Windows Vista User Account Control UAC and Delphi
![Windows Vista User Account Control (UAC) and Delphi Fredrik Haglund Developer Evangelist Windows Vista User Account Control (UAC) and Delphi Fredrik Haglund Developer Evangelist](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-1.jpg)
![User Account Control (UAC) § Security token split during logon – one user token User Account Control (UAC) § Security token split during logon – one user token](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-2.jpg)
![Standard User – Over the shoulder elevation Standard User – Over the shoulder elevation](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-3.jpg)
![Windows Vista § UAC is Enabled by Default § All Subsequent User Accounts are Windows Vista § UAC is Enabled by Default § All Subsequent User Accounts are](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-4.jpg)
![Standard User § All processes are started as Standard User as default § A Standard User § All processes are started as Standard User as default § A](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-5.jpg)
![New Technologies for Windows Vista § § § Installer Detection User Interface Privilege Isolation New Technologies for Windows Vista § § § Installer Detection User Interface Privilege Isolation](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-6.jpg)
![User Interface Privilege Isolation § General guideline – “lower” can not access “higher” § User Interface Privilege Isolation § General guideline – “lower” can not access “higher” §](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-7.jpg)
![Virtualization / Redirection § Virtualization is for compatibility – not a feature § Disabled Virtualization / Redirection § Virtualization is for compatibility – not a feature § Disabled](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-8.jpg)
![UAC Architecture UAC Architecture](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-9.jpg)
![The Shield § Attached to controls which, if clicked, will require elevation as the The Shield § Attached to controls which, if clicked, will require elevation as the](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-10.jpg)
![Shield UI Examples Shield UI Examples](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-11.jpg)
![Delphi – What you have to do… § Test your application – identify problems Delphi – What you have to do… § Test your application – identify problems](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-12.jpg)
![Test with Standard User Analyzer Tool § SUA helps you find what you do Test with Standard User Analyzer Tool § SUA helps you find what you do](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-13.jpg)
![Requested Execution Level in Delphi § NB! Remove all references to XPMan unit from Requested Execution Level in Delphi § NB! Remove all references to XPMan unit from](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-14.jpg)
![RC-file is compiled to RES-file RC-file is compiled to RES-file](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-15.jpg)
![Manifest Manifest](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-16.jpg)
![<requierd. Execution. Level /> § level=”as. Invoker” – Start process runing with same token <requierd. Execution. Level /> § level=”as. Invoker” – Start process runing with same token](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-17.jpg)
![Windows XP Warning! § Incorrect formatting of Manifest can blue screen Windows XP § Windows XP Warning! § Incorrect formatting of Manifest can blue screen Windows XP §](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-18.jpg)
![Redesign § Do not open files or registry keys with Write flag § Save Redesign § Do not open files or registry keys with Write flag § Save](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-19.jpg)
![SHGet. Folder. Path SHGet. Folder. Path](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-20.jpg)
![Run. As. Admin § Launch application running as administrator § Use Application. Handle to Run. As. Admin § Launch application running as administrator § Use Application. Handle to](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-21.jpg)
![Using COM class for Admin tasks § COM Server must be an EXE § Using COM class for Admin tasks § COM Server must be an EXE §](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-22.jpg)
![Elevated COM calls § Use Moniker to create elevated Co. Class from User Process Elevated COM calls § Use Moniker to create elevated Co. Class from User Process](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-23.jpg)
![The Shield - Set. Elevation. Required. State § Call function with Button as parameter The Shield - Set. Elevation. Required. State § Call function with Button as parameter](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-24.jpg)
![Sign with Authenticode § § § Get less serious looking consent dialog Register at Sign with Authenticode § § § Get less serious looking consent dialog Register at](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-25.jpg)
![Resources § Document – Windows Vista Application Development Requirements for User Account Control Compatibility Resources § Document – Windows Vista Application Development Requirements for User Account Control Compatibility](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-26.jpg)
![Thank you! Thank you!](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-27.jpg)
- Slides: 27
