Windows Security Forced down developers troaths.
-
Having a UAC manifest does not imply your application is running privileged or will cause any prompt. It simply means "this program is compatible with Vista, turn off that damn virtualization". Here is an example manifest that turns off virtualization but does not cause any elevation or UAC prompt:
<?xml version="1.0" encoding="utf-8"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>By the way, this manifest is embedded by default in all new projects created with VS 2008 or higher. And don't worry about
uiAccess="false"- that doesn't mean your process can't display a UI, it just means your process cannot access the UI of other (elevated) processes. Edit: here's the documentation on UAC manifests: http://msdn.microsoft.com/en-us/library/bb756929.aspx[^]Thanks, Daniel. I'm going to look into this when I get into work tomorrow. I'm afraid that when I did my original research, I didn't find any mention of doing this with a manifest, other than signaling that my app requires admin privileges, which I'm not allowed to do. The hard part may be telling my minion that his four weeks on work on the registry service :wtf: (I can hardly believe it myself) are being chucked in the can.
Software Zen:
delete this; -
I wouldn't call it serendipity at all, it seems to me that was the right design to use and you simply created a solution that just "Works". Applications shouldn't require elevated privileges to run, it just causes all sorts of incompatibilities. Visual Studio for instance, I occasionally use this plug-in that doesn't function properly unless I start VS in admin mode (on Vista). Well by doing that, all of the other user mode apps that I am running, including Windows Explorer can't properly interface with VS anymore. Drag-and-Drop file support from and open explorer window onto VS will fail becaues of the differences in security levels.
All of my software is powered by a single Watt.
Think the comments in this thread sums up the lack of sensible design by the Microsoft developers. If the people who are going to write for the system can't understand its complexities (or don't have time to learn them!) then that in itself is a very real security risk. Comments here show that. The best security is simple security that people understand!
-
Hi, We run a small business, providing Sales Terminals, ShopFloor Terminalst etc. for European Laundrettes and Drycleaners. None of the terminals are likely to be connected to the Internet, the vast majority are Stand Alone, a few have several terminals (Limited to 16), which operate over the network on a File Share basis. It is one of the licensing conditions that each machine has No other software installed but which came witht the OS, and that no machine is attached to an external network. The first version was developed for DOS, we went thru Win 3.1(Great Improvement), Win95/98 (Hard Job, but worth the Effort) to Windows XP. Here it realy excelled. The NT File System was a major improvement, Getting Rid of 'Sections' and a Flat Memory Model took a while to weed out, but the benefits were clear to see. Then we got Vista. Prior to Vista, we had Computers, owned by the business, organised around our More than Adequate security Model, but, Vista interfered, demanding Confirmation at every Step. We immediately dismissed Vista, it is still on our list of Un-Supported Systems. At the moment we have an 'Unsurpassed Supply' of Windows XP Computers, which we recycle, retaining the Windows XP OS. Now, This will come to an end, sooner or later. Does anyone have any idea how to knobble the (un wanted) Windows 7 Security System, so as to allow me to Create,Write and Modify ANY File or Registry Entry, without an Inappropriate Security question inbetween. Microsoft has developed an Operating system that is geared around the likes of Insurance Sales men, Dipping In and Out of office boots, and by logging in, getting their personal settings back, wherever in the world. The businesses we supply to have vastly different requirements, the main one being, that it has One and only One Administrator, an No Other User Accounts. I can fully understand the benefit of Windows Security for the type of application where internet activity is expected, however, why is that aditional security not offered as an installation option, so that those who deem they do not need it, can avoid it. That type of Security Architecture, when it is enforced ( Vista Win 8) rather than Optional (Win XP) is precisely what is causing people to recycle Old Software, start looking at Linux, etc. Seeing all the CutBack versions of Win7 now for sale, Why can MS not supply a Version, with No Security Restrictions, and a Free Access for All on a small LAN.(mayBe blocked from running WAN and INET options) There is a Lot of activity around the world
Hmm sounds like a perfect job for Linux. Have you ever considered using Linux?
