Vista development issues - general issues/questions

  • Thread starter Thread starter Viviana Vc
  • Start date Start date
V

Viviana Vc

Hi all,

I've read the WindowsVistaUACDevReqs.doc documentation and I have done
different small tests on Vista to understand the bahaviour and now I
have a few questions.

1) If I create a dummy console application that creates a file in
Program Files directory, this one will succeed and will create the file
b/c of the virtualization.
But, if I do the following call in a console window (a.exe contains just
a printf):
C:>a.exe > "C:\Program Files\a.txt"
I get "access denied", probably b/c the a.txt file can't be created in
Program Files.
Why doesn't this one also succeed like the above one?

2) In WindowsVistaUACDevReqs.doc is stated that "Virtualization is only
enabled for the following: [...] 32-bit interactive processes [...]".
How can one define a process being interactive?

3) In WindowsVistaUACDevReqs.doc is stated that on Vista Windows
Explorer will show to the user the "global view" of a directory which
means when browsing to Program Files the user will see besides the real
content of Program Files dir, also what's in virtualized forlder
(%LOCALAPPDATA%\VirtualStore). I have a Windows Vista default
installation, and I do NOT see with Windows Explorer the virtualized
files when browsing for instance in Program Files, only the real content
of Program Files folder. Why is that?

4) Nowhere is written that now it's better to use ShelExecute() instead
of CreateProcesss(), but along the doc it's mentioned only
ShellExecute(), so I assume now, for Vista, using ShellExecute() is
somehow a requirement. I did some tests, and indeed if process1 with a
manifest "asInvoker" launches using CreateProcess() process2 with a
manifest "requireAdministrator", the CreateProcess() call fails with
ERROR_ELEVATION_REQUIRED.
So, am I correct when I'm saying that for compatibility with Vista one
should always use ShellExecute() _or_ ShellExecuteEx() when launching
another process?

5) In MSDNL and on codeguru is written for ShellExecuteEx() that it
returns a handle to the new created process but this is not guaranteed:
"'ShellExecuteEx()' provides only a handle to the process but
unfortunately it is not guaranteed and is depending on several options
you can set within the 'SHELLEXECUTEINFO' structure."
I have an myapp.exe that launches different other applications and then
myapp.exe has to babysit these launched applications, so I need to be
sure that ShellExecuteEx() will always return a handle and this one is
"trustable". Can I be sure about that?

6) My tests show that the right-click in Windows Explorer -> "Run as
administrator" always overwrites the exe's manifest. Is this correct?
(for instance if the exe has "highestAvailable" and the current user is
a dummy user, still the exe will run as administrator)

7) On
http://technet2.microsoft.com/Windo...2b2f-422c-b70e-b18ff918c2811033.mspx?mfr=true
is written: "Note:Windows Vista protects %systemroot% files and folders
with permissions designed for Windows Resource Protection (WRP), which
can only be accessed by the System service. Administrators can read
system files and folders but cannot write to them. Note that this
differs from previous versions of Windows."
Later in the same article is written what an Administrator can do and
it's "Copy or move files into the Program Files or Windows directory".
So then which one is it? As my tests show the second statement is
correct, meaning an admin can write and delete files from
Windows\system32 directory for instance.

8) An application that runs as standard user can't normally write
something in let's say "C:\Program Files\MyApp" directory. But if I use
cacls.exe to change the rights for this directory, then the application
will be able to write in the directory. Is that corect?

9) Is there any way to detect if the current user is part of the
administrator group? I mean, I have for instance a mother-app with
"asInvoker" that runs an app that is applying a patch, so that apply-app
needs admin rights and let's say the current user doesn't know the
credentials so the user dismisses the application. At this point I don't
want my mother-app to bother any user anymore, unless he is an admin
that only needs to consent for the app to run. So, in my mother-app I
want to check if the current user is from admin group and only if he is
to run the apply-app. Can smth like this be done?

10) On http://channel9.msdn.com/Showpost.aspx?postid=209647 is said:
"you could shut-down your original application and restarted with
elevation". How can you do that? Once you have a manifest for that exe
you can't change it on runtime right?

11) How can I add to the YES button of a MessageBox a
Vista-requireAdmin-shield? For instance "Would you like to do those
settings now?" YES/NO. If user presses YES a new app is launched that
needs elevation. This is why I would put the shield on the YES button of
the MsgBox dialog. How can I do that?

12) In WindowsVistaUACDevReqs.doc is written: "Add a Shield Icon to a
Task Dialog Button
Caution
A task dialog button should never require a UAC shield icon"
What is a "Task Dialog Button"?

