Windows Security Forced down developers troaths.
-
Uhh, you know that you can turn off virtualization in the app manifest? In fact, having any UAC manifest at all will disable virtualization. It's only there for compatibility with WinXP applications that store their settings in HKEY_LOCAL_MACHINE despite not being intended for use my multiple users. You can use task manager to see if a process has virtualization enabled (View > Select Columns > UAC Virtualization).
Unfortunately we can't do that in our environment. Our application is required to run un-privileged. We've reviewed any number of techniques to get around this issue with some of our more clinically paranoid security-conscious customers, and they nixed anything that sounded like disabling or defeaturing UAC (even on a per-process basis).
Software Zen:
delete this; -
Uhh, couldn't you just change the security on the registry key if you want to grant access to all users? Seems way easier than installing a service to me...
Services are not that much extra work, there are just a few guidelines to follow and supporting a modest message handling interface. They are excellent for background tasks, especially in the context that Gary described. I can see your point about the simplicity in the solutions you have suggested. I think the general problem is most developers dont understand what they're mucking with to begin with when they are playing with the files in /Windows, /Public Files, or HKEY_LOCAL_MACHINE registry. They are all just a means to an end, and I am sure that leads to quite a bit of the instabilities that people experience with Windows (not all :)) I am pretty happy with the security mechanisms that MS has put in place. None of the issues are insurmountable to work around without disabling them. These features aren't all that different than user and group level access to files and directories found in UNIX and LINUX variants.
All of my software is powered by a single Watt.
-
Unfortunately we can't do that in our environment. Our application is required to run un-privileged. We've reviewed any number of techniques to get around this issue with some of our more clinically paranoid security-conscious customers, and they nixed anything that sounded like disabling or defeaturing UAC (even on a per-process basis).
Software Zen:
delete this;Having a UAC manifest does not imply your application is running privileged or will cause any prompt. It simply means "this program is compatible with Vista, turn off that damn virtualization". Here is an example manifest that turns off virtualization but does not cause any elevation or UAC prompt:
<?xml version="1.0" encoding="utf-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>By the way, this manifest is embedded by default in all new projects created with VS 2008 or higher. And don't worry about
uiAccess="false"- that doesn't mean your process can't display a UI, it just means your process cannot access the UI of other (elevated) processes. Edit: here's the documentation on UAC manifests: http://msdn.microsoft.com/en-us/library/bb756929.aspx[^] -
Been there, do that with our current product. Our architecture was already that style, so adapting to Win7 wasn't terribly painful. The worst part was our product stores a fair amount of configuration information in the registry under
HKEY_LOCAL_MACHINE, which is virtualized to a key underHKEY_CURRENT_USERfor user applications. This means our services and our UI app couldn't share this information, so we cheated. We now have a service that the UI talks to via a TCP/IP socket when it needs to access the registry underHKEY_LOCAL_MACHINE. One bit of serendipity is that we have a registry class that wraps the Win32 registry API. Now, when the app runs under Win7, it talks to the service instead. None of the UI application needs to be aware that the registry service even exists. We don't even notice the difference in performance, since we don't do registry access all that frequently, and the operations have only gone from dozens of microseconds to a couple hundred. Oh, and our application continues to run without requiring elevated privileges as a 'normal' user.Software Zen:
delete this;I wouldn't call it serendipity at all, it seems to me that was the right design to use and you simply created a solution that just "Works". Applications shouldn't require elevated privileges to run, it just causes all sorts of incompatibilities. Visual Studio for instance, I occasionally use this plug-in that doesn't function properly unless I start VS in admin mode (on Vista). Well by doing that, all of the other user mode apps that I am running, including Windows Explorer can't properly interface with VS anymore. Drag-and-Drop file support from and open explorer window onto VS will fail becaues of the differences in security levels.
All of my software is powered by a single Watt.
