Default user access rights in Vista

[Dan]

I've had four people using Vista beta test my software and all three have
reported problems related to not being able to write to the application
folder. All right, I can fix that if I have to and send everything to
AppData. The update utility for my software doesn't work since it can't
write the new executable to the installation folder. All right, I can use a
manifest to request admin rights for the app though it's unfortunate that
the user has to answer the "Do you really want to let this program have
admin rights?" question that will bid posed every time the updater runs.
But my app also has a critical time synch function that won't work due to
the user's rights being restricted. Getting around this is proving a
serious hassle. So my questions:

1) It appears that the default user account is a restricted account limiting
the above types of operations. Will every PC that is sold to home users be
configured like this in the box or will the default user accounts have the
same access rights as what customers get when they buy a PC with XP Home
today?

2) If it appears that the answer to question 1 is Microsoft plans to make
the default user account limited in the manner described above is this
carved in stone? It will break a LOT of existing applications and make it
very difficult for them to be updated to keep the same features while
running on Vista (the time synch feature being my biggest concern).

Is Microsoft taking feedback from independent developers on this and if so
where and how?

Thanks!

 

[Zack Whittaker \(R2 Mentor\)]

1) It appears that the default user account is a restricted account

limiting the above types of operations. Will every PC that is sold to
home users be configured like this in the box or will the default user
accounts have the same access rights as what customers get when they buy a
PC with XP Home today?

I believe so. Not sure if UAP (user account protection) will be on by
default in all versions, but it may well be.

2) If it appears that the answer to question 1 is Microsoft plans to make
the default user account limited in the manner described above is this
carved in stone? It will break a LOT of existing applications and make it
very difficult for them to be updated to keep the same features while
running on Vista (the time synch feature being my biggest concern).

Not necessarily. Applications should run just as they do on XP, except as an
extra security question to make sure they know that running an unsigned
application is dangerous yada yada. Check out this )
http://www.vistabase.co.uk/welcome.php?subcats/security/whatisuap

Is Microsoft taking feedback from independent developers on this and if so
where and how?

Yeh, http://go.microsoft.com/fwlink/?LinkId=43655 links to the Microsoft
Beta Client enabling you to anonymously file reports. If your Passport
account is not registered by Connect as on the beta program, it won't let
you file it, so make sure you tick the "Send this report anonymously" when
you do )

--
Zack Whittaker
» ZackNET Enterprises: www.zacknet.co.uk
» MSBlog on ResDev: www.msblog.org
» Vista Knowledge Base: www.vistabase.co.uk
» This mailing is provided "as is" with no warranties, and confers no
rights. All opinions expressed are those of myself unless stated so, and not
of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared
that up!


--- Original message follows ---

 

[Dan]

I believe so. Not sure if UAP (user account protection) will be on by
default in all versions, but it may well be.

By "I believe so" which do you mean? That the typical Vista machine sold to
home users will have these limitations or that they will have the same
access rights as today's XP Home systems come configured with?

Not necessarily. Applications should run just as they do on XP, except as
an extra security question to make sure they know that running an unsigned
application is dangerous yada yada. Check out this )
http://www.vistabase.co.uk/welcome.php?subcats/security/whatisuap

That extra security question is a major problem. My app can be configured
by the user to start when Windows starts and is designed to be able to run
unattended. Requiring an an interactive response from the user breaks this.

I read the article in the above link an there is no "Local Security Policy"
entry in the Control Panel nor can secpol.msc be found. I'm looking an an
XP Home SP2 system with all the latest patches.

Yeh, http://go.microsoft.com/fwlink/?LinkId=43655 links to the Microsoft
Beta Client enabling you to anonymously file reports. If your Passport
account is not registered by Connect as on the beta program, it won't let
you file it, so make sure you tick the "Send this report anonymously" when
you do )

Clicking the above link brings up a prompt to download and install Microsoft
Beta Client.msi. What is it and what will installing it on an XP Home
system do?