![Windows Vista User Account Control UAC and Delphi Fredrik Haglund Developer Evangelist Windows Vista User Account Control (UAC) and Delphi Fredrik Haglund Developer Evangelist](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-1.jpg)
Windows Vista User Account Control (UAC) and Delphi Fredrik Haglund Developer Evangelist
![User Account Control UAC Security token split during logon one user token User Account Control (UAC) § Security token split during logon – one user token](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-2.jpg)
User Account Control (UAC) § Security token split during logon – one user token and one admin token § Administrator shell run with Standard User token § You have to explicitly consent every time you create a process with administrator token – this is called “elevation”
![Standard User Over the shoulder elevation Standard User – Over the shoulder elevation](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-3.jpg)
Standard User – Over the shoulder elevation
![Windows Vista UAC is Enabled by Default All Subsequent User Accounts are Windows Vista § UAC is Enabled by Default § All Subsequent User Accounts are](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-4.jpg)
Windows Vista § UAC is Enabled by Default § All Subsequent User Accounts are Created as Standard § § § Users Elevation Prompts are Displayed on the Secure Desktop by Default Elevation Prompts for Background Applications are Minimized to the Taskbar Elevations are blocked in the User's Logon Path Built-in Administrator Account is Disabled by Default on New Installations New Default Access Control List (ACL) Settings
![Standard User All processes are started as Standard User as default A Standard User § All processes are started as Standard User as default § A](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-5.jpg)
Standard User § All processes are started as Standard User as default § A Standard User can not – Change files in Program Files folders – Change files in Windows or System 32 folders – Change registry under HKLMSoftware – Change the local machines date and time – Install or uninstall Services – … § Earlier strong Recommendations are now enforced!
![New Technologies for Windows Vista Installer Detection User Interface Privilege Isolation New Technologies for Windows Vista § § § Installer Detection User Interface Privilege Isolation](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-6.jpg)
New Technologies for Windows Vista § § § Installer Detection User Interface Privilege Isolation Virtualization Access Token Split during login Secure Desktop
![User Interface Privilege Isolation General guideline lower can not access higher User Interface Privilege Isolation § General guideline – “lower” can not access “higher” §](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-7.jpg)
User Interface Privilege Isolation § General guideline – “lower” can not access “higher” § A lower privilege process cannot: – Perform a window handle validation – Send. Message or Post. Message – Use thread hooks to attach – Use Journal hooks to monitor – Perform dynamic link-library (DLL) injection § Some resources are still shared between processes – Desktop window, which actually owns the screen surface – Desktop heap read-only shared memory – Global atom table – Clipboard
![Virtualization Redirection Virtualization is for compatibility not a feature Disabled Virtualization / Redirection § Virtualization is for compatibility – not a feature § Disabled](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-8.jpg)
Virtualization / Redirection § Virtualization is for compatibility – not a feature § Disabled for executables with UAC info in manifest!
![UAC Architecture UAC Architecture](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-9.jpg)
UAC Architecture
![The Shield Attached to controls which if clicked will require elevation as the The Shield § Attached to controls which, if clicked, will require elevation as the](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-10.jpg)
The Shield § Attached to controls which, if clicked, will require elevation as the next step § Has only one state (I. e. no hover, disabled etc. ) § Does not remember elevated state – Not an unlock operation
![Shield UI Examples Shield UI Examples](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-11.jpg)
Shield UI Examples
![Delphi What you have to do Test your application identify problems Delphi – What you have to do… § Test your application – identify problems](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-12.jpg)
Delphi – What you have to do… § Test your application – identify problems § Classify your application as Standard User, Admin or Mixed. § Add application Manifest § Redesign functionality – User apps should write data to correct locations – Split out admin stuff into a separate executable § Redesign user interface – Add shield to buttons § Redesign installer § Test again § Optionally sign application (Authenticode) § Determine whether to pursue the Windows Vista Logo program
![Test with Standard User Analyzer Tool SUA helps you find what you do Test with Standard User Analyzer Tool § SUA helps you find what you do](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-13.jpg)
Test with Standard User Analyzer Tool § SUA helps you find what you do that can break application
![Requested Execution Level in Delphi NB Remove all references to XPMan unit from Requested Execution Level in Delphi § NB! Remove all references to XPMan unit from](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-14.jpg)
Requested Execution Level in Delphi § NB! Remove all references to XPMan unit from project!!!