-
Services are not that much extra work, there are just a few guidelines to follow and supporting a modest message handling interface. They are excellent for background tasks, especially in the context that Gary described. I can see your point about the simplicity in the solutions you have suggested. I think the general problem is most developers dont understand what they're mucking with to begin with when they are playing with the files in /Windows, /Public Files, or HKEY_LOCAL_MACHINE registry. They are all just a means to an end, and I am sure that leads to quite a bit of the instabilities that people experience with Windows (not all :)) I am pretty happy with the security mechanisms that MS has put in place. None of the issues are insurmountable to work around without disabling them. These features aren't all that different than user and group level access to files and directories found in UNIX and LINUX variants.
All of my software is powered by a single Watt.
A service is much more complex than turning off virtualization and granting permissions to a registry key. And when that service uses TCP sockets, you'll have to worry about security issues in that service - if not written carefully, it might be remotely exploitable.
Paul Watt wrote:
I think the general problem is most developers dont understand what they're mucking with to begin with
Yes, that's the problem. Almost no one bothers to understand UAC before trying to find workarounds for it. Some reading of the UAC documentation[^] would have helped eliminating some elaborate workarounds. The above combined with some knowledge of the Windows Task Scheduler could probably get rid of half of the "updater" background services currently running on my machine.
-
Having a UAC manifest does not imply your application is running privileged or will cause any prompt. It simply means "this program is compatible with Vista, turn off that damn virtualization". Here is an example manifest that turns off virtualization but does not cause any elevation or UAC prompt:
<?xml version="1.0" encoding="utf-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>By the way, this manifest is embedded by default in all new projects created with VS 2008 or higher. And don't worry about
uiAccess="false"- that doesn't mean your process can't display a UI, it just means your process cannot access the UI of other (elevated) processes. Edit: here's the documentation on UAC manifests: http://msdn.microsoft.com/en-us/library/bb756929.aspx[^]Thanks, Daniel. I'm going to look into this when I get into work tomorrow. I'm afraid that when I did my original research, I didn't find any mention of doing this with a manifest, other than signaling that my app requires admin privileges, which I'm not allowed to do. The hard part may be telling my minion that his four weeks on work on the registry service :wtf: (I can hardly believe it myself) are being chucked in the can.
Software Zen:
delete this; -
I wouldn't call it serendipity at all, it seems to me that was the right design to use and you simply created a solution that just "Works". Applications shouldn't require elevated privileges to run, it just causes all sorts of incompatibilities. Visual Studio for instance, I occasionally use this plug-in that doesn't function properly unless I start VS in admin mode (on Vista). Well by doing that, all of the other user mode apps that I am running, including Windows Explorer can't properly interface with VS anymore. Drag-and-Drop file support from and open explorer window onto VS will fail becaues of the differences in security levels.
All of my software is powered by a single Watt.
Think the comments in this thread sums up the lack of sensible design by the Microsoft developers. If the people who are going to write for the system can't understand its complexities (or don't have time to learn them!) then that in itself is a very real security risk. Comments here show that. The best security is simple security that people understand!
-
Hi, We run a small business, providing Sales Terminals, ShopFloor Terminalst etc. for European Laundrettes and Drycleaners. None of the terminals are likely to be connected to the Internet, the vast majority are Stand Alone, a few have several terminals (Limited to 16), which operate over the network on a File Share basis. It is one of the licensing conditions that each machine has No other software installed but which came witht the OS, and that no machine is attached to an external network. The first version was developed for DOS, we went thru Win 3.1(Great Improvement), Win95/98 (Hard Job, but worth the Effort) to Windows XP. Here it realy excelled. The NT File System was a major improvement, Getting Rid of 'Sections' and a Flat Memory Model took a while to weed out, but the benefits were clear to see. Then we got Vista. Prior to Vista, we had Computers, owned by the business, organised around our More than Adequate security Model, but, Vista interfered, demanding Confirmation at every Step. We immediately dismissed Vista, it is still on our list of Un-Supported Systems. At the moment we have an 'Unsurpassed Supply' of Windows XP Computers, which we recycle, retaining the Windows XP OS. Now, This will come to an end, sooner or later. Does anyone have any idea how to knobble the (un wanted) Windows 7 Security System, so as to allow me to Create,Write and Modify ANY File or Registry Entry, without an Inappropriate Security question inbetween. Microsoft has developed an Operating system that is geared around the likes of Insurance Sales men, Dipping In and Out of office boots, and by logging in, getting their personal settings back, wherever in the world. The businesses we supply to have vastly different requirements, the main one being, that it has One and only One Administrator, an No Other User Accounts. I can fully understand the benefit of Windows Security for the type of application where internet activity is expected, however, why is that aditional security not offered as an installation option, so that those who deem they do not need it, can avoid it. That type of Security Architecture, when it is enforced ( Vista Win 8) rather than Optional (Win XP) is precisely what is causing people to recycle Old Software, start looking at Linux, etc. Seeing all the CutBack versions of Win7 now for sale, Why can MS not supply a Version, with No Security Restrictions, and a Free Access for All on a small LAN.(mayBe blocked from running WAN and INET options) There is a Lot of activity around the world
Hmm sounds like a perfect job for Linux. Have you ever considered using Linux?