The best way to accelerate a Macintosh is at 9.8m/sec-sec - Marcus Dolengo
-
Hi, We run a small business, providing Sales Terminals, ShopFloor Terminalst etc. for European Laundrettes and Drycleaners. None of the terminals are likely to be connected to the Internet, the vast majority are Stand Alone, a few have several terminals (Limited to 16), which operate over the network on a File Share basis. It is one of the licensing conditions that each machine has No other software installed but which came witht the OS, and that no machine is attached to an external network. The first version was developed for DOS, we went thru Win 3.1(Great Improvement), Win95/98 (Hard Job, but worth the Effort) to Windows XP. Here it realy excelled. The NT File System was a major improvement, Getting Rid of 'Sections' and a Flat Memory Model took a while to weed out, but the benefits were clear to see. Then we got Vista. Prior to Vista, we had Computers, owned by the business, organised around our More than Adequate security Model, but, Vista interfered, demanding Confirmation at every Step. We immediately dismissed Vista, it is still on our list of Un-Supported Systems. At the moment we have an 'Unsurpassed Supply' of Windows XP Computers, which we recycle, retaining the Windows XP OS. Now, This will come to an end, sooner or later. Does anyone have any idea how to knobble the (un wanted) Windows 7 Security System, so as to allow me to Create,Write and Modify ANY File or Registry Entry, without an Inappropriate Security question inbetween. Microsoft has developed an Operating system that is geared around the likes of Insurance Sales men, Dipping In and Out of office boots, and by logging in, getting their personal settings back, wherever in the world. The businesses we supply to have vastly different requirements, the main one being, that it has One and only One Administrator, an No Other User Accounts. I can fully understand the benefit of Windows Security for the type of application where internet activity is expected, however, why is that aditional security not offered as an installation option, so that those who deem they do not need it, can avoid it. That type of Security Architecture, when it is enforced ( Vista Win 8) rather than Optional (Win XP) is precisely what is causing people to recycle Old Software, start looking at Linux, etc. Seeing all the CutBack versions of Win7 now for sale, Why can MS not supply a Version, with No Security Restrictions, and a Free Access for All on a small LAN.(mayBe blocked from running WAN and INET options) There is a Lot of activity around the world
You've said your application shouldn't run with elevated privileges, but you seem to then want it to do things that require elevated privileges. To be frank, are you sure the problem is the design of the Windows security model rather than the design of your application? I can't say I quite understand why a shop floor application would ever need to do things with which the Windows security model would interfere. Why are you storing user-level data in places that create UAC prompts? The entire "one, administrative user" model is so clearly flawed I am very surprised you are still going down that road when modern operating systems allow you to do better. Do you really want users on the shop floor running as administrators? I should think not; the administrative account should only be used by, well, you, when you are installing and configuring this stuff, and the application itself ought to be running as a regular, non-privileged user, always. Security protections, including UAC, aren't just about the Internet, they are also about the users, the public, whoever is using the computer, and what they can do to the machine. I should think you'd be well aware that users will do just about anything they can to a computer system, and in that regard, Windows 7 is a vast improvement over earlier operating systems in which systems of the type you describe had no way of truly locking them down. So I think you'd need to provide a little more explanation or justification before you've demonstrated that Windows is actually the real problem here.
