Trying to understand UAC before installing Vista...

I haven't upgraded to Vista yet but I'm planning on doing it soon. I'm a
big fan of the *nix "root vs user" abstraction. I primarily use Windows
XP using a limited user account for everyday use while I use an
administrator account I aptly named "Root" for occasional house
cleaning, installing applications, and running poorly designed programs
that still write to the registry and to "Program Files" using "Run
As..." When I heard that Vista was finally going to emphasize the
importance of using non-privileged user accounts, Vista seemed like the
operating system for me. However, these complaints about the User Access
Control I've been hearing lately have been a big stumbling block in my
considering of upgrading to Vista.

So, before I make the plunge into Vista, I have a couple questions
regarding the scope of UAC:

1. Does UAC prompt the user for permission even for actions that would
have not needed an administrative tokens in Windows XP while running as
limited user? I'm hearing horror stories of UAC asking for prompts for
programs and actions that otherwise didn't need administrator
privileges in the first place and I'd like this fear to be allayed.
Though, to a person who uses limited user accounts all the time, it's
sounding like UAC doesn't change anything to what limited users usually
go through except finally giving them the option to elevate privileges
on the fly for actions that would have otherwise fizzled in Windows XP
without warning.

2. Is there a way to grant certain applications elevated privileges
permanently? For example, I use a TV tuner application to watch TV on
my PC but for some odd reason, it requires elevated privileges in
Windows XP to run (it's an old Hauppauge 878). As a result, I have to
run it using the "Run As" command and execute it using an administrator
account. It would be great if I could tell Vista that this application
should always be executed with administrator privileges without nagging
me with a UAC prompt everytime I ran it.

3. Is there a method to grant an application administrative privileges
before UAC figuring out itself that the app needs admin privileges? For
example, say I want to play Battlefield 2 but I know that Battlefield 2
needs administrator privileges because it uses Punkbuster. Instead of
opening it, having UAC popping up, and -then- elevating bf2.exe's
privileges by pressing "Allow", I want to give bf2.exe the privileges
it needs before UAC notices that it needs elevated privileges. Sorta
like using "Run As" in XP, but this time elevating the current user's
token and not using a completely different user account to get
administrative access.

4. And speaking of the Run As command, does Vista have one?


--
Swifty

"Swifty" <Swifty.2np23q@no-mx.forums.net> wrote in message
news:Swifty.2np23q@no-mx.forums.net...

Quote:

> 1. Does UAC prompt the user for permission even for actions that would
> have not needed an administrative tokens in Windows XP while running as
> limited user? I'm hearing horror stories of UAC asking for prompts for
> programs and actions that otherwise didn't need administrator
> privileges in the first place and I'd like this fear to be allayed.
> Though, to a person who uses limited user accounts all the time, it's
> sounding like UAC doesn't change anything to what limited users usually
> go through except finally giving them the option to elevate privileges
> on the fly for actions that would have otherwise fizzled in Windows XP
> without warning.

Many programs assume you have administrator access and routinely write to
system wide areas of the registry or file system. This will generate a UAC
prompt. In most cases it would also prevent you from running the program as
a standard user in XP. If you are set up to run as a standard user in XP you
should see very few UAC prompts in Vista with the same type of setup. One
area that may be different is the ACLs (NTFS permissions) are locked down a
little tighter using the principle of least permissions needed. If you are
used to 'nix and have your file system arranged in a similar fashion keeping
user data separate from system data you shouldn't have a problem.

Quote:

>
> 2. Is there a way to grant certain applications elevated privileges
> permanently? For example, I use a TV tuner application to watch TV on
> my PC but for some odd reason, it requires elevated privileges in
> Windows XP to run (it's an old Hauppauge 878). As a result, I have to
> run it using the "Run As" command and execute it using an administrator
> account. It would be great if I could tell Vista that this application
> should always be executed with administrator privileges without nagging
> me with a UAC prompt everytime I ran it.
>

There is a setting to tell Vista to always "Run as administrator" for a
certain program. This will still generate a UAC prompt every time you run it
but it alleviates right clicking it and picking that option every time.