The best way to accelerate a Macintosh is at 9.8m/sec-sec - Marcus Dolengo
-
Hi, We run a small business, providing Sales Terminals, ShopFloor Terminalst etc. for European Laundrettes and Drycleaners. None of the terminals are likely to be connected to the Internet, the vast majority are Stand Alone, a few have several terminals (Limited to 16), which operate over the network on a File Share basis. It is one of the licensing conditions that each machine has No other software installed but which came witht the OS, and that no machine is attached to an external network. The first version was developed for DOS, we went thru Win 3.1(Great Improvement), Win95/98 (Hard Job, but worth the Effort) to Windows XP. Here it realy excelled. The NT File System was a major improvement, Getting Rid of 'Sections' and a Flat Memory Model took a while to weed out, but the benefits were clear to see. Then we got Vista. Prior to Vista, we had Computers, owned by the business, organised around our More than Adequate security Model, but, Vista interfered, demanding Confirmation at every Step. We immediately dismissed Vista, it is still on our list of Un-Supported Systems. At the moment we have an 'Unsurpassed Supply' of Windows XP Computers, which we recycle, retaining the Windows XP OS. Now, This will come to an end, sooner or later. Does anyone have any idea how to knobble the (un wanted) Windows 7 Security System, so as to allow me to Create,Write and Modify ANY File or Registry Entry, without an Inappropriate Security question inbetween. Microsoft has developed an Operating system that is geared around the likes of Insurance Sales men, Dipping In and Out of office boots, and by logging in, getting their personal settings back, wherever in the world. The businesses we supply to have vastly different requirements, the main one being, that it has One and only One Administrator, an No Other User Accounts. I can fully understand the benefit of Windows Security for the type of application where internet activity is expected, however, why is that aditional security not offered as an installation option, so that those who deem they do not need it, can avoid it. That type of Security Architecture, when it is enforced ( Vista Win 8) rather than Optional (Win XP) is precisely what is causing people to recycle Old Software, start looking at Linux, etc. Seeing all the CutBack versions of Win7 now for sale, Why can MS not supply a Version, with No Security Restrictions, and a Free Access for All on a small LAN.(mayBe blocked from running WAN and INET options) There is a Lot of activity around the world
You've said your application shouldn't run with elevated privileges, but you seem to then want it to do things that require elevated privileges. To be frank, are you sure the problem is the design of the Windows security model rather than the design of your application? I can't say I quite understand why a shop floor application would ever need to do things with which the Windows security model would interfere. Why are you storing user-level data in places that create UAC prompts? The entire "one, administrative user" model is so clearly flawed I am very surprised you are still going down that road when modern operating systems allow you to do better. Do you really want users on the shop floor running as administrators? I should think not; the administrative account should only be used by, well, you, when you are installing and configuring this stuff, and the application itself ought to be running as a regular, non-privileged user, always. Security protections, including UAC, aren't just about the Internet, they are also about the users, the public, whoever is using the computer, and what they can do to the machine. I should think you'd be well aware that users will do just about anything they can to a computer system, and in that regard, Windows 7 is a vast improvement over earlier operating systems in which systems of the type you describe had no way of truly locking them down. So I think you'd need to provide a little more explanation or justification before you've demonstrated that Windows is actually the real problem here.