-
Hi, We run a small business, providing Sales Terminals, ShopFloor Terminalst etc. for European Laundrettes and Drycleaners. None of the terminals are likely to be connected to the Internet, the vast majority are Stand Alone, a few have several terminals (Limited to 16), which operate over the network on a File Share basis. It is one of the licensing conditions that each machine has No other software installed but which came witht the OS, and that no machine is attached to an external network. The first version was developed for DOS, we went thru Win 3.1(Great Improvement), Win95/98 (Hard Job, but worth the Effort) to Windows XP. Here it realy excelled. The NT File System was a major improvement, Getting Rid of 'Sections' and a Flat Memory Model took a while to weed out, but the benefits were clear to see. Then we got Vista. Prior to Vista, we had Computers, owned by the business, organised around our More than Adequate security Model, but, Vista interfered, demanding Confirmation at every Step. We immediately dismissed Vista, it is still on our list of Un-Supported Systems. At the moment we have an 'Unsurpassed Supply' of Windows XP Computers, which we recycle, retaining the Windows XP OS. Now, This will come to an end, sooner or later. Does anyone have any idea how to knobble the (un wanted) Windows 7 Security System, so as to allow me to Create,Write and Modify ANY File or Registry Entry, without an Inappropriate Security question inbetween. Microsoft has developed an Operating system that is geared around the likes of Insurance Sales men, Dipping In and Out of office boots, and by logging in, getting their personal settings back, wherever in the world. The businesses we supply to have vastly different requirements, the main one being, that it has One and only One Administrator, an No Other User Accounts. I can fully understand the benefit of Windows Security for the type of application where internet activity is expected, however, why is that aditional security not offered as an installation option, so that those who deem they do not need it, can avoid it. That type of Security Architecture, when it is enforced ( Vista Win 8) rather than Optional (Win XP) is precisely what is causing people to recycle Old Software, start looking at Linux, etc. Seeing all the CutBack versions of Win7 now for sale, Why can MS not supply a Version, with No Security Restrictions, and a Free Access for All on a small LAN.(mayBe blocked from running WAN and INET options) There is a Lot of activity around the world
Don't you just love how Microsofts has decided whats best for its users? It used to be in this world that it was the customer who determined how the next generation of a product changed or eveolved. Automibile drivers were hot and so the industry added air conditioning. Drivers wanted to hear music and so enter the FM radio. Then came the personal computer. Once the public was hooked Micro$oft changed gears and started making product changes based on what they believed was best and not what users wanted. Unlike the automobile industry most users are stuck with whatever Microsoft says because their only choice is to do that or switch to a Mac or do without a computer. TThis level of users doesn;t even know what Limux/Unix is let alone how to use a system running it so they really do have only the choice of Microsoft or Apple. Apples being telling users for years what they are going to get so its not like switching to Apple opens up more choices for the user. This is the end result of our letting ourselves become so dependent on the product of one company. In the 80's the schools should have taught computer skills as a mandatory class (instead of that multicultural appreciation junk) so that come 20 years later the target demographics would be primarily coimputer savvy techs. Oh well. Windows 7 though is even worse then Vista in terms of the big screw you from Microsoft. At least in Vista many of the undesired changes were optional. I can make Windows Explorer function like it shoudl in Vista but in Windows 7 i'm stuck with this new broke arse design. Good luck with Windows 7.
-
Thanks, Daniel. I'm going to look into this when I get into work tomorrow. I'm afraid that when I did my original research, I didn't find any mention of doing this with a manifest, other than signaling that my app requires admin privileges, which I'm not allowed to do. The hard part may be telling my minion that his four weeks on work on the registry service :wtf: (I can hardly believe it myself) are being chucked in the can.
Software Zen:
delete this;2 years ago, none of that documentation existed. If you require any elevated privileges, then indeed your app must run at the elevated level, or, you must perform an IPC of some sort with an elevated process (we went this route as well). The Windows (in)security model is a hopeless entangled mess at this point that pretty much no one is going to be able to fix or work with efficiently. If you are security conscious and require a process to run at lowest priv level AND perform an elevated function then you have 2 choices, either run multiple processes and deal with the security on each one, or, better yet, go with a real system (yes, truly) and skip all the work arounds with in process token elevation with proper credentials being provided. MS is the only system I'm aware of that requires the root process to have maximum privs enabled to spawn child processes, since token manipulation has been effectively disabled with 2008 R2/W7. All others can create appropriate security contexts for a given set of credentials.