Quote:

> 3. Is there a method to grant an application administrative privileges
> before UAC figuring out itself that the app needs admin privileges? For
> example, say I want to play Battlefield 2 but I know that Battlefield 2
> needs administrator privileges because it uses Punkbuster. Instead of
> opening it, having UAC popping up, and -then- elevating bf2.exe's
> privileges by pressing "Allow", I want to give bf2.exe the privileges
> it needs before UAC notices that it needs elevated privileges. Sorta
> like using "Run As" in XP, but this time elevating the current user's
> token and not using a completely different user account to get
> administrative access.

You set the program to always "Run as administrator". You will get a UAC
prompt when the program starts.

Quote:

>
> 4. And speaking of the Run As command, does Vista have one?

Yes, but it is different from XP. They only choice is "Run as administrator"
If you are already running with an account that is an administrator it will
cause that program to use the account's administrator token rather than the
standard user token that would normally be used. If you are running as a
standard user you can pick which account to run as and the program will run
in the context of that user. This means there may be some differences in how
the program behaves depending on if you are logged in as a standard user or
as an administrator.

Here are some links explaining UAC.

http://www.jimmah.com/vista/security/uac.aspx

http://technet2.microsoft.com/Window....mspx?mfr=true

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

Hello,

I would just like to add a few things in addition to the good info Kerry
gave you

"Swifty" <Swifty.2np23q@no-mx.forums.net> wrote in message
news:Swifty.2np23q@no-mx.forums.net...

Quote:

> 1. Does UAC prompt the user for permission even for actions that would
> have not needed an administrative tokens in Windows XP while running as
> limited user?

Actually, UAC does not prompt for "actions" at all.

UAC works at "application" granularity (or, if you want to get technical, at
a process or COM component boundary).

An application is either "elevated" (running at root level) or unelevated
(running without any special privileges). There is actually a third state
possible if you are not running as an admin (however much privilege you
have, if your user account is assigned more privileges than the normal
"standard user" privileges), but since it doesn't prompt, I won't talk about
it.

An application is either started elevated or non-elevated. Once an app is
started, it cannot change from one to the other.

Also, in most cases, UAC does *not* determine whether an app runs elevated
or not. It is an application's responsibility to TELL WINDOWS that it
requires privilege.

The exception to this rule is for setup programs and popular non-compatible
applications Microsoft has tested Vista with, realized they are going to
need admin privileges, and set Windows Vista to recognize them and tell them
to prompt.

So, if you have Windows-XP or earlier applications and they require admin
privileges, they will probably NOT PROMPT and fail miserably, so you should
do as Kerry said and mark them as requiring administrator in the file
properties -> compatability tab. This will make them prompt for elevation
whenever you run them, keeping you from having to right-click on them and
click Run As Administrator.

For "naughty" applications in XP that would otherwise NOT NEED admin
privileges, except for the fact that they do some stupid things like try to
write to program files and other restricted areas, there is a new "hack" in
Vista to make these programs work WITHOUT running them as administrator.
Windows tricks these programs into THINKING they are writing to the
restricted area, but actually copies the files they are modifying to an area
inside your user profile (called the virtualstore). When this program opens
those files again, it will see the hidden copy of the file instead of the
real file.

This "hack" should allow some of the programs you use that SHOULD NOT need
admin power to work correctly in Vista WITHOUT giving that program admin
power - but this kind of trickery can cause confusion (you might end up
loosing track of some files since if you try to save something in a
protected area from within one of these programs it will get moved to the
virtualstore).

Quote:

> I'm hearing horror stories of UAC asking for prompts for
> programs and actions that otherwise didn't need administrator
> privileges in the first place and I'd like this fear to be allayed.

Consider this fear allayed.

It is the programs responsibility to tell Winows if it needs admin power or
not. If the program doesn't tell Windows that it needs admin power (and
windows doesn't know better via appcompat shims), then Windows ASSUMES that
the program DOES NOT need admin power.

Programs that do not need admin power do not prompt and do not run with
admin power.

Programs that DO need admin power and are compatible with Vista WILL prompt
you for admin power when they start

(or, they will run with limited privileges and only prompt you for your
admin power when you try to perform an admin operation, like Windows
Explorer [this is technically accomplished by seperating the admin
functionality out of the programs into seperate programs or com
components]).