-
Hi, We run a small business, providing Sales Terminals, ShopFloor Terminalst etc. for European Laundrettes and Drycleaners. None of the terminals are likely to be connected to the Internet, the vast majority are Stand Alone, a few have several terminals (Limited to 16), which operate over the network on a File Share basis. It is one of the licensing conditions that each machine has No other software installed but which came witht the OS, and that no machine is attached to an external network. The first version was developed for DOS, we went thru Win 3.1(Great Improvement), Win95/98 (Hard Job, but worth the Effort) to Windows XP. Here it realy excelled. The NT File System was a major improvement, Getting Rid of 'Sections' and a Flat Memory Model took a while to weed out, but the benefits were clear to see. Then we got Vista. Prior to Vista, we had Computers, owned by the business, organised around our More than Adequate security Model, but, Vista interfered, demanding Confirmation at every Step. We immediately dismissed Vista, it is still on our list of Un-Supported Systems. At the moment we have an 'Unsurpassed Supply' of Windows XP Computers, which we recycle, retaining the Windows XP OS. Now, This will come to an end, sooner or later. Does anyone have any idea how to knobble the (un wanted) Windows 7 Security System, so as to allow me to Create,Write and Modify ANY File or Registry Entry, without an Inappropriate Security question inbetween. Microsoft has developed an Operating system that is geared around the likes of Insurance Sales men, Dipping In and Out of office boots, and by logging in, getting their personal settings back, wherever in the world. The businesses we supply to have vastly different requirements, the main one being, that it has One and only One Administrator, an No Other User Accounts. I can fully understand the benefit of Windows Security for the type of application where internet activity is expected, however, why is that aditional security not offered as an installation option, so that those who deem they do not need it, can avoid it. That type of Security Architecture, when it is enforced ( Vista Win 8) rather than Optional (Win XP) is precisely what is causing people to recycle Old Software, start looking at Linux, etc. Seeing all the CutBack versions of Win7 now for sale, Why can MS not supply a Version, with No Security Restrictions, and a Free Access for All on a small LAN.(mayBe blocked from running WAN and INET options) There is a Lot of activity around the world
Don't you just love how Microsofts has decided whats best for its users? It used to be in this world that it was the customer who determined how the next generation of a product changed or eveolved. Automibile drivers were hot and so the industry added air conditioning. Drivers wanted to hear music and so enter the FM radio. Then came the personal computer. Once the public was hooked Micro$oft changed gears and started making product changes based on what they believed was best and not what users wanted. Unlike the automobile industry most users are stuck with whatever Microsoft says because their only choice is to do that or switch to a Mac or do without a computer. TThis level of users doesn;t even know what Limux/Unix is let alone how to use a system running it so they really do have only the choice of Microsoft or Apple. Apples being telling users for years what they are going to get so its not like switching to Apple opens up more choices for the user. This is the end result of our letting ourselves become so dependent on the product of one company. In the 80's the schools should have taught computer skills as a mandatory class (instead of that multicultural appreciation junk) so that come 20 years later the target demographics would be primarily coimputer savvy techs. Oh well. Windows 7 though is even worse then Vista in terms of the big screw you from Microsoft. At least in Vista many of the undesired changes were optional. I can make Windows Explorer function like it shoudl in Vista but in Windows 7 i'm stuck with this new broke arse design. Good luck with Windows 7.
-
Thanks, Daniel. I'm going to look into this when I get into work tomorrow. I'm afraid that when I did my original research, I didn't find any mention of doing this with a manifest, other than signaling that my app requires admin privileges, which I'm not allowed to do. The hard part may be telling my minion that his four weeks on work on the registry service :wtf: (I can hardly believe it myself) are being chucked in the can.