-
Hi, We run a small business, providing Sales Terminals, ShopFloor Terminalst etc. for European Laundrettes and Drycleaners. None of the terminals are likely to be connected to the Internet, the vast majority are Stand Alone, a few have several terminals (Limited to 16), which operate over the network on a File Share basis. It is one of the licensing conditions that each machine has No other software installed but which came witht the OS, and that no machine is attached to an external network. The first version was developed for DOS, we went thru Win 3.1(Great Improvement), Win95/98 (Hard Job, but worth the Effort) to Windows XP. Here it realy excelled. The NT File System was a major improvement, Getting Rid of 'Sections' and a Flat Memory Model took a while to weed out, but the benefits were clear to see. Then we got Vista. Prior to Vista, we had Computers, owned by the business, organised around our More than Adequate security Model, but, Vista interfered, demanding Confirmation at every Step. We immediately dismissed Vista, it is still on our list of Un-Supported Systems. At the moment we have an 'Unsurpassed Supply' of Windows XP Computers, which we recycle, retaining the Windows XP OS. Now, This will come to an end, sooner or later. Does anyone have any idea how to knobble the (un wanted) Windows 7 Security System, so as to allow me to Create,Write and Modify ANY File or Registry Entry, without an Inappropriate Security question inbetween. Microsoft has developed an Operating system that is geared around the likes of Insurance Sales men, Dipping In and Out of office boots, and by logging in, getting their personal settings back, wherever in the world. The businesses we supply to have vastly different requirements, the main one being, that it has One and only One Administrator, an No Other User Accounts. I can fully understand the benefit of Windows Security for the type of application where internet activity is expected, however, why is that aditional security not offered as an installation option, so that those who deem they do not need it, can avoid it. That type of Security Architecture, when it is enforced ( Vista Win 8) rather than Optional (Win XP) is precisely what is causing people to recycle Old Software, start looking at Linux, etc. Seeing all the CutBack versions of Win7 now for sale, Why can MS not supply a Version, with No Security Restrictions, and a Free Access for All on a small LAN.(mayBe blocked from running WAN and INET options) There is a Lot of activity around the world
As a system administrator since the late 80s, I can think of no single factor that has been responsible for more general problems, frustration, lost productivity, and down time than software which *requires* local administrative permissions in order to run. Even today, there is a great deal of commercial software which, while it may be fantastic at serving the production needs of a particular vertical, makes little to no effort to work properly within the Windows security framework. The Principle of Least Privillege has been around - and deservedly venerated - since the very earliest days of computing. Some of the earlier MS operating systems (3.1, to some extent 95) did not incorporate that principle stringently, and so we wound up with a couple generations of applications that paid little attention to properly isolating user and program permissions. Consequently we saw legions of machines where the average user was granted inappropriate adminsitrative permissions on their machines. Those folks promptly went out to pounce on the first attractive looking virus, or sometimes they would simply render their machine inoperable by 'investigating' some of the lower level configuration options on their machine. "Windows is insecure and unreliable" came the outcry, but was the main problem the OS itself, or the applications that required it to be set up to fail? The answer is certainly "both" to some extent, but huge amount of trouble could certainly have been avoided had developers more often taken the approach of designing their software suit the security model of the operating system rather than requiring the security model of the operating system to be compromised to avoid their development challenges. Almost all the fundamental parts of the current security model, including registry segementation have been around as long as the Win32 API - but many developers continue, more than a decade after their release, to look for ways to 'get around' sensible security measures, rather than conform to them. Even more insidious, I seen many cases where developers *knowingly* bump end users up to full administrative permission in production situations in order to increase instability since they also carry maintenance agreements for those sites. Dozens of times I've arrived at such sites after the customer finally got so frustrated with their level of downtime that they decided to try another option. Typically after a few weeks of eliminating privllege elevations and tightening things down to the point that fo
-
Hmm sounds like a perfect job for Linux. Have you ever considered using Linux?
The best way to accelerate a Macintosh is at 9.8m/sec-sec - Marcus Dolengo
Hi, Well I have considered Linux, but, at this stage, my code depends heavily on MFC 42.(Is there now a Porting facility available ?) I have also to consider my existing Client base. I cannot tell my customers to 'Change Over' at the next Licence renewal. Is there a Linux IDE to seamlesly take over my Source Code, for a bakers dozen of projects, covering 700+ files. Regards, :)
Bram van Kampen
-
2 years ago, none of that documentation existed. If you require any elevated privileges, then indeed your app must run at the elevated level, or, you must perform an IPC of some sort with an elevated process (we went this route as well). The Windows (in)security model is a hopeless entangled mess at this point that pretty much no one is going to be able to fix or work with efficiently. If you are security conscious and require a process to run at lowest priv level AND perform an elevated function then you have 2 choices, either run multiple processes and deal with the security on each one, or, better yet, go with a real system (yes, truly) and skip all the work arounds with in process token elevation with proper credentials being provided. MS is the only system I'm aware of that requires the root process to have maximum privs enabled to spawn child processes, since token manipulation has been effectively disabled with 2008 R2/W7. All others can create appropriate security contexts for a given set of credentials.
