How To: Use Vista's UAC Feature To Avoid Always Requiring Admin Rights
- Posted: Jun 29, 2006 at 1:50 PM
- 63,633 Views
- 11 Comments
Download
How do I download the videos?
- To download, right click the file type you would like and pick “Save target as…” or “Save link as…”
Why should I download videos from Channel9?
- It's an easy way to save the videos you like locally.
- You can save the videos in order to watch them offline.
- If all you want is to hear the audio, you can download the MP3!
Which version should I choose?
- If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available).
- If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file.
- If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file.
- If you just want to hear the audio of the video, choose the MP3 file.
Right click “Save as…”
- Mid Quality WMV (Lo-band, Mobile)
Windows Vista's
UAC feature is designed to minimize security risks by running most applications under a standard user token, lessening the risk that an attacker could gain admin rights to the machine. This is a great step forward for users, but it may leave developers
wondering what to do when their apps do really need admin rights to complete a task.
Ian Griffiths to the rescue, with another screencast showing how to structure an app to enable certain admin tasks to run in an elevated context.
Be sure to also check out the UAC team's blog.
Comments Closed
Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation,
please create a new thread in our Forums,
or
Contact Us and let us know.
Follow the Discussion
Elevation:Administrator!new:{guid}
HKCR
{
NoRemove CLSID
{
ForceRemove {8E29BED3-2E02-49DC-A9B7-3A5984BCD95F} = s 'CanElevateWork Class'
{
ProgID = s 'CanElevate.CanElevateWork.1'
VersionIndependentProgID = s 'CanElevate.CanElevateWork'
ForceRemove 'Programmable'
InprocServer32 = s '%MODULE%'
{
val ThreadingModel = s 'Apartment'
}
val AppID = s '%APPID%'
'TypeLib' = s '{25CA48AF-1D18-4A9F-9749-7354C41CDCEC}'
Elevation
{
val Enabled = d 1
}
val LocalizedString = s '@%MODULE%,-101'
}
}
}
HKCR
{
NoRemove AppID
{
'%APPID%' = s 'CanElevate'
{
val DllSurrogate = s ''
}
'CanElevate.DLL'
{
val AppID = s '%APPID%'
}
}
}
Can we have your sample codes for reference?
Thanks,
Larry
I know you can try things like OpenInputDesktop(0,FALSE,0) and watch for failure to know if the secure desktop is up, but that's the opposite, that's _failing_ to get the desktop, not capturing images of it..
I'm having a really tough time trying to implement the elevated COM method under VB.NET. I'm not an API guru, but need to be able to migrate some of my VB.NET utils for my company to use UAC.
I've managed to create my own custom control which implements the Shield icon via a SendMessage API call, but the actual UAC part, I'm really stuck on.
I've segmented out my Admin functions into COM classes, but am having a lot of difficulty figuring out how to use CoCreateAdminAsInstance through VB.NET.
There doesn't seem to be any sample code available for VB.NET so any help in explaining this to me, or assisting in any way would be greatly appreciated!
Thanks in advance, Dan.
The computer may restart when you add a manifest that has the Windows Vista extension to an .exe file or to a .dll file in Windows XP Service Pack 2 (SP2)
http://support.microsoft.com/Default.aspx?kbid=921337
Resolution
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=463884&SiteID=1
http://robgarrett.com/cs/blogs/software/archive/2007/02/12/net-wrapper-for-com-elevation.aspx
Encapsulates all the hard stuff for non-C++ and non-COM developers.
Could I have your sample codes for reference?
Thank you,
Vincent Kao
That is an excellent video. Your help is very much appreciated. I noticed you have a video showing how to include the manifest with managed applications...
When I launch a "requireAdministrator" .NET app, it gives the ugly "Allow/Cancel" prompt instead of the nice "Continue/Cancel" prompt -- the consent prompt. But when I sign the file with an authenticode signature, it uses the consent prompt. However, I don't know how to specify the application name like you do in this COM elevation demo. Basically what I'm asking is how do you set the application / assembly name in a Managed app. I've tried the <assemblyIdentity> element in the uac.manifest, but it seems to have no effect. Any help? Thanks.
Can I have your sample code for reference ?
Jesper Lin
A bit late to be replying, but better late than never I suppose...
The video capture was done by a 2nd PC with a video capture card whose input was wired into the VGA output of my laptop.
So it was slightly higher tech than pointing a camera at the laptop, but it sort of has the same effect: it lets you grab exactly what's on screen, without falling foul of internal security barriers in the machine.
Ian Griffiths
Remove this comment
Remove this thread
close