Programs that DO need admin power but DO NOT tell Vista this - will not
prompt and will not run with admin power, and so will probably fail. You
will need to either run-as-administrator these programs or change their
compatability options to always make these programs prompt for elevation.

Quote:

> Though, to a person who uses limited user accounts all the time, it's
> sounding like UAC doesn't change anything to what limited users usually
> go through except finally giving them the option to elevate privileges
> on the fly for actions that would have otherwise fizzled in Windows XP
> without warning.

This is a correct understanding.

If you are logged in with an administrator account, programs will either run
with a "filtered" token (this program cannot use your administrator powers)
or your real token (all the powers you have). Programs that do not prompt,
do not run with all your privileges - just standard user privileges. You
will get the chance to elevate programs that request admin privileges with
consent - you just click Continue or Cancel. The system protects this screen
to prevent malicious applications from hijacking it.

If you are logged in as a standard user, programs that DO NOT require admin
privilege run inside your user account. Programs that require admin
privileges (which your account does not have) will ask you for the
credentials of an administrator in order to run. In this case, IT WORKS
EXACTLY LIKE XP RUN AS - the administrative program will run as if *the
adminisrative user*, and NOT your current standard user account, started
it - so it will not be accessing your standard user registry/profile, but
the administrator's.

Quote:

> 2. Is there a way to grant certain applications elevated privileges
> permanently? For example, I use a TV tuner application to watch TV on
> my PC but for some odd reason, it requires elevated privileges in
> Windows XP to run (it's an old Hauppauge 878). As a result, I have to
> run it using the "Run As" command and execute it using an administrator
> account. It would be great if I could tell Vista that this application
> should always be executed with administrator privileges without nagging
> me with a UAC prompt everytime I ran it.

As kerry said, you can mark a non-vista-compatible program as needing admin
privileges, so it will prompt you for permission whenever it starts, as
opposed to it just running without admin privileges.

But, there is no way to tell a program to always run elevated without
prompting. If you think about this, it makes sense - this would allow
malicious programs to run this "blessed" program to take over your computer.
Imagine if you blessed the command prompt - malicious programs could run a
command prompt, which would then run elevated without your consent, and then
tell the command prompt to run their own malicious executable, which would
then run elevated. Or, it could issue malicious command lines (like
formating your hard drive).

UAC ensures the following:

- Only programs that prompt can perform administrative actions

- *You* must authorize and know about an administrative action - this
prevents malware from using trusted, system components to take over your
computer ("Hey I didn't start format.exe - I don't want it to run!")

Quote:

> 3. Is there a method to grant an application administrative privileges
> before UAC figuring out itself that the app needs admin privileges? For
> example, say I want to play Battlefield 2 but I know that Battlefield 2
> needs administrator privileges because it uses Punkbuster. Instead of
> opening it, having UAC popping up, and -then- elevating bf2.exe's
> privileges by pressing "Allow", I want to give bf2.exe the privileges
> it needs before UAC notices that it needs elevated privileges. Sorta
> like using "Run As" in XP, but this time elevating the current user's
> token and not using a completely different user account to get
> administrative access.

The elevated token (running the program in the same account but with full
privilege) can only be done if you are logged in as an administrator - and
that is how the elevation process works when logged in as an administrator.
A program is either given a filtered token or an elevated token, but all
programs you run are running inside your user account.

When you are a standard user, things work exactly like you were using "run
as" in XP, except the prompt is automatic .

Again, I should point out that UAC does not "notice" if something needs
admin privileges - the application either tells UAC that it wants elevation
or not. If it doesn't say what it wants, and the good folks at the Windows
compatability labs didn't test that application, then it will simply run
WITHOUT elevation and without prompting - even if it really does need admin
privilege.

An application will either start with elevated privilege or not.

Quote:

> 4. And speaking of the Run As command, does Vista have one?
>

Not thru the GUI, although you can use the runas command-line tool. Note
that you CANNOT "elevate" a program with the runas command-line tool - all
programs it runs will run with an unelevated token, even if the account you
authenticate with is an administrator (with an exception made for the
disabled built-in administrator account).


--
- JB
Microsoft MVP - Windows Shell/User

Windows Vista Support Faq
http://www.jimmah.com/vista/