Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

UAC compatible application advice needed

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 01-12-2007
Nick Rivers
 

Posts: n/a
UAC compatible application advice needed
Hi!

I need to write an UAC compatible application that should work for standard
and admin users.

This application should use DIFx 2.1 to install or update a hardware device,
but only if necessary.

What I┤ve done so far:
-linked DIFxAPI.lib
-embedded .manifest with 'highestAvailable' privileg setting
-check the users token to determine if the user has privileges to install or
update a device driver if necessary
-using DriverPackageInstall to install/update device driver

When a standard user runs my application and the hardware device needs to be
installed or updated he will be prompted that he needs admin rights to
install/update the hardware device. UAC does not prompt.

When a admin group user runs my application UAC prompts with the "A program
needs your permission to continue" dialog and then runs through installing
or updating the device if necessary.

I am not sure if this is the correct and best way to create the application.
Best for me would be, if UAC would not prompt any dialogs for all users. I
know that I could also use ShellExecuteEx with 'RunAs' to launch an
executable that needs admin privileges.

I really appreciate any advice or improvement.

Thanks
-Nick





Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 01-12-2007
David Hearn
 

Posts: n/a
Re: UAC compatible application advice needed
Nick Rivers wrote:
> Hi!
>
> I need to write an UAC compatible application that should work for standard
> and admin users.
>
> This application should use DIFx 2.1 to install or update a hardware device,
> but only if necessary.
>
> What I┤ve done so far:
> -linked DIFxAPI.lib
> -embedded .manifest with 'highestAvailable' privileg setting
> -check the users token to determine if the user has privileges to install or
> update a device driver if necessary
> -using DriverPackageInstall to install/update device driver
>
> When a standard user runs my application and the hardware device needs to be
> installed or updated he will be prompted that he needs admin rights to
> install/update the hardware device. UAC does not prompt.
>
> When a admin group user runs my application UAC prompts with the "A program
> needs your permission to continue" dialog and then runs through installing
> or updating the device if necessary.
>
> I am not sure if this is the correct and best way to create the application.
> Best for me would be, if UAC would not prompt any dialogs for all users. I
> know that I could also use ShellExecuteEx with 'RunAs' to launch an
> executable that needs admin privileges.
>
> I really appreciate any advice or improvement.
>
> Thanks
> -Nick


I've not done any UAC development yet, but I have attended a couple of
MS training events which have covered this.

If your app's manifest is requesting 'highestAvailable' - I believe this
simply means, rather than run as a standard user, acquire the full
rights for this class of user. So, if a standard user runs, then the
full rights for this user is just standard. If an Admin user runs it,
then the full rights for this user is Elevated (ie. full Admin).

What I suspect you need is 'requireAdministrator' which for an Admin, is
just to Elevate and get the full permissions of that user (same effect
as highestAvailable would have. But for a standard user, that is to
require an Admin username + password to be entered.

The solution to your problem of not asking all users for UAC permission,
is what MS recommends and to separate out all Elevated code into a
separate assembly (with a .manifest requesting 'requireAdministrator'.
Main code's manifest requests 'asInvoker'. In this case, if no
elevation is required (ie. driver is installed/up to date, no changes
required) then no UAC prompt is seem. If the driver does require
updating, then execute the separate assembly, which itself requests
elevation, and then when it's finished exits and control returns to the
original code, which never left the 'asInvoker' privs.

Does that sound right?

I hope that helps,

David
Reply With Quote
  #3 (permalink)  
Old 01-13-2007
Roger Abell [MVP]
 

Posts: n/a
Re: UAC compatible application advice needed
Aside for correct ways to program/package for UAC compliance . . .

When you say

> Best for me would be, if UAC would not prompt any dialogs for all users.


it shows that you are missing the point of UAC, ie. that use of elevated
privilege, unseen by the user, is not supposed to be under programmatic
control when these features are enabled.
IOW, that you test and avoid when the context cannot have sufficient
privilege is great, but you should not expect to suppress all notices.