13) In WindowsVistaUACDevReqs.doc is written:
"Virtualization Reference
File virtualization
[...]
Excluded binary executables: .exe, .dll, .sys"
What does this mean? that those files are excluded? Aren't they
virtualized? If not, what happens with them?

Sorry for the long post.
Thank you in advance,
Viv
 
I think that some of the newsgroups you cross-posted to won't get replies due to different servers. This means that you might get duplicate answers and the people trying to help would prefer to not answer a question that already has an answer. I am replying from microsoft.public.platformsdk.base and I think the reply won't get to any of the comp.* newsgroups.

Also, I think that the microsoft.public.dotnet.general, microsoft.public.vstudio.development and microsoft.public.vstudio.general newsgroups would say that the questions are off-topic for those newsgroups. If any of the questions are on-topic for any of those newsgroups then separate threads should be used.

I also think it is best to ask only one question in each thread, for many reasons.
 
As for question 1, please check your assumptions. Please be totally sure
that the directory your program is using is the one you say it is using.
Also look at the security of that directory.

I think that questions 2 and 3 are not programming questions.

As for question 4, it seems that you have not read the Platform SDK
documentation of the SDK functions.

As for question 5, if you read the documentation carefully you will likely
understand that a handle is not returned when it is not possible. There are
many uses of ShellExecuteEx and you are jumping to the conclusion that not
returning a handle is a problem. You really need to learn more about those
things before asking.

As for question 9, read the documentation of Windows security in the SDK
documentation. There is a sample there.

You must read more than the WindowsVistaUACDevReqs.doc; it is not the
documentation.


Viviana Vc said:
Hi all,

I've read the WindowsVistaUACDevReqs.doc documentation and I have done
different small tests on Vista to understand the bahaviour and now I
have a few questions.

1) If I create a dummy console application that creates a file in
Program Files directory, this one will succeed and will create the file
b/c of the virtualization.
But, if I do the following call in a console window (a.exe contains just
a printf):
C:>a.exe > "C:\Program Files\a.txt"
I get "access denied", probably b/c the a.txt file can't be created in
Program Files.
Why doesn't this one also succeed like the above one?

2) In WindowsVistaUACDevReqs.doc is stated that "Virtualization is only
enabled for the following: [...] 32-bit interactive processes [...]".
How can one define a process being interactive?

3) In WindowsVistaUACDevReqs.doc is stated that on Vista Windows
Explorer will show to the user the "global view" of a directory which
means when browsing to Program Files the user will see besides the real
content of Program Files dir, also what's in virtualized forlder
(%LOCALAPPDATA%\VirtualStore). I have a Windows Vista default
installation, and I do NOT see with Windows Explorer the virtualized
files when browsing for instance in Program Files, only the real content
of Program Files folder. Why is that?

4) Nowhere is written that now it's better to use ShelExecute() instead
of CreateProcesss(), but along the doc it's mentioned only
ShellExecute(), so I assume now, for Vista, using ShellExecute() is
somehow a requirement. I did some tests, and indeed if process1 with a
manifest "asInvoker" launches using CreateProcess() process2 with a
manifest "requireAdministrator", the CreateProcess() call fails with
ERROR_ELEVATION_REQUIRED.
So, am I correct when I'm saying that for compatibility with Vista one
should always use ShellExecute() _or_ ShellExecuteEx() when launching
another process?

5) In MSDNL and on codeguru is written for ShellExecuteEx() that it
returns a handle to the new created process but this is not guaranteed:
"'ShellExecuteEx()' provides only a handle to the process but
unfortunately it is not guaranteed and is depending on several options
you can set within the 'SHELLEXECUTEINFO' structure."
I have an myapp.exe that launches different other applications and then
myapp.exe has to babysit these launched applications, so I need to be
sure that ShellExecuteEx() will always return a handle and this one is
"trustable". Can I be sure about that?

6) My tests show that the right-click in Windows Explorer -> "Run as
administrator" always overwrites the exe's manifest. Is this correct?
(for instance if the exe has "highestAvailable" and the current user is
a dummy user, still the exe will run as administrator)

7) On
http://technet2.microsoft.com/Windo...2b2f-422c-b70e-b18ff918c2811033.mspx?mfr=true
is written: "Note:Windows Vista protects %systemroot% files and folders
with permissions designed for Windows Resource Protection (WRP), which
can only be accessed by the System service. Administrators can read
system files and folders but cannot write to them. Note that this
differs from previous versions of Windows."
Later in the same article is written what an Administrator can do and
it's "Copy or move files into the Program Files or Windows directory".
So then which one is it? As my tests show the second statement is
correct, meaning an admin can write and delete files from
Windows\system32 directory for instance.

