For some reason a lot of developers are having trouble with understanding UAC. UAC isn't just the prompt, it's a bunch of features designed to ensure only those things that need to run with high privilege do so, that other programs can't interfere with the high-privileged programs, and some additional features to try to help work around the changes for legacy programs.
The best thing to do for any new code is not to be considered a legacy program. To do this, your programs - all of them - need a manifest describing their privilege requirements. The way to do this is described at http://msdn2.microsoft.com/en-us/library/bb756929.aspx. 99.9% of programs should be marked 'asInvoker', the remaining 0.1% which are actually used to administer your system marked as 'requireAdministrator', and anything that would require 'highestAvailable' should be split into a regular program that can run with normal privileges and a small bit that must run with administrative privileges, to configure those settings. You could, of course, simply set 'requireAdministrator' on everything and annoy your users every time they run the program with a UAC prompt. But it's against the spirit of trying to get everything running with the lowest privileges possible, so that if a remote code execution bug (at worst) is found and exploited, it can only trash the user's profile, not the whole system. Windows NT has always had a security system, it's just that most people didn't use it because it was too much bother, largely because applications expected to be able to write anywhere and failed in unusual ways if they couldn't. I used to use Windows XP as a standard user - I still do at work - and it can be a lot of pain. Vista UAC makes it much easier to run with low privileges most of the time and only invoke higher privileges when you need them. You're definitely on the right lines with moving files that all users need to write to the Common Application Files folder, but you should question whether all users on the same machine really need to write to the same file or registry key. There really is no harm in having separate configurations for each user, and it may surprise users if a setting changes because a different user changed it. You could get into really odd scenarios with Fast User Switching or Terminal Services, if settings can change under a running copy of the program. Modifying a file written by Windows Installer can have a surprising effect - it may not be overwritten when you install an upgrade, depending on when you schedule RemoveExistingProducts (I think). Modifying a key can be similar - there is no versioning involved, registry key updates always overwrite. I would recommend treating whatever is installed as immutable except by the next version of the installer. -- Mike Dimmick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simon Topley Sent: 19 February 2008 15:51 To: wix-users@lists.sourceforge.net Subject: [WiX-users] Vista, C Root, Hello world, Windows 3.1 Where do I begin... First off I suppose I should say hello, it's been ages since I posted as our lovingly tailored installers have been carefree for sometime now. Here is my problem... Vista. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