"Nick Rivers" <nrivers@yahoo.com> wrote in message
news:OBWbUoiNHHA.4172@TK2MSFTNGP04.phx.gbl...
> Hi!
>
> I need to write an UAC compatible application that should work for
> standard and admin users.
>
> This application should use DIFx 2.1 to install or update a hardware
> device, but only if necessary.
>
> What I┤ve done so far:
> -linked DIFxAPI.lib
> -embedded .manifest with 'highestAvailable' privileg setting
> -check the users token to determine if the user has privileges to install
> or
> update a device driver if necessary
> -using DriverPackageInstall to install/update device driver
>
> When a standard user runs my application and the hardware device needs to
> be installed or updated he will be prompted that he needs admin rights to
> install/update the hardware device. UAC does not prompt.
>
> When a admin group user runs my application UAC prompts with the "A
> program needs your permission to continue" dialog and then runs through
> installing or updating the device if necessary.
>
> I am not sure if this is the correct and best way to create the
> application. Best for me would be, if UAC would not prompt any dialogs for
> all users. I know that I could also use ShellExecuteEx with 'RunAs' to
> launch an executable that needs admin privileges.
>
> I really appreciate any advice or improvement.
>
> Thanks
> -Nick
>
>
>
>
>



Reply With Quote
  #4 (permalink)  
Old 01-13-2007
Kerry Brown
 

Posts: n/a
Re: UAC compatible application advice needed
"Nick Rivers" <nrivers@yahoo.com> wrote in message
news:OBWbUoiNHHA.4172@TK2MSFTNGP04.phx.gbl...
> Hi!
>
> I need to write an UAC compatible application that should work for
> standard and admin users.
>
> This application should use DIFx 2.1 to install or update a hardware
> device, but only if necessary.
>
> What I┤ve done so far:
> -linked DIFxAPI.lib
> -embedded .manifest with 'highestAvailable' privileg setting
> -check the users token to determine if the user has privileges to install
> or
> update a device driver if necessary
> -using DriverPackageInstall to install/update device driver
>
> When a standard user runs my application and the hardware device needs to
> be installed or updated he will be prompted that he needs admin rights to
> install/update the hardware device. UAC does not prompt.
>
> When a admin group user runs my application UAC prompts with the "A
> program needs your permission to continue" dialog and then runs through
> installing or updating the device if necessary.
>
> I am not sure if this is the correct and best way to create the
> application. Best for me would be, if UAC would not prompt any dialogs for
> all users. I know that I could also use ShellExecuteEx with 'RunAs' to
> launch an executable that needs admin privileges.
>
> I really appreciate any advice or improvement.
>
> Thanks
> -Nick
>



If the program needs to do something that requires administrator privileges
then at some point everyone using that function of the program will see a
uac prompt including administrators. That is the whole point of uac, to
notify the user that the program is doing something that will affect the
system and give them the choice to allow it or not. You can either set the
program to run in administrator mode or program it ask for elevated
privileges only when it actually needs them. In the first case everyone who
runs the program will see a uac prompt every time they run the program. In
the second case only those people using the function that requires
administrator privileges will see the uac prompt.

There are some good tips in some of the documents you can download here:

http://msdn2.microsoft.com/en-us/win.../aa904987.aspx

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Closing application produces error message =?Utf-8?B?U2FydWs=?= microsoft.public.windows.vista.performance maintenance 5 11-28-2009 01:57
Compatible All in One Printers with Vista Home Prem. =?Utf-8?B?VGFueWE=?= microsoft.public.windows.vista.print fax scan 18 07-17-2007 01:42
Installing an Application copies entire CD to temp directory =?Utf-8?B?YmdpbGxl?= microsoft.public.windows.vista.performance maintenance 2 02-28-2007 19:49
Re: SUID Kurt Harriger microsoft.public.windows.vista.security 7 12-18-2006 11:06




All times are GMT +1. The time now is 19:41.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120