Win32
Introduction to Perl & Vista's
 Feature “User Acceptance
           Control“
0.0 What is its impact on Perl
                 and Win32 in general.
•   “User Account Control (UAC) on Windows Vista cha...
0.1 What is its impact on Perl
           and Win32 in general.
• What is its impact on:

    Perl: Specifically?
    Win3...
0.3 What is its impact on Perl
    and Win32 in general.
1.0 Which users are (not) impacted.

•   Built-in Administrator & Enterprise Admin
    accounts => No Impact.
•   All Othe...
1. How to workaround it.
1.1 How to solve it through Windows GPO
          Local Security Policy.
1.2 How to solve it through a manifest.
•    “asInvoker” : The application runs with the same token as the
    parent proc...
1.3 What to look out for in the MS Vista SP1
             Christmas present.
Online Perl-UAC Documentation

• Re^2: (OT) Windows Vista UAC: http://www.perlmonks.org/?node_id=608471
• How can I integr...
ddn123456@gmail.com
Upcoming SlideShare
Loading in …5
×

Win32 Introduction To Perl And Vista S Feature User Acceptance Control

2,751 views
2,705 views

Published on

Published in: Technology, Business
1 Comment
1 Like
Statistics
Notes
  • Hi guestf502777,

    Vista probably isn't the most loved or best OS ever provided by MS. And about its additional security 'features' already enough religious wars were fought without being won by either side.

    Therefore I did document how to workaround these issues in this presentation and on www.perlmonks.org (exact links mentioned in the slides.

    So don't hesitate to join www.perlmonks.org and post your issue, the community will certainly help you out.

    With kind regards.
    ddn123456
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
2,751
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Win32 Introduction To Perl And Vista S Feature User Acceptance Control

  1. 1. Win32 Introduction to Perl & Vista's Feature “User Acceptance Control“
  2. 2. 0.0 What is its impact on Perl and Win32 in general. • “User Account Control (UAC) on Windows Vista changes the paradigm of being an administrator on a Microsoft Windows operating system. Rather than wielding full administrative privileges all of the time, the token is quot;splitquot; and there are two of them. If you run an application normally, it is given the token that has fewer privileges (a quot;standard userquot; token, if you will, although the Administrators group is still present and set to quot;deny onlyquot; so securable objects that an administrator is explicitly forbidden from accessing will still be denied to this user). If you create a process elevated, you are prompted to approve the elevation, after which the process is provided with an quot;unfilteredquot; token that grants this application full administrator credentials.” Quote www.microsoft.com • “UAC creates an alternate model where all users, including administrators, run with standard user rights. Executables that require administrative rights include a requestedExecutionLevel key in their manifest - XML embedded in their executable - that specifies requireAdministrator. When an administrator executes such an image, in its default configuration UAC presents a Consent dialog that asks permission for the image to run with administrative rights. Standard users see a similar dialog, but must enter the credentials of an administrative account to unlock administrative rights.” Quote Mark Russinovich http://blogs.technet.com/markrussinovich/archive/2007/02/12/638372.aspx
  3. 3. 0.1 What is its impact on Perl and Win32 in general. • What is its impact on: Perl: Specifically? Win32: Generally?
  4. 4. 0.3 What is its impact on Perl and Win32 in general.
  5. 5. 1.0 Which users are (not) impacted. • Built-in Administrator & Enterprise Admin accounts => No Impact. • All Other Users => Impacted. • Rights Local Administrators group != Rights Built-in Administrator • Security impact & user experience might vary due to Future Vista Patch levels.
  6. 6. 1. How to workaround it.
  7. 7. 1.1 How to solve it through Windows GPO Local Security Policy.
  8. 8. 1.2 How to solve it through a manifest. • “asInvoker” : The application runs with the same token as the parent process. • “highestAvailable” : The application runs with the highest privileges the current user can obtain. • “requireAdministrator” : The application runs only for administrators and requires that the application be launched with the full token of an administrator. • Internal Manifest file to be included with the binaries. 1. <?xml version=quot;1.0quot; encoding=quot;UTF-8quot; standalone=quot;yesquot;?> 2. <assembly xmlns=quot;urn:schemas-microsoft-com:asm.v1“ manifestVersion=quot;1.0quot;> 3. <trustInfo xmlns=quot;urn:schemas-microsoft-com:asm.v3quot;> 4. <security> 5. <requestedPrivileges> 6. <requestedExecutionLevel level=quot;asInvoker“ 7. uiAccess=quot;falsequot;/> 8. </requestedPrivileges> 9. </security> 10. </trustInfo> 11. </assembly> • mt.exe -manifest ExeName.exe.manifest -outputresource:ExeName.exe
  9. 9. 1.3 What to look out for in the MS Vista SP1 Christmas present.
  10. 10. Online Perl-UAC Documentation • Re^2: (OT) Windows Vista UAC: http://www.perlmonks.org/?node_id=608471 • How can I integrate within the PDK perlapp the manifest assembly workaround for Vista UAC? http://www.perlmonks.org/?node_id=608007
  11. 11. ddn123456@gmail.com

×