UAC Demystified

by Weifen Luo (DevZest) 25. August 2009 11:00

After posting the blog Programming Elevated Privilege / UAC, I realized I should post a separate blog to discuss UAC first.

Before Window NT (Windows 3.1, Win95, 98), there is no concept of user or user privilege. At that time, Windows are built on top of DOS, and DOS is a very simple operating system. When programming under Windows 3.1, I used to access the physical memory! Windows 95 and 98 made some improvements, but the kernel does not change. That’s the main reason why Windows was not considered as a real operating system at that time.

Windows 2000 is the first real desktop operating system. Since Windows 2000, criticisms to Windows changes to the system complexity and too many unnecessary features provided (or maybe difficult to exceed from competitor’s perspective). Probably for compatibility reason, plus Microsoft didn’t realize the importance of security at that time, the default user has administrator privilege under Windows 2000 and XP. That means all processes has administrator privilege, can do anything to operating system. Note the term process instead of application is used here: process can be executed at background. This “feature” is really convenient for all programs, including malicious ones!

Actually the security can be greatly improved by using standard user under Windows 2000 and XP. However most Windows users don’t care or don’t understand it at all, and more and more malicious programs are spreading through internet, giving Windows a very bad reputation as an unsafe operating system. Starting from Windows Vista, Microsoft introduces UAC (User Account Control). That is, even user sign on the system with an administrator account, the operating system still enforces the user run as a normal user privilege. The privilege elevation needs the user’s consent.

What does UAC mean? It means the program requires administrator privilege, will break under UAC. To test if your program can successfully run under UAC, you don’t actually need Windows Vista – you can test it under Windows 2000/XP, using normal user account.

If your program breaks without administrator privilege, first of all you should try all your best to modify your program, so that administrator privilege is no longer required. For example, write data to AppData folder, write registry data to HKCU instead of HKLM, etc.

If part of your program have to require administrator privilege, you should implement this part separately, displayed with an UAC shield on your UI. When end user click the button of menu item with UAC shield, use “RunAs” to start another instance of your program. Note code can only be elevated at process level when startup, which means that a running process cannot be elevated. The implementation is to have two processes, one run as foreground application without administrator privilege, another one run as background process with administrator privilege. These two processes can be distinguished by startup parameters. For complete example, see Programming Elevated Privilege / UAC, both WPF and Windows Forms source code are provided.

Windows 7 made some improvements to UAC. The system or certified programs, can be elevated directly without end user consent. This can reduce some UAC dialogs. But this does not help general programs – not everyone can expect his/her program being certified by Windows.

Tags: ,

Windows Forms | WPF | .Net | Windows

Comments

8/25/2009 11:23:06 AM #

Programming Elevated Privilege/UAC

Programming Elevated Privilege/UAC

The DevZest Blog |

8/25/2009 1:12:41 PM #

UAC Demystified

You've been kicked (a good thing) - Trackback from DotNetKicks.com

DotNetKicks.com |

11/24/2009 4:02:04 PM #

I was struggling to get help in understanding and solving UAC problem. This article is really is helpful

Amit United States |

11/24/2009 8:49:11 PM #

When I save file from local application to AppData folder it works (was not earlier) but not when from Website to AppData folder, any idea?

P.S. I am trying to save file using Adobe Plug-ins.

Amit United States |

11/25/2009 8:29:00 AM #

Website (ASP.Net) applies another level code access security (CAS) on top of the OS security. Normally you're granted file access only to the current virtual directory and its sub directories.

weifenluo People's Republic of China |

11/25/2009 8:41:06 AM #

You can check the exception to see if it's caused by CAS or OS security: a CAS violation results in a System.Security.SecurityException; a OS security violation results in a System.ComponentModel.Win32Exception.

weifenluo People's Republic of China |

12/2/2009 2:47:53 PM #

In the AppData folder there are three subfolders Local,LocalLow and Roaming. LocalLow is low security folder and permitts saving of files from website.More details can be foud at the URL- msdn.microsoft.com/.../bb250462(VS.85).aspx

Amit United States |

Comments are closed

Copyright DevZest, 2008 - 2014