Hi, Well, As by my original question, Ultimately, I am not interested in the vagarities of the MS security model.we do not use it, we do not want it for the type of terminals we write for! What we are looking for, is a version of Win7 (Like XP) where this was an 'Opt In' rather than an 'Opt Out'in subsequent OS-es. My Code will run for the next 100 years successfully under XP. Never found any shortcommings in it. :)
Bram van Kampen
-
Why does Microsoft set all this up by default?? Because in the past they've been ripped up in the media for NOT having it secured by default. Admins who didn't know what they were doing were put in charge of setting up all kinds of stuff and not securing any of it. Then schmucks come by with nothing better to do and just hack into it and cause all sorts of damage or write viruses and unleash them on unsuspecting users. Bascially, MS was forced to secure everything by default to protect the innocent from themselves.
A guide to posting questions on CodeProject[^]
Dave KreskowiakHi, Accepted, How do you get Out of this Default when installing :)
Bram van Kampen
-
Give your app elevated privileges and load it as a service at startup, it will run with the admin security token. Then have it communicate with whatever user space component you use for the UI and you'll have all of the security that's available without the nagging questions. What is your application doing that requires admin level access?
All of my software is powered by a single Watt.
Well, Sounds Good, but in my Client base I do Neither Want or Need Windows Security, User Identification, or, any of that crap! All computers run in 'Administrator Mode' anyways.Just a Flat File System, No BVirtual links, like 'My Documents', a basic system that avoids the whole Virtual Folder, and 'My Documents' crap. I Own my computers,I know my file System, Who is Microsoft to try and second guess me in where I want to store files.
Paul Watt wrote:
What is your application doing that requires admin level access?
Well, it is a number of Apps running on a Peer to Peer Network, seeking to modify a database on 0ne of the terminals. The suite relates to Landrettes and Drycleaners. We have not over the past 10 years had even one security incident. Our Software is only available by CD, from registered Distributors.
Paul Watt wrote:
What is your application doing that requires admin level access?
It just runs perfectly under XP, and will do so untill eternity. Microsoft changed the environment, Not Me.
Bram van Kampen
-
Hi, Accepted, How do you get Out of this Default when installing :)
Bram van Kampen
You don't. There's no option to turn this off if you're doing a fresh install off the original medium. If you're doing a unattended install, you can pick everything you want and script the configuration settings.
A guide to posting questions on CodeProject[^]
Dave Kreskowiak -
Hi, We run a small business, providing Sales Terminals, ShopFloor Terminalst etc. for European Laundrettes and Drycleaners. None of the terminals are likely to be connected to the Internet, the vast majority are Stand Alone, a few have several terminals (Limited to 16), which operate over the network on a File Share basis. It is one of the licensing conditions that each machine has No other software installed but which came witht the OS, and that no machine is attached to an external network. The first version was developed for DOS, we went thru Win 3.1(Great Improvement), Win95/98 (Hard Job, but worth the Effort) to Windows XP. Here it realy excelled. The NT File System was a major improvement, Getting Rid of 'Sections' and a Flat Memory Model took a while to weed out, but the benefits were clear to see. Then we got Vista. Prior to Vista, we had Computers, owned by the business, organised around our More than Adequate security Model, but, Vista interfered, demanding Confirmation at every Step. We immediately dismissed Vista, it is still on our list of Un-Supported Systems. At the moment we have an 'Unsurpassed Supply' of Windows XP Computers, which we recycle, retaining the Windows XP OS. Now, This will come to an end, sooner or later. Does anyone have any idea how to knobble the (un wanted) Windows 7 Security System, so as to allow me to Create,Write and Modify ANY File or Registry Entry, without an Inappropriate Security question inbetween. Microsoft has developed an Operating system that is geared around the likes of Insurance Sales men, Dipping In and Out of office boots, and by logging in, getting their personal settings back, wherever in the world. The businesses we supply to have vastly different requirements, the main one being, that it has One and only One Administrator, an No Other User Accounts. I can fully understand the benefit of Windows Security for the type of application where internet activity is expected, however, why is that aditional security not offered as an installation option, so that those who deem they do not need it, can avoid it. That type of Security Architecture, when it is enforced ( Vista Win 8) rather than Optional (Win XP) is precisely what is causing people to recycle Old Software, start looking at Linux, etc. Seeing all the CutBack versions of Win7 now for sale, Why can MS not supply a Version, with No Security Restrictions, and a Free Access for All on a small LAN.(mayBe blocked from running WAN and INET options) There is a Lot of activity around the world
Isn't a throath a small Barsoonian mammal?