Software Zen:
delete this;2 years ago, none of that documentation existed. If you require any elevated privileges, then indeed your app must run at the elevated level, or, you must perform an IPC of some sort with an elevated process (we went this route as well). The Windows (in)security model is a hopeless entangled mess at this point that pretty much no one is going to be able to fix or work with efficiently. If you are security conscious and require a process to run at lowest priv level AND perform an elevated function then you have 2 choices, either run multiple processes and deal with the security on each one, or, better yet, go with a real system (yes, truly) and skip all the work arounds with in process token elevation with proper credentials being provided. MS is the only system I'm aware of that requires the root process to have maximum privs enabled to spawn child processes, since token manipulation has been effectively disabled with 2008 R2/W7. All others can create appropriate security contexts for a given set of credentials.
-
Hi, We run a small business, providing Sales Terminals, ShopFloor Terminalst etc. for European Laundrettes and Drycleaners. None of the terminals are likely to be connected to the Internet, the vast majority are Stand Alone, a few have several terminals (Limited to 16), which operate over the network on a File Share basis. It is one of the licensing conditions that each machine has No other software installed but which came witht the OS, and that no machine is attached to an external network. The first version was developed for DOS, we went thru Win 3.1(Great Improvement), Win95/98 (Hard Job, but worth the Effort) to Windows XP. Here it realy excelled. The NT File System was a major improvement, Getting Rid of 'Sections' and a Flat Memory Model took a while to weed out, but the benefits were clear to see. Then we got Vista. Prior to Vista, we had Computers, owned by the business, organised around our More than Adequate security Model, but, Vista interfered, demanding Confirmation at every Step. We immediately dismissed Vista, it is still on our list of Un-Supported Systems. At the moment we have an 'Unsurpassed Supply' of Windows XP Computers, which we recycle, retaining the Windows XP OS. Now, This will come to an end, sooner or later. Does anyone have any idea how to knobble the (un wanted) Windows 7 Security System, so as to allow me to Create,Write and Modify ANY File or Registry Entry, without an Inappropriate Security question inbetween. Microsoft has developed an Operating system that is geared around the likes of Insurance Sales men, Dipping In and Out of office boots, and by logging in, getting their personal settings back, wherever in the world. The businesses we supply to have vastly different requirements, the main one being, that it has One and only One Administrator, an No Other User Accounts. I can fully understand the benefit of Windows Security for the type of application where internet activity is expected, however, why is that aditional security not offered as an installation option, so that those who deem they do not need it, can avoid it. That type of Security Architecture, when it is enforced ( Vista Win 8) rather than Optional (Win XP) is precisely what is causing people to recycle Old Software, start looking at Linux, etc. Seeing all the CutBack versions of Win7 now for sale, Why can MS not supply a Version, with No Security Restrictions, and a Free Access for All on a small LAN.(mayBe blocked from running WAN and INET options) There is a Lot of activity around the world
As a system administrator since the late 80s, I can think of no single factor that has been responsible for more general problems, frustration, lost productivity, and down time than software which *requires* local administrative permissions in order to run. Even today, there is a great deal of commercial software which, while it may be fantastic at serving the production needs of a particular vertical, makes little to no effort to work properly within the Windows security framework. The Principle of Least Privillege has been around - and deservedly venerated - since the very earliest days of computing. Some of the earlier MS operating systems (3.1, to some extent 95) did not incorporate that principle stringently, and so we wound up with a couple generations of applications that paid little attention to properly isolating user and program permissions. Consequently we saw legions of machines where the average user was granted inappropriate adminsitrative permissions on their machines. Those folks promptly went out to pounce on the first attractive looking virus, or sometimes they would simply render their machine inoperable by 'investigating' some of the lower level configuration options on their machine. "Windows is insecure and unreliable" came the outcry, but was the main problem the OS itself, or the applications that required it to be set up to fail? The answer is certainly "both" to some extent, but huge amount of trouble could certainly have been avoided had developers more often taken the approach of designing their software suit the security model of the operating system rather than requiring the security model of the operating system to be compromised to avoid their development challenges. Almost all the fundamental parts of the current security model, including registry segementation have been around as long as the Win32 API - but many developers continue, more than a decade after their release, to look for ways to 'get around' sensible security measures, rather than conform to them. Even more insidious, I seen many cases where developers *knowingly* bump end users up to full administrative permission in production situations in order to increase instability since they also carry maintenance agreements for those sites. Dozens of times I've arrived at such sites after the customer finally got so frustrated with their level of downtime that they decided to try another option. Typically after a few weeks of eliminating privllege elevations and tightening things down to the point that fo
-
Hmm sounds like a perfect job for Linux. Have you ever considered using Linux?