 

[Andre Da Costa [Extended64]]

The Microsoft BETA Client is used to report issues with Microsoft
pre-release software, you can install it on either Vista or XP Home and
report your issues anonymously as Zack recommended. Of course your reports
will not be taken into consideration since they are already swamped with
reports from the technical beta program.
--
--
Andre
Windows Connect | http://www.windowsconnected.com
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta

 

[Zack Whittaker \(R2 Mentor\)]

By "I believe so" which do you mean? That the typical Vista machine sold

to home users will have these limitations or that they will have the same
access rights as today's XP Home systems come configured with?

Sometimes it's not easy to give 100% accurate answers when there is still a
lot of speculation going round, as well as them not letting information
public. I say "I believe so" as in "more than 50% chance of it being
correct". That's usually enough to please the crowd )

I read the article in the above link an there is no "Local Security
Policy" entry in the Control Panel nor can secpol.msc be found. I'm
looking an an XP Home SP2 system with all the latest patches.

Control Panel > Administrative Tools. It's in there, and on an Home SP2
machine... no it's not there. Only on XP Pro.

--
Zack Whittaker
» ZackNET Enterprises: www.zacknet.co.uk
» MSBlog on ResDev: www.msblog.org
» Vista Knowledge Base: www.vistabase.co.uk
» This mailing is provided "as is" with no warranties, and confers no
rights. All opinions expressed are those of myself unless stated so, and not
of my employer, best friend, Ghandi, my mother or my cat. Glad we cleared
that up!


--- Original message follows ---

 

[Dan]

Sometimes it's not easy to give 100% accurate answers when there is still
a lot of speculation going round, as well as them not letting information
public. I say "I believe so" as in "more than 50% chance of it being
correct". That's usually enough to please the crowd )

Again, 50% chance of WHICH being correct? That the typical Vista machine
sold to home users will have these limitations or that they will have the
same access rights as today's XP Home systems come configured with? Which
answer are you giving?

 

[Homer J. Simpson]

Lovely, ain't it?

I've run the February CTP for an afternoon, and haven't installed *anything*
other than the OS itself. It's quite frustrating having to respond to this
"do you wish to allow [...] to run?" message every 45 seconds just
navigating around--again, I didn't have any third-party software installed
yet. If the OS won't trust itself, I can only imagine what the Vista
experience is gonna be like once you load up a few rogue apps.

Constantly asking clueless users for permission to allow things to run isn't
the way to implement security. They'll just get frustrated and blindly
click Yes on everything. I haven't really done any testing in that area,
but if you can disable these warnings by running under some admin account,
most people will do just that, leaving their systems wide open, and thus
most people's PCs are gonna end up as insecure as they are today, if not
more.





Heck, I'm tired of people calling me *today* every time their anti-virus
tells them it intercepted something and they don't know what to do about it
(the correct response: your anti-virus intercepted it, so there's nothing
for you to do except to stop visiting those porn sites). This will only
further confuse and scare your grandma away from using PCs.

 

[Homer J. Simpson]

Again, 50% chance of WHICH being correct?

LOL, heads or tails, what does it matter when the odds are the same for
either outcome?

 

[Steve Foster [SBS MVP]]

I've had four people using Vista beta test my software and all three have
reported problems related to not being able to write to the application
folder. All right, I can fix that if I have to and send everything to
AppData. The update utility for my software doesn't work since it can't
write the new executable to the installation folder. All right, I can use
a manifest to request admin rights for the app though it's unfortunate
that the user has to answer the "Do you really want to let this program
have admin rights?" question that will bid posed every time the updater
runs. But my app also has a critical time synch function that won't work
due to the user's rights being restricted. Getting around this is proving
a serious hassle. So my questions:

1) It appears that the default user account is a restricted account
limiting the above types of operations. Will every PC that is sold to
home users be configured like this in the box or will the default user
accounts have the same access rights as what customers get when they buy a
PC with XP Home today?

Vista implements the same basic security model as XP. Accounts belong to
one of a set of groups, and are granted a number of privileges. Different
groups have differing sets of default privileges.

The biggest difference in Vista is UAP, which effectively strips users of
any administrative privileges under normal circumstances.

If your application is built to work properly with XP security and not
rely on assumed administrative privileges, it should work ok on Vista.

