Vista compat questions

  • Article

I was at TechEd and was happy see people embracing security changes of Vista.

 

Some of the questions asked to me were:

 

1.> Redirection of reg keys and folders is a good feature, how do I use it on my folders?

Ans:

Redirection  IS NOT A FEATURE. It is just a MITIGATION. You are not suppose to depend your unreleased apps on it.

 

2.> How does my service show UI now?

Ans:

Services are not supposed to show UI, again there is a mitigation in Vista, but is ugly . You do not want a service to have a UI!

 

3.> My app requires to access xyz protected  folder/reg key, I will elevate it with manifest and it shud work fine right?

Ans:

Yes, but that is not the solution you shud be working at, as then you are running elevated always and have a greater attack suface. Restrict at relaxing the ACLS only to the limited resources you require. Also see if you really need this access in your runtime or can you put this in your setup?