-
Hi, Well, As by my original question, Ultimately, I am not interested in the vagarities of the MS security model.we do not use it, we do not want it for the type of terminals we write for! What we are looking for, is a version of Win7 (Like XP) where this was an 'Opt In' rather than an 'Opt Out'in subsequent OS-es. My Code will run for the next 100 years successfully under XP. Never found any shortcommings in it. :)
Bram van Kampen
Our solution is to create a Setup program which you can "Run As Administrator" which does the following: 1) Name your setup program "SomethingOtherthenSetup" and then rename it to Setup.exe after the compile. 2) Execute: %windir%\system32\reg.exe flags HKLM\Software\OurKey SET DONT_VIRTUALIZE /s 3) Create the Directories OUTSIDE of "Program Files" and add an ACL for everyone to the directory (Code available on request) 4) When installing or updating an EXE file which does any network communications (TCP ports) Execute the Following Sequence of commands:
if (osver.dwMajorVersion < 6)
wsprintf(Cmd,"firewall delete allowedprogram \"%s\"",fh->PathtoProgram);
else
wsprintf(Cmd,"advfirewall firewall delete rule name=\"%s\"",fh->Name);
ShellExecuteEx(&si);
Sleep(250);
if (si.hProcess) {WaitForSingleObject(si.hProcess,INFINITE); CloseHandle(si.hProcess); }
if (osver.dwMajorVersion < 6)
wsprintf(Cmd,"firewall add allowedprogram \"%s\" \"%s\" ENABLE",fh->PathtoProgram,fh->Name);
else
wsprintf(Cmd,"advfirewall firewall add rule name=\"%s\" dir=in action=allow program=\"%s\" enable=yes",fh->Name,fh->PathtoProgram);All very simple to install a user mode program which talks on the network.
-
As a system administrator since the late 80s, I can think of no single factor that has been responsible for more general problems, frustration, lost productivity, and down time than software which *requires* local administrative permissions in order to run. Even today, there is a great deal of commercial software which, while it may be fantastic at serving the production needs of a particular vertical, makes little to no effort to work properly within the Windows security framework. The Principle of Least Privillege has been around - and deservedly venerated - since the very earliest days of computing. Some of the earlier MS operating systems (3.1, to some extent 95) did not incorporate that principle stringently, and so we wound up with a couple generations of applications that paid little attention to properly isolating user and program permissions. Consequently we saw legions of machines where the average user was granted inappropriate adminsitrative permissions on their machines. Those folks promptly went out to pounce on the first attractive looking virus, or sometimes they would simply render their machine inoperable by 'investigating' some of the lower level configuration options on their machine. "Windows is insecure and unreliable" came the outcry, but was the main problem the OS itself, or the applications that required it to be set up to fail? The answer is certainly "both" to some extent, but huge amount of trouble could certainly have been avoided had developers more often taken the approach of designing their software suit the security model of the operating system rather than requiring the security model of the operating system to be compromised to avoid their development challenges. Almost all the fundamental parts of the current security model, including registry segementation have been around as long as the Win32 API - but many developers continue, more than a decade after their release, to look for ways to 'get around' sensible security measures, rather than conform to them. Even more insidious, I seen many cases where developers *knowingly* bump end users up to full administrative permission in production situations in order to increase instability since they also carry maintenance agreements for those sites. Dozens of times I've arrived at such sites after the customer finally got so frustrated with their level of downtime that they decided to try another option. Typically after a few weeks of eliminating privllege elevations and tightening things down to the point that fo
