Windows Vista and User Account Control

It seems to me that User Account Control is one of the most noticeable features of Windows Vista when you’re first using it but there’s a lot of confusion around it.
 
Hopefully I’ll not add to it by getting something wrong. Here’s my take on what I found with it by default;
 
1) When a process runs on Vista it will not have Administrative privileges by default whether you are logged in as Administrator or not. (Almost all) Calls that require Administrative privileges will therefore fail.
 
2) A process only has Administrative privileges if it is running elevated.
 
3) When a process runs it is either elevated or not for the duration of its lifetime. It cannot be changed during execution.
 
4) When a process wants to run elevated it goes through the “consent” dialog box to check with the user.
 
5) There are a number of ways in which a process can run elevated;
 
i) You use the right mouse menu in the shell to run it “as administrator”.
 
ii) It is launched from a process that is already elevated.
 
iii) It has marked itself with an application manifest to say “Hey, I need to be elevated”.
 
iv) It is a setup program or similar.
 
v) It is marked in the application compatibility database.
 
vi) It is run from the shell with a “run me as elevated” flag.
 
vii) There’s apparently a new COM API to run a server as elevated but I’ve not seen this in action yet.
 
6) It is possible to alter the behaviour of UAC based on policy that’s applied to your machine – there are quite a few flags that you can tweak to control how it behaves including switching it off altogether.
 
The essential idea of UAC is for applications to work when they’re running as a standard user.
 
If your application simply can’t work as a standard user (consider Task Manager and other OS applications) then you have 2 choices;
 
1) Run the application elevated using one of the mechanisms.
 
2) Separate out the functionality of the application that needs to run elevated. Put that functionality behind pieces of UI that warn the user that when they take that particular action they should expect the consent dialog and run some process elevated from that UI. This dialog is an example;
 
 
 
Note that those “shield” buttons are obtainable in your own applications – it’s a standard OS thing.
 
What happens when you click the Shield button? It depends. I guess you have a few choices;
 
1) Run a separate process altogether but run it elevated.
 
2) Re-run the same process that you’re running already but run it as elevated (note – TaskManager seems to do this).
 
With all that said. I was left with a few questions;
 
1) How do I build .NET application that knows whether it’s elevated or not?
 
2) How do I build a .NET application with a manifest that always runs elevated?
 
3) How do I build .NET application that displays these shield buttons to be elevated?
 
For (1), I found that from a .NET point of view I seem to be able to just use WindowsIdentity and WindowsPrincipal and check against the “Administrators” group. If I’m running elevated then the check against Adminstrators comes back as true and otherwise it comes back false.
 
For (2) I found that it’s easy enough to embed a Win32 resource into a .NET executable to request that the application runs elevated.
 
For (3) I found that I can PInvoke to SendMessage in order to get a .NET application to display the shield icon on a dialog.
 
I built a simple sample. If you run it as admin you’ll first get;
 
 
 
then if you click the Shield icon, this application will shut itself down and re-run itself as elevated and you’ll see this along the way;
 
 
and then if you go for “Allow” you’ll get the application back elevated;
 
 
 
and now the “admin” operation (it doesn’t do anything) is now enabled.
 
I also built a 2nd version of the application that has a manifest built into the executable that requests that the application will always run elevated. Note that this is a piece of XML but it’s embedded into the EXE as a Win32 resource – you can get MSBuild to do this for you by editing the project file as I’ve done in the sample.
 
If you run this version of the application (it’s in a separate folder in the zip file) then you’ll get the “consent” dialog straight away before the application comes up and when it comes up it’ll already be elevated.
 
Hope that all makes sense – all mistakes are mine and I’ll fix them if you let me know.