8) An application that runs as standard user can't normally write
something in let's say "C:\Program Files\MyApp" directory. But if I use
cacls.exe to change the rights for this directory, then the application
will be able to write in the directory. Is that corect?

9) Is there any way to detect if the current user is part of the
administrator group? I mean, I have for instance a mother-app with
"asInvoker" that runs an app that is applying a patch, so that apply-app
needs admin rights and let's say the current user doesn't know the
credentials so the user dismisses the application. At this point I don't
want my mother-app to bother any user anymore, unless he is an admin
that only needs to consent for the app to run. So, in my mother-app I
want to check if the current user is from admin group and only if he is
to run the apply-app. Can smth like this be done?

10) On http://channel9.msdn.com/Showpost.aspx?postid=209647 is said:
"you could shut-down your original application and restarted with
elevation". How can you do that? Once you have a manifest for that exe
you can't change it on runtime right?

11) How can I add to the YES button of a MessageBox a
Vista-requireAdmin-shield? For instance "Would you like to do those
settings now?" YES/NO. If user presses YES a new app is launched that
needs elevation. This is why I would put the shield on the YES button of
the MsgBox dialog. How can I do that?

12) In WindowsVistaUACDevReqs.doc is written: "Add a Shield Icon to a
Task Dialog Button
Caution
A task dialog button should never require a UAC shield icon"
What is a "Task Dialog Button"?

13) In WindowsVistaUACDevReqs.doc is written:
"Virtualization Reference
File virtualization
[...]
Excluded binary executables: .exe, .dll, .sys"
What does this mean? that those files are excluded? Aren't they
virtualized? If not, what happens with them?

Sorry for the long post.
Thank you in advance,
Viv
Click to expand...
 
Would be nice if you were actually helpfull instead of snotty. But
basing on your other related post this is not in your makeup.

Henryk Birecki

Sam Hobbs said:
As for question 1, please check your assumptions. Please be totally sure
that the directory your program is using is the one you say it is using.
Also look at the security of that directory.

I think that questions 2 and 3 are not programming questions.

As for question 4, it seems that you have not read the Platform SDK
documentation of the SDK functions.

As for question 5, if you read the documentation carefully you will likely
understand that a handle is not returned when it is not possible. There are
many uses of ShellExecuteEx and you are jumping to the conclusion that not
returning a handle is a problem. You really need to learn more about those
things before asking.

As for question 9, read the documentation of Windows security in the SDK
documentation. There is a sample there.

You must read more than the WindowsVistaUACDevReqs.doc; it is not the
documentation.


Viviana Vc said:
Hi all,

I've read the WindowsVistaUACDevReqs.doc documentation and I have done
different small tests on Vista to understand the bahaviour and now I
have a few questions.

1) If I create a dummy console application that creates a file in
Program Files directory, this one will succeed and will create the file
b/c of the virtualization.
But, if I do the following call in a console window (a.exe contains just
a printf):
C:>a.exe > "C:\Program Files\a.txt"
I get "access denied", probably b/c the a.txt file can't be created in
Program Files.
Why doesn't this one also succeed like the above one?

2) In WindowsVistaUACDevReqs.doc is stated that "Virtualization is only
enabled for the following: [...] 32-bit interactive processes [...]".
How can one define a process being interactive?

3) In WindowsVistaUACDevReqs.doc is stated that on Vista Windows
Explorer will show to the user the "global view" of a directory which
means when browsing to Program Files the user will see besides the real
content of Program Files dir, also what's in virtualized forlder
(%LOCALAPPDATA%\VirtualStore). I have a Windows Vista default
installation, and I do NOT see with Windows Explorer the virtualized
files when browsing for instance in Program Files, only the real content
of Program Files folder. Why is that?

4) Nowhere is written that now it's better to use ShelExecute() instead
of CreateProcesss(), but along the doc it's mentioned only
ShellExecute(), so I assume now, for Vista, using ShellExecute() is
somehow a requirement. I did some tests, and indeed if process1 with a
manifest "asInvoker" launches using CreateProcess() process2 with a
manifest "requireAdministrator", the CreateProcess() call fails with
ERROR_ELEVATION_REQUIRED.
So, am I correct when I'm saying that for compatibility with Vista one
should always use ShellExecute() _or_ ShellExecuteEx() when launching
another process?