Hi, Sorry to hear of such problems. However, our experience has been the absolute opposite. Now, you probably deal with a large system on which various users run their various favorite software solutions for the task at hand. Our machines run Windows, and a bakers dozen of apps which makes up our suite. Now, the security question is NOT who has Access to What File, but: Who can Modify the database in a particular way. For instance, a Cash Register Operator must be able to ring in a transaction, and, hence must have Read Modify and Write access to the files that constitute the tables which records these events. It goes without saying that this must be the same table set for each user. Now, a Supervisor has an aditional capability of being able to modify the sales amount, but from a file access point of view, has basically the same access. It is our Software that determines what is allowed or not allowed, based on how an operator is signed in, NOT how signed in to Windows, but how signed in to our Software. Our Software is typically running on terminals 24/7/365, and a user signs in on OUR signin screen when the need arises (i.e. a Customer arrives) Our Software is responsible of automatically saving transactions, most operators have never in their lives seen a 'Save As' or 'Open' File Dialog. The subject is not covered in the Standard Course Material, because it would be irrellevant. I have not heard of a way yet in windows where one can leave applications running, whilst changing User. What's more, I have not yet heard of a way either Windows Security can decide to grant or deny access on the basis of the intentions of the user, which are only known to the Application Program. It is ofcourse important that a business has only One set of Accounts, and that it is always THAT Database that transactions are entered upon. This must be so, regardles of who Windows Security assumes to be the User. To Store the DB Location in HKCU would therefore be wrong, HKLM would be the Correct Place, with No Confusion Possible. Fine for that, at least that does not change, but there are other parameters, dat DO Change, that should Also be stored there for the Same Reason! Immediate 'Gotche' The Vista 'Solution' of storing it under HKCU anyways is exactly the Opposite of what we want to achieve. Another factor is the 'Fiddle' factor. The vast majority of our End Users are entirely Computer Illiterate, and have been trained just to operate our software. In 10 year we have not had One Security Incident, with any of our
-
Why does Microsoft set all this up by default?? Because in the past they've been ripped up in the media for NOT having it secured by default. Admins who didn't know what they were doing were put in charge of setting up all kinds of stuff and not securing any of it. Then schmucks come by with nothing better to do and just hack into it and cause all sorts of damage or write viruses and unleash them on unsuspecting users. Bascially, MS was forced to secure everything by default to protect the innocent from themselves.
A guide to posting questions on CodeProject[^]
Dave KreskowiakHi, The Kiosk mode will not Work, It assumes One Exe per terminal, I've 13 Possible Ones. Good Try, but the Only answer for me seems to be to Re-Set Windows7 Requirements to XP Requirements. :)
Bram van Kampen
-
Don't you just love how Microsofts has decided whats best for its users? It used to be in this world that it was the customer who determined how the next generation of a product changed or eveolved. Automibile drivers were hot and so the industry added air conditioning. Drivers wanted to hear music and so enter the FM radio. Then came the personal computer. Once the public was hooked Micro$oft changed gears and started making product changes based on what they believed was best and not what users wanted. Unlike the automobile industry most users are stuck with whatever Microsoft says because their only choice is to do that or switch to a Mac or do without a computer. TThis level of users doesn;t even know what Limux/Unix is let alone how to use a system running it so they really do have only the choice of Microsoft or Apple. Apples being telling users for years what they are going to get so its not like switching to Apple opens up more choices for the user. This is the end result of our letting ourselves become so dependent on the product of one company. In the 80's the schools should have taught computer skills as a mandatory class (instead of that multicultural appreciation junk) so that come 20 years later the target demographics would be primarily coimputer savvy techs. Oh well. Windows 7 though is even worse then Vista in terms of the big screw you from Microsoft. At least in Vista many of the undesired changes were optional. I can make Windows Explorer function like it shoudl in Vista but in Windows 7 i'm stuck with this new broke arse design. Good luck with Windows 7.
Okay, I'll answer this even though you're obviously a troll. My guess is that your song in dance for years has been the very insecure nature of Microsoft operating systems and now that things are locked down a bit and forcing people to use good architecture you're all about 'freedom'. The fact is: Any operating system has rules for proper development. Would it be acceptable to have end users run Linux with full administrative privileges? If that is a bad idea in Linux or are the Linux folks a bunch of Nazis?