The best way to accelerate a Macintosh is at 9.8m/sec-sec - Marcus Dolengo
Hi, Well I have considered Linux, but, at this stage, my code depends heavily on MFC 42.(Is there now a Porting facility available ?) I have also to consider my existing Client base. I cannot tell my customers to 'Change Over' at the next Licence renewal. Is there a Linux IDE to seamlesly take over my Source Code, for a bakers dozen of projects, covering 700+ files. Regards, :)
Bram van Kampen
-
2 years ago, none of that documentation existed. If you require any elevated privileges, then indeed your app must run at the elevated level, or, you must perform an IPC of some sort with an elevated process (we went this route as well). The Windows (in)security model is a hopeless entangled mess at this point that pretty much no one is going to be able to fix or work with efficiently. If you are security conscious and require a process to run at lowest priv level AND perform an elevated function then you have 2 choices, either run multiple processes and deal with the security on each one, or, better yet, go with a real system (yes, truly) and skip all the work arounds with in process token elevation with proper credentials being provided. MS is the only system I'm aware of that requires the root process to have maximum privs enabled to spawn child processes, since token manipulation has been effectively disabled with 2008 R2/W7. All others can create appropriate security contexts for a given set of credentials.
Hi, Well, As by my original question, Ultimately, I am not interested in the vagarities of the MS security model.we do not use it, we do not want it for the type of terminals we write for! What we are looking for, is a version of Win7 (Like XP) where this was an 'Opt In' rather than an 'Opt Out'in subsequent OS-es. My Code will run for the next 100 years successfully under XP. Never found any shortcommings in it. :)
Bram van Kampen
-
Why does Microsoft set all this up by default?? Because in the past they've been ripped up in the media for NOT having it secured by default. Admins who didn't know what they were doing were put in charge of setting up all kinds of stuff and not securing any of it. Then schmucks come by with nothing better to do and just hack into it and cause all sorts of damage or write viruses and unleash them on unsuspecting users. Bascially, MS was forced to secure everything by default to protect the innocent from themselves.
A guide to posting questions on CodeProject[^]
Dave KreskowiakHi, Accepted, How do you get Out of this Default when installing :)
Bram van Kampen
-
Give your app elevated privileges and load it as a service at startup, it will run with the admin security token. Then have it communicate with whatever user space component you use for the UI and you'll have all of the security that's available without the nagging questions. What is your application doing that requires admin level access?
All of my software is powered by a single Watt.
Well, Sounds Good, but in my Client base I do Neither Want or Need Windows Security, User Identification, or, any of that crap! All computers run in 'Administrator Mode' anyways.Just a Flat File System, No BVirtual links, like 'My Documents', a basic system that avoids the whole Virtual Folder, and 'My Documents' crap. I Own my computers,I know my file System, Who is Microsoft to try and second guess me in where I want to store files.
Paul Watt wrote:
What is your application doing that requires admin level access?
Well, it is a number of Apps running on a Peer to Peer Network, seeking to modify a database on 0ne of the terminals. The suite relates to Landrettes and Drycleaners. We have not over the past 10 years had even one security incident. Our Software is only available by CD, from registered Distributors.
Paul Watt wrote:
What is your application doing that requires admin level access?