![RCfile is compiled to RESfile RC-file is compiled to RES-file](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-15.jpg)
RC-file is compiled to RES-file
![Manifest Manifest](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-16.jpg)
Manifest
![requierd Execution Level levelas Invoker Start process runing with same token <requierd. Execution. Level /> § level=”as. Invoker” – Start process runing with same token](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-17.jpg)
<requierd. Execution. Level /> § level=”as. Invoker” – Start process runing with same token as the process creating it. § level=”highest. Available” – Ask administrators for consent to elevate but start as standard user if user has no administrative privileges § level=”require. Administrator” – Ask administrators for consent to elevate. – Standard user will get login dialog for over the shoulder support – Will only start with administrative privileges
![Windows XP Warning Incorrect formatting of Manifest can blue screen Windows XP Windows XP Warning! § Incorrect formatting of Manifest can blue screen Windows XP §](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-18.jpg)
Windows XP Warning! § Incorrect formatting of Manifest can blue screen Windows XP § Read KB 921337
![Redesign Do not open files or registry keys with Write flag Save Redesign § Do not open files or registry keys with Write flag § Save](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-19.jpg)
Redesign § Do not open files or registry keys with Write flag § Save data, log files, etc. in the right location using SHGet. Folder. Path – CSIDL_PERSONAL { My Documents } – CSIDL_APPDATA { Application Data, new for NT 4 } – CSIDL_LOCAL_APPDATA { non roaming, userLocal – – SettingsApplication Data } CSIDL_COMMON_APPDATA { All UsersApplication Data } CSIDL_MYPICTURES { My Pictures, new for Win 2 K } CSIDL_COMMON_DOCUMENTS { All UsersDocuments } …
![SHGet Folder Path SHGet. Folder. Path](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-20.jpg)
SHGet. Folder. Path
![Run As Admin Launch application running as administrator Use Application Handle to Run. As. Admin § Launch application running as administrator § Use Application. Handle to](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-21.jpg)
Run. As. Admin § Launch application running as administrator § Use Application. Handle to delay elevation if app is minimized. § No handle always gives direct foreground elevation.
![Using COM class for Admin tasks COM Server must be an EXE Using COM class for Admin tasks § COM Server must be an EXE §](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-22.jpg)
Using COM class for Admin tasks § COM Server must be an EXE § EXE must have require. Administrator to install COM objects correctly § Registration of COM Class must – add value Localized. String (and resource string in executable) – add key Elevation and value Enabled = 1
![Elevated COM calls Use Moniker to create elevated Co Class from User Process Elevated COM calls § Use Moniker to create elevated Co. Class from User Process](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-23.jpg)
Elevated COM calls § Use Moniker to create elevated Co. Class from User Process
![The Shield Set Elevation Required State Call function with Button as parameter The Shield - Set. Elevation. Required. State § Call function with Button as parameter](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-24.jpg)
The Shield - Set. Elevation. Required. State § Call function with Button as parameter to add Shield symbol
![Sign with Authenticode Get less serious looking consent dialog Register at Sign with Authenticode § § § Get less serious looking consent dialog Register at](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-25.jpg)
Sign with Authenticode § § § Get less serious looking consent dialog Register at winqual. microsoft. com Buy certificate (Verisign, etc. ) Sign executables (Make. Cert, Signtool. exe) Register applications at winqual to get access to crash logs
![Resources Document Windows Vista Application Development Requirements for User Account Control Compatibility Resources § Document – Windows Vista Application Development Requirements for User Account Control Compatibility](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-26.jpg)
Resources § Document – Windows Vista Application Development Requirements for User Account Control Compatibility § Tool – Microsoft Standard User Analyzer § Windows Vista Logo Program – http: //microsoft. mrmpslc. com/Innovate. On. Windows. Vist a/
![Thank you Thank you!](https://slidetodoc.com/presentation_image/afa4ea41721338713d0c9a4315292950/image-27.jpg)
Thank you!
Standard user analyzer windows 10
Ipseq
3 types of accounts
Simbolo de proyeccion americana
Uac writing center
Uac subject compass
Ib to atar 2020
Scott scba hud lights
When was atar introduced
Calificaciones uac
Atar projector
Uac emprende
Drill symbol
Mark russinovich
Powershell lateral movement
Uac atar cut offs 2021
3 errors that affect the trial balance
Explain about profit and loss account
Windows vista kernel
Windows logo program
Win vista requirements
Bluetooth for windows vista
Vista system requirements
Windows codename longhorn
Hello windows vista
Vk_prior
Windows vista
Windows vista je