is this setting or feature exposed elsewhere in the application? Perhaps the functionality in the application is redundant.

Analyzing the Answers to Classify Your Application

If You Answered "Yes" to Any of the Preceding Questions

Make the necessary changes in the application or control panel (if any) to eliminate those items that require the user to have a full administrative access token.

The following list details benefits of having a true standard user application:

  • Your feature is equally usable for all users. This is the ideal state since most features should not require a full administrator access token.

  • Your users will never see an elevation prompt with your features.

  • Your features are much more secure by never requiring the administrator access token.

If You Answered "No" to All of the Preceding Questions

The application must be modified to make the feature work with UAC.

Verify the Application or Control Panel Works with UAC:

Finally, test the application as a standard user and as an administrator. Ensure that other options (the previous questions) cannot be used for this particular application.

See Also

Concepts

Designing UAC Applications for Windows Vista