It just runs perfectly under XP, and will do so untill eternity. Microsoft changed the environment, Not Me.
Bram van Kampen
-
Hi, Accepted, How do you get Out of this Default when installing :)
Bram van Kampen
You don't. There's no option to turn this off if you're doing a fresh install off the original medium. If you're doing a unattended install, you can pick everything you want and script the configuration settings.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
Hi, We run a small business, providing Sales Terminals, ShopFloor Terminalst etc. for European Laundrettes and Drycleaners. None of the terminals are likely to be connected to the Internet, the vast majority are Stand Alone, a few have several terminals (Limited to 16), which operate over the network on a File Share basis. It is one of the licensing conditions that each machine has No other software installed but which came witht the OS, and that no machine is attached to an external network. The first version was developed for DOS, we went thru Win 3.1(Great Improvement), Win95/98 (Hard Job, but worth the Effort) to Windows XP. Here it realy excelled. The NT File System was a major improvement, Getting Rid of 'Sections' and a Flat Memory Model took a while to weed out, but the benefits were clear to see. Then we got Vista. Prior to Vista, we had Computers, owned by the business, organised around our More than Adequate security Model, but, Vista interfered, demanding Confirmation at every Step. We immediately dismissed Vista, it is still on our list of Un-Supported Systems. At the moment we have an 'Unsurpassed Supply' of Windows XP Computers, which we recycle, retaining the Windows XP OS. Now, This will come to an end, sooner or later. Does anyone have any idea how to knobble the (un wanted) Windows 7 Security System, so as to allow me to Create,Write and Modify ANY File or Registry Entry, without an Inappropriate Security question inbetween. Microsoft has developed an Operating system that is geared around the likes of Insurance Sales men, Dipping In and Out of office boots, and by logging in, getting their personal settings back, wherever in the world. The businesses we supply to have vastly different requirements, the main one being, that it has One and only One Administrator, an No Other User Accounts. I can fully understand the benefit of Windows Security for the type of application where internet activity is expected, however, why is that aditional security not offered as an installation option, so that those who deem they do not need it, can avoid it. That type of Security Architecture, when it is enforced ( Vista Win 8) rather than Optional (Win XP) is precisely what is causing people to recycle Old Software, start looking at Linux, etc. Seeing all the CutBack versions of Win7 now for sale, Why can MS not supply a Version, with No Security Restrictions, and a Free Access for All on a small LAN.(mayBe blocked from running WAN and INET options) There is a Lot of activity around the world
Isn't a throath a small Barsoonian mammal?
-
Hi, Well, As by my original question, Ultimately, I am not interested in the vagarities of the MS security model.we do not use it, we do not want it for the type of terminals we write for! What we are looking for, is a version of Win7 (Like XP) where this was an 'Opt In' rather than an 'Opt Out'in subsequent OS-es. My Code will run for the next 100 years successfully under XP. Never found any shortcommings in it. :)
Bram van Kampen
Our solution is to create a Setup program which you can "Run As Administrator" which does the following: 1) Name your setup program "SomethingOtherthenSetup" and then rename it to Setup.exe after the compile. 2) Execute: %windir%\system32\reg.exe flags HKLM\Software\OurKey SET DONT_VIRTUALIZE /s 3) Create the Directories OUTSIDE of "Program Files" and add an ACL for everyone to the directory (Code available on request) 4) When installing or updating an EXE file which does any network communications (TCP ports) Execute the Following Sequence of commands:
if (osver.dwMajorVersion < 6)
wsprintf(Cmd,"firewall delete allowedprogram \"%s\"",fh->PathtoProgram);
else
wsprintf(Cmd,"advfirewall firewall delete rule name=\"%s\"",fh->Name);
ShellExecuteEx(&si);
Sleep(250);
if (si.hProcess) {WaitForSingleObject(si.hProcess,INFINITE); CloseHandle(si.hProcess); }
if (osver.dwMajorVersion < 6)
wsprintf(Cmd,"firewall add allowedprogram \"%s\" \"%s\" ENABLE",fh->PathtoProgram,fh->Name);
else
wsprintf(Cmd,"advfirewall firewall add rule name=\"%s\" dir=in action=allow program=\"%s\" enable=yes",fh->Name,fh->PathtoProgram);All very simple to install a user mode program which talks on the network.