-
Okay, I'll answer this even though you're obviously a troll. My guess is that your song in dance for years has been the very insecure nature of Microsoft operating systems and now that things are locked down a bit and forcing people to use good architecture you're all about 'freedom'. The fact is: Any operating system has rules for proper development. Would it be acceptable to have end users run Linux with full administrative privileges? If that is a bad idea in Linux or are the Linux folks a bunch of Nazis?
@MehGerbil First off I'm no troll. Second, the "you're a troll" defense is often the lead in used by someone who themselevs is a troll or who knows there argument is weak and tehrefore needs to start off with fallacy. I'd like to think your reply was for some other post and thats why it makes no sense but I am not assuming that. Your comparison with Linux Security is beyond weak and explains why you started your argument with a fallacy targeted at my character. If you did in fact reply to the wrong post then I apolagize for the above. If not then how about trying to make your case without being a dick.
-
@MehGerbil First off I'm no troll. Second, the "you're a troll" defense is often the lead in used by someone who themselevs is a troll or who knows there argument is weak and tehrefore needs to start off with fallacy. I'd like to think your reply was for some other post and thats why it makes no sense but I am not assuming that. Your comparison with Linux Security is beyond weak and explains why you started your argument with a fallacy targeted at my character. If you did in fact reply to the wrong post then I apolagize for the above. If not then how about trying to make your case without being a dick.
I'm calling you a troll because like most trolls, you set up ever changing scenerios where it's impossible for Microsoft to win. This is done so your flavor of the month Linux distro can be pimped out. Also, you spelled Microsoft as Micro$oft, which in itself is troll-speak. I'm guessing you do this: If Microsoft tightens up security then they are "forcing it down people's throats" and using their market share to "decide what is best for everyone else". If Microsoft allows lax security then they "aren't a serious OS developer" and they "don't really care about the customer." I'll make you a deal though. If you've never criticised Microsoft for putting out an insecure OS while then offering Linux as an alternative then I'll apologize since my "troll" comment was based on the assumption that you've made those sorts of posts in the past and are now changing your tune (since the old 'insecure' tune no longer works) to criticize the lockdown. I'm guessing you've done both, which means you're gonna hate on Microsoft no matter what they do, which then means the "troll" accusation is dead on accurate. Let me know.
-
I'm calling you a troll because like most trolls, you set up ever changing scenerios where it's impossible for Microsoft to win. This is done so your flavor of the month Linux distro can be pimped out. Also, you spelled Microsoft as Micro$oft, which in itself is troll-speak. I'm guessing you do this: If Microsoft tightens up security then they are "forcing it down people's throats" and using their market share to "decide what is best for everyone else". If Microsoft allows lax security then they "aren't a serious OS developer" and they "don't really care about the customer." I'll make you a deal though. If you've never criticised Microsoft for putting out an insecure OS while then offering Linux as an alternative then I'll apologize since my "troll" comment was based on the assumption that you've made those sorts of posts in the past and are now changing your tune (since the old 'insecure' tune no longer works) to criticize the lockdown. I'm guessing you've done both, which means you're gonna hate on Microsoft no matter what they do, which then means the "troll" accusation is dead on accurate. Let me know.
Then you need to apolagize because not only have I never said anything close to what you propose I have, I don't even use Linux let alone any other OS besides Microsoft unless you want to count the Droid OS on my smart phone. I am a Microsoft only user. So much for trying to paint me as anti-Microosft/Pro-ABMS (Anything but Microsoft). Iin fact, I am one of the Vista 12 on the pnate, the group of 12 Microsoft Vista users who have never had a problem with Vista. Now if I can use Vista and not complain about it then no one can say I am anti-microsoft! That said Microsoft doesn't get a free ride on mistakes just because I use only their software. Sofwtare vendors have to be hedl accountable for the actions they take that affect thier users and thats what the big deal is with the Ribbon and now the Start button change. I spell Micro$oft with the "$" to be sarcastic and emphasize their often times (but not always) goal of money over everything else including doing the right thing.