5) In MSDNL and on codeguru is written for ShellExecuteEx() that it
returns a handle to the new created process but this is not guaranteed:
"'ShellExecuteEx()' provides only a handle to the process but
unfortunately it is not guaranteed and is depending on several options
you can set within the 'SHELLEXECUTEINFO' structure."
I have an myapp.exe that launches different other applications and then
myapp.exe has to babysit these launched applications, so I need to be
sure that ShellExecuteEx() will always return a handle and this one is
"trustable". Can I be sure about that?

6) My tests show that the right-click in Windows Explorer -> "Run as
administrator" always overwrites the exe's manifest. Is this correct?
(for instance if the exe has "highestAvailable" and the current user is
a dummy user, still the exe will run as administrator)

7) On
http://technet2.microsoft.com/Windo...2b2f-422c-b70e-b18ff918c2811033.mspx?mfr=true
is written: "Note:Windows Vista protects %systemroot% files and folders
with permissions designed for Windows Resource Protection (WRP), which
can only be accessed by the System service. Administrators can read
system files and folders but cannot write to them. Note that this
differs from previous versions of Windows."
Later in the same article is written what an Administrator can do and
it's "Copy or move files into the Program Files or Windows directory".
So then which one is it? As my tests show the second statement is
correct, meaning an admin can write and delete files from
Windows\system32 directory for instance.

8) An application that runs as standard user can't normally write
something in let's say "C:\Program Files\MyApp" directory. But if I use
cacls.exe to change the rights for this directory, then the application
will be able to write in the directory. Is that corect?

9) Is there any way to detect if the current user is part of the
administrator group? I mean, I have for instance a mother-app with
"asInvoker" that runs an app that is applying a patch, so that apply-app
needs admin rights and let's say the current user doesn't know the
credentials so the user dismisses the application. At this point I don't
want my mother-app to bother any user anymore, unless he is an admin
that only needs to consent for the app to run. So, in my mother-app I
want to check if the current user is from admin group and only if he is
to run the apply-app. Can smth like this be done?

10) On http://channel9.msdn.com/Showpost.aspx?postid=209647 is said:
"you could shut-down your original application and restarted with
elevation". How can you do that? Once you have a manifest for that exe
you can't change it on runtime right?

11) How can I add to the YES button of a MessageBox a
Vista-requireAdmin-shield? For instance "Would you like to do those
settings now?" YES/NO. If user presses YES a new app is launched that
needs elevation. This is why I would put the shield on the YES button of
the MsgBox dialog. How can I do that?

12) In WindowsVistaUACDevReqs.doc is written: "Add a Shield Icon to a
Task Dialog Button
Caution
A task dialog button should never require a UAC shield icon"
What is a "Task Dialog Button"?

13) In WindowsVistaUACDevReqs.doc is written:
"Virtualization Reference
File virtualization
[...]
Excluded binary executables: .exe, .dll, .sys"
What does this mean? that those files are excluded? Aren't they
virtualized? If not, what happens with them?

Sorry for the long post.
Thank you in advance,
Viv
Click to expand...
Click to expand...
 
Note that I did not use a word such as "snotty". The words I did use are
very common in replies such as this.

I don't believe in rewarding people for asking for help without first doing
the work they are supposed to do.

I consider it to be rude to be careless about what newsgroups a question is
cross-posted to. I consider it rude to combine so many questions into one
thread. I did not express those opinions, and I know that most people that
try to help do get frustrated when someone does not read the documentation.

So except for stating that it is appropriate to first read the
documentation, what is "snotty"? Can you be specific? It would help very
much to know what in particular you consider to be innapropriate. Just
calling it all "snotty" does not help.


Henryk Birecki said:
Would be nice if you were actually helpfull instead of snotty. But
basing on your other related post this is not in your makeup.

Henryk Birecki

Sam Hobbs said:
As for question 1, please check your assumptions. Please be totally sure
that the directory your program is using is the one you say it is using.
Also look at the security of that directory.

I think that questions 2 and 3 are not programming questions.

As for question 4, it seems that you have not read the Platform SDK
documentation of the SDK functions.

As for question 5, if you read the documentation carefully you will likely
understand that a handle is not returned when it is not possible. There
are
many uses of ShellExecuteEx and you are jumping to the conclusion that not
returning a handle is a problem. You really need to learn more about those
things before asking.

As for question 9, read the documentation of Windows security in the SDK
documentation. There is a sample there.

You must read more than the WindowsVistaUACDevReqs.doc; it is not the
documentation.


Viviana Vc said:
Hi all,

I've read the WindowsVistaUACDevReqs.doc documentation and I have done
different small tests on Vista to understand the bahaviour and now I
have a few questions.