-
As a system administrator since the late 80s, I can think of no single factor that has been responsible for more general problems, frustration, lost productivity, and down time than software which *requires* local administrative permissions in order to run. Even today, there is a great deal of commercial software which, while it may be fantastic at serving the production needs of a particular vertical, makes little to no effort to work properly within the Windows security framework. The Principle of Least Privillege has been around - and deservedly venerated - since the very earliest days of computing. Some of the earlier MS operating systems (3.1, to some extent 95) did not incorporate that principle stringently, and so we wound up with a couple generations of applications that paid little attention to properly isolating user and program permissions. Consequently we saw legions of machines where the average user was granted inappropriate adminsitrative permissions on their machines. Those folks promptly went out to pounce on the first attractive looking virus, or sometimes they would simply render their machine inoperable by 'investigating' some of the lower level configuration options on their machine. "Windows is insecure and unreliable" came the outcry, but was the main problem the OS itself, or the applications that required it to be set up to fail? The answer is certainly "both" to some extent, but huge amount of trouble could certainly have been avoided had developers more often taken the approach of designing their software suit the security model of the operating system rather than requiring the security model of the operating system to be compromised to avoid their development challenges. Almost all the fundamental parts of the current security model, including registry segementation have been around as long as the Win32 API - but many developers continue, more than a decade after their release, to look for ways to 'get around' sensible security measures, rather than conform to them. Even more insidious, I seen many cases where developers *knowingly* bump end users up to full administrative permission in production situations in order to increase instability since they also carry maintenance agreements for those sites. Dozens of times I've arrived at such sites after the customer finally got so frustrated with their level of downtime that they decided to try another option. Typically after a few weeks of eliminating privllege elevations and tightening things down to the point that fo
Hi, Sorry to hear of such problems. However, our experience has been the absolute opposite. Now, you probably deal with a large system on which various users run their various favorite software solutions for the task at hand. Our machines run Windows, and a bakers dozen of apps which makes up our suite. Now, the security question is NOT who has Access to What File, but: Who can Modify the database in a particular way. For instance, a Cash Register Operator must be able to ring in a transaction, and, hence must have Read Modify and Write access to the files that constitute the tables which records these events. It goes without saying that this must be the same table set for each user. Now, a Supervisor has an aditional capability of being able to modify the sales amount, but from a file access point of view, has basically the same access. It is our Software that determines what is allowed or not allowed, based on how an operator is signed in, NOT how signed in to Windows, but how signed in to our Software. Our Software is typically running on terminals 24/7/365, and a user signs in on OUR signin screen when the need arises (i.e. a Customer arrives) Our Software is responsible of automatically saving transactions, most operators have never in their lives seen a 'Save As' or 'Open' File Dialog. The subject is not covered in the Standard Course Material, because it would be irrellevant. I have not heard of a way yet in windows where one can leave applications running, whilst changing User. What's more, I have not yet heard of a way either Windows Security can decide to grant or deny access on the basis of the intentions of the user, which are only known to the Application Program. It is ofcourse important that a business has only One set of Accounts, and that it is always THAT Database that transactions are entered upon. This must be so, regardles of who Windows Security assumes to be the User. To Store the DB Location in HKCU would therefore be wrong, HKLM would be the Correct Place, with No Confusion Possible. Fine for that, at least that does not change, but there are other parameters, dat DO Change, that should Also be stored there for the Same Reason! Immediate 'Gotche' The Vista 'Solution' of storing it under HKCU anyways is exactly the Opposite of what we want to achieve. Another factor is the 'Fiddle' factor. The vast majority of our End Users are entirely Computer Illiterate, and have been trained just to operate our software. In 10 year we have not had One Security Incident, with any of our