However, as is clear from previous conversations, you do currently rely on
users running with administrative privileges. And therefore your
application will break in Vista (at least in an OOB configuration).

You are not alone in this, of course. There are lots of software vendors
who have still not yet fully adjusted to the NT security model. And there
are a whole bunch of network administrators like me cursing you all (and
trying to persuade you to "get with the program").

How often does your application need to self-update? There are very few
applications that _should_ need to do so on any kind of frequent basis
(anti-malware applications are the major ones), and most should expect
that an administrator would be the one performing updates. Is it really so
much hassle that updates must be approved? That aside, if your application
installs a service of any kind, that can have the necessary privileges to
update itself, and Windows Installer has capabilities to support
self-updates too (IIRC, it's called "elevated privileges").

If you can make your application work on XP with a regular User account
(ie no administrative privileges), the likelihood of Vista breaking it
will drop dramatically.

2) If it appears that the answer to question 1 is Microsoft plans to make
the default user account limited in the manner described above is this
carved in stone? It will break a LOT of existing applications and make it
very difficult for them to be updated to keep the same features while
running on Vista (the time synch feature being my biggest concern).

Ability to change the system clock is (AIUI) one of the privileges that
will be added to the default privileges of a regular user account. Though
I'm struggling to understand why any developer would be building time
synchronisation features into an application when the OS has the ability
to do so natively. I would not regard the system time to be any business
of an application. Having said that, there's nothing preventing you from
adding that privilege to the Users group during installation.

 

[Dan]

Dan wrote:


Vista implements the same basic security model as XP. Accounts belong to
one of a set of groups, and are granted a number of privileges. Different
groups have differing sets of default privileges.

The biggest difference in Vista is UAP, which effectively strips users of
any administrative privileges under normal circumstances.

And that is an enormous difference. It's far from "the same basic security
model as XP". It certainly is a different user experience than most XP
users have.

If your application is built to work properly with XP security and not
rely on assumed administrative privileges, it should work ok on Vista.

Nobody is reporting problems on XP. But ever Vista tester is. Aren't most
home users administrators of their computers? I'm not selling a product
that is installed in corporate offices.

However, as is clear from previous conversations, you do currently rely on
users running with administrative privileges. And therefore your
application will break in Vista (at least in an OOB configuration).

You are not alone in this, of course. There are lots of software vendors
who have still not yet fully adjusted to the NT security model. And there
are a whole bunch of network administrators like me cursing you all (and
trying to persuade you to "get with the program").

My users don't have network administrators. They are home users. If I
understand you they will have these problems even though they are not in a
corporate environment, right?

How often does your application need to self-update?

Sometimes two or three times a month.

There are very few applications that _should_ need to do so on any kind of
frequent basis (anti-malware applications are the major ones), and most
should expect that an administrator would be the one performing updates.
Is it really so much hassle that updates must be approved?

As long as grandma sitting in front of her PC isn't scared by the by the
warning from the OS. I suppose I'll have my update utility warn the user
about the warning they will be getting on Vista.

If you can make your application work on XP with a regular User account
(ie no administrative privileges), the likelihood of Vista breaking it
will drop dramatically.

Define a "regular user account". If you go to CompUSA and buy a PC with XP
Home on it will you have admin privileges when you boot it up? To me a
"regular user account" is the account a user will have when they plug in
their PC for the first time.

Ability to change the system clock is (AIUI) one of the privileges that
will be added to the default privileges of a regular user account. Though
I'm struggling to understand why any developer would be building time
synchronisation features into an application when the OS has the ability
to do so natively.

My application performs online bidding for the user on eBay. It times bids
for the last few moments of the auction. If the clock is off by just a
couple seconds it can cause the bid to be placed too late. So my app synchs
the clock 5 minutes before each bid operation. It's crititical to the
success of the software. I have seen log files from users where their
system time slips several seconds an hour. Just synching the clock once a
day won't cut it due to the precision required by my app.

I would not regard the system time to be any business of an application.
Having said that, there's nothing preventing you from adding that
privilege to the Users group during installation.

I was not aware I could do that. How do I do it?