UACBlog : UAC Announcements

What’s New in the February CTP

User Account Control Team — Wed, 22 Feb 2006 22:00:00 GMT

Hi. I’m Alex, the product manager for User Account Control. Today we released February Windows Vista CTP (build 5308) and we wanted to make beta testers aware of what new things you’ll find in this build.

Application-Aware Elevation Prompts
The elevation prompts that users see are now customized based on the type of application that is running. To have control over which prompt the user sees, the executable must be signed using Microsoft Authenticode technology. If an unsigned application attempts to run with full administrator privileges, the approval dialog will contain stronger warning language and be color coded to warn users of the potential risk.

But for signed applications and Windows component, the dialogs will use different colors, icons, and less strong warning language.

This will help users tell at a glance if they need to be extra-cautious before running a particular program. Developers who do not yet digitally sign their applications should begin signing them to prevent Windows Vista customers from seeing these strong warnings when attempting to install or run your software.
We are still refining these dialogs, but the February CTP shows the direction we are headed.
Access to Virtualized Files
It is now easier to find the files that are redirected by the file virtualization capabilities in Windows Vista. First, a brief explanation of what we mean by virtualization in User Account Control. Many applications break for standard users (non-admins) today because they attempt to write to protected areas that the standard user does not have access to. Windows Vista will improve application compatibility for these users by redirecting writes (and subsequent reads) to a per-user location within the user’s profile. For example, if an application attempts to write to “C:\program files\appname\settings.ini” and the user doesn’t have permissions to write to that directory, the write will get redirected to “C:\Users\username\AppData\Local\VirtualStore\Program Files\appname\.”
To make it easier to find these redirected files we added a new button to Windows Explorer. If there is a virtualized version of a file related to the current directory, a Compatibility Files button appears that will take you to the virtual location to view that file.
Run as Administrator
The right-click “Run elevated” command that you could use to force an application to run with elevated privileges is now called “Run as administrator

If you find other things that are new, different, or unexpected in this build please post them as comments on this entry.

- Alex Heaton
User Account Control Product Manager

New Name, Same Vision

User Account Control Team — Thu, 19 Jan 2006 00:36:00 GMT

Even though the name has been changing, from LUA to UAP, and now finally User Account Control (UAC), the underlying goal has not changed. Our goal is to help protect individuals and organizations by enabling Windows Vista users to run their computers as Standard Users. It may sound humble, but this effort has the potential to significantly increase security for all users, reduce TCO and support costs for organizations, and enable parental controls that help protect children when online.

You can make an analogy between User Account Controls and seatbelts in cars. The Model T automobile was introduced in 1908, yet Ford did not include their first seatbelt until 1959, and they were not required by law in the US until 1968. When seatbelts were first introduced, they were perceived as an annoyance and their usage was low. But now their safety benefits have been proven and the majority of us use them. Likewise with User Account Controls, it may take some time to get used to the idea of running as a Standard User, but the safety benefits are clear, it will be less of an inconvenience than you think, and soon it will be hard to believe that we ever ran everything with full administrative privilege.

While we are also doing work on something called Admin Approval Mode, in which many common applications run as Standard User even if you're logged in as an administrator, we want to be very clear that you're still using the system as an administrator in this mode. When you're using Windows Vista, you’re either a Standard User or an Administrator, and our goal is to allow everyone to run as a Standard User.

To make our vision a reality, it's going to take a lot of work not only by us, but by the entire software industry. Since users will demand that their applications work under Standard User, software developers must make sure that their applications are compatible. To facilitate this, we're working on guidance for MSDN and there's a chalk talk that developers can review here.

Lastly, I want to thank each of you for reading our blog and apologize for not keeping it as fresh as we'd like to. So here's what we're going to do... From now until Vista launch, if we ever go 30 days without posting a new entry, the first 5 people that send mail to uacswag@microsoft.com will get free Vista swag shipped to you.

Thanks again and please send us your comments on our vision.

David B. Cross
Director of Program Management
Windows Security

User Account Control

User Account Control Team — Fri, 09 Dec 2005 02:23:00 GMT

User Account Protection was the preliminary name for a core security component of Windows Vista. The component has now been officially named User Account Control (UAC). Our blog archives are located at http://blogs.msdn.com/uap. All future blogging will occur on this /uac blog.