1) If I create a dummy console application that creates a file in
Program Files directory, this one will succeed and will create the file
b/c of the virtualization.
But, if I do the following call in a console window (a.exe contains just
a printf):
C:>a.exe > "C:\Program Files\a.txt"
I get "access denied", probably b/c the a.txt file can't be created in
Program Files.
Why doesn't this one also succeed like the above one?

2) In WindowsVistaUACDevReqs.doc is stated that "Virtualization is only
enabled for the following: [...] 32-bit interactive processes [...]".
How can one define a process being interactive?

3) In WindowsVistaUACDevReqs.doc is stated that on Vista Windows
Explorer will show to the user the "global view" of a directory which
means when browsing to Program Files the user will see besides the real
content of Program Files dir, also what's in virtualized forlder
(%LOCALAPPDATA%\VirtualStore). I have a Windows Vista default
installation, and I do NOT see with Windows Explorer the virtualized
files when browsing for instance in Program Files, only the real content
of Program Files folder. Why is that?

4) Nowhere is written that now it's better to use ShelExecute() instead
of CreateProcesss(), but along the doc it's mentioned only
ShellExecute(), so I assume now, for Vista, using ShellExecute() is
somehow a requirement. I did some tests, and indeed if process1 with a
manifest "asInvoker" launches using CreateProcess() process2 with a
manifest "requireAdministrator", the CreateProcess() call fails with
ERROR_ELEVATION_REQUIRED.
So, am I correct when I'm saying that for compatibility with Vista one
should always use ShellExecute() _or_ ShellExecuteEx() when launching
another process?

5) In MSDNL and on codeguru is written for ShellExecuteEx() that it
returns a handle to the new created process but this is not guaranteed:
"'ShellExecuteEx()' provides only a handle to the process but
unfortunately it is not guaranteed and is depending on several options
you can set within the 'SHELLEXECUTEINFO' structure."
I have an myapp.exe that launches different other applications and then
myapp.exe has to babysit these launched applications, so I need to be
sure that ShellExecuteEx() will always return a handle and this one is
"trustable". Can I be sure about that?

6) My tests show that the right-click in Windows Explorer -> "Run as
administrator" always overwrites the exe's manifest. Is this correct?
(for instance if the exe has "highestAvailable" and the current user is
a dummy user, still the exe will run as administrator)

7) On
http://technet2.microsoft.com/Windo...2b2f-422c-b70e-b18ff918c2811033.mspx?mfr=true
is written: "Note:Windows Vista protects %systemroot% files and folders
with permissions designed for Windows Resource Protection (WRP), which
can only be accessed by the System service. Administrators can read
system files and folders but cannot write to them. Note that this
differs from previous versions of Windows."
Later in the same article is written what an Administrator can do and
it's "Copy or move files into the Program Files or Windows directory".
So then which one is it? As my tests show the second statement is
correct, meaning an admin can write and delete files from
Windows\system32 directory for instance.

8) An application that runs as standard user can't normally write
something in let's say "C:\Program Files\MyApp" directory. But if I use
cacls.exe to change the rights for this directory, then the application
will be able to write in the directory. Is that corect?

9) Is there any way to detect if the current user is part of the
administrator group? I mean, I have for instance a mother-app with
"asInvoker" that runs an app that is applying a patch, so that apply-app
needs admin rights and let's say the current user doesn't know the
credentials so the user dismisses the application. At this point I don't
want my mother-app to bother any user anymore, unless he is an admin
that only needs to consent for the app to run. So, in my mother-app I
want to check if the current user is from admin group and only if he is
to run the apply-app. Can smth like this be done?

10) On http://channel9.msdn.com/Showpost.aspx?postid=209647 is said:
"you could shut-down your original application and restarted with
elevation". How can you do that? Once you have a manifest for that exe
you can't change it on runtime right?

11) How can I add to the YES button of a MessageBox a
Vista-requireAdmin-shield? For instance "Would you like to do those
settings now?" YES/NO. If user presses YES a new app is launched that
needs elevation. This is why I would put the shield on the YES button of
the MsgBox dialog. How can I do that?

12) In WindowsVistaUACDevReqs.doc is written: "Add a Shield Icon to a
Task Dialog Button
Caution
A task dialog button should never require a UAC shield icon"
What is a "Task Dialog Button"?

13) In WindowsVistaUACDevReqs.doc is written:
"Virtualization Reference
File virtualization
[...]
Excluded binary executables: .exe, .dll, .sys"
What does this mean? that those files are excluded? Aren't they
virtualized? If not, what happens with them?

Sorry for the long post.
Thank you in advance,
Viv
Click to expand...
Click to expand...
Click to expand...
 
Back
Top