VS2005/Vista issues
in [MFC]
|
From: Joseph M. Newcomer on 17 Jun 2007 13:34 Yes, I discovered that even as a limited user I am apparently not able to change my OWN environment variables, but when I gave the admin password, and changed the "user" environment variables, it set the administrator environment, not mine. I think MS screwed this one up royally; the user environment variables are mine and should be changeable by me. joe On Sat, 09 Jun 2007 14:43:07 GMT, "David Ching" <dc(a)remove-this.dcsoft.com> wrote: >"David Wilkinson" <no-reply(a)effisols.com> wrote in message >news:eFX4t3nqHHA.4280(a)TK2MSFTNGP05.phx.gbl... >> There is a bit more difference than that. When the standard user supplies >> a password, the elevated process runs in the context of the admin user >> rather than the original standard user. > >Thanks, I had not known that! > > >> For sophisticated users, I think UAC is a great thing, because it allows >> them to run safely from an admin account. For unsophisticated users, I'm >> not so sure, because they may just find UAC annoying and either turn it >> off or get in the habit of always clicking OK without thinking. >> > >UAC is certainly an imperfect solution that no one should feel very proud >of. > >-- David > Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm
From: Joseph M. Newcomer on 17 Jun 2007 13:36 ACtually, it is reasonably important to me that under "normal" operating conditions that I be unable to set hooks or send messages to elevated processes. Yet I still need to be able to get privileges when I need them, but not be annoyed by having to type a password each time. It sounds like these are incompatible goals. joe On Sat, 9 Jun 2007 11:51:46 -0700, "Alexander Grigoriev" <alegr(a)earthlink.net> wrote: >Actually there is BIG difference. A "limited" process running under >administrator account can open a handle to an "elevated" process with full >access rights and screw with it any way it wants - run a remote thread, >inject code, etc. It's like being on the other side of the fence, but still >having a key to the gate. So it's just an illusion of protection. > >A process running under "true" limited user CANNOT open handle to an >administrator process. It even cannot send arbitrary windows messages to it. > >"David Ching" <dc(a)remove-this.dcsoft.com> wrote in message >news:%4qai.7287$u56.6575(a)newssvr22.news.prodigy.net... >> "Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message >> news:reak63lhj9b6crv83kg4ve912hk1b4nras(a)4ax.com... >>> OK. But this will let me normally run with the lower privileges of an >>> ordinary user most >>> of the time, then? >> >> Exactly. In Vista, there's no difference between an Admin user and a >> Limited user, other than whether you need to provide an Admin password >> when elevation is required or whether you just need to click Continue. >> >> >>> I'm still struggling with all this privilege stuff, but I want to be >>> testing in a "normal" user environment most of the time. So I really >>> want the extra >>> step---I've found that I don't need it *all* that often, so I'm trying to >>> create a >>> realistic test environment, but when I need it, I don't want to have to >>> give the password. >>> So I'll do as you suggest. >> >> Yeah, this will work perfectly for you. >> >> -- David >> >> > Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm
From: Joseph M. Newcomer on 17 Jun 2007 13:38 The problem is that I need to develop under Vista, because that is also a requirement of the customer. The customer specifically ruled out cross-platform development, and I can't go into the reasons due to NDA, but it's part of the contract, unfortunately. joe On Mon, 11 Jun 2007 09:29:49 +0900, "Norman Diamond" <ndiamond(a)community.nospam> wrote: >"Anthony Wieser" <newsgroups-sansspam(a)wieser-software.com> wrote in message >news:e2J4t9mqHHA.5092(a)TK2MSFTNGP04.phx.gbl... >> "Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message >> news:d7cj63l709jops1l9b8cve9gsrcn41hsqi(a)4ax.com... >>> I spoke too soon about VS2005 Vista SP1 being more reliable; doing rather >>> trivial single-threaded app debugging, I've managed to crash it six times >>> in the last hour. >>> >>> It must be run as administrator, which requires an administrator >>> password. What I'd like to do is set myself up to run as a normal user, >>> but with the privileges of running as administrator whenever I want to >>> with only the simple confirmation box (not the need to type in a name and >>> password each time). Any possibility Vista supports something like this? >> >> I'm successfully running VS2005 sp1 on vista from a limited user account. > >I'm successfully running VS2005 SP1 with Vista hotfix on Vista without >privileges, for various lengths of time. It does start running and runs for >some random length of time. > >> I think only certain obscure debugging functionality actually requires a >> full admin account. > >You mean that if you don't need obscure debugging functionality then >Microsoft is lying when they put up that prompt recommending use of >administrative privileges? I thought it was illegal or immoral to notice >that Microsoft tells lies like that. > >But it doesn't matter. Debugging or not, when VS2005 SP1 with Vista hotfix >runs on Vista successfully for some random length of time, it's a good >thing, and all good things come to an end. > >Now, Dr. Newcomer *knows* how to overcome this. In principle, use Windows >2000 or Windows XP on the development machine, and use Vista on the target >machine. You don't even need a serial link, this is user-mode stuff and you >can copy the executables across the network. Well, that's the principle. >In practice, the development machine has to be Windows XP, because Windows >2000 isn't Genuine. Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm
From: David Ching on 17 Jun 2007 17:34 "Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message news:76sa735dfhre15c27imnich4aena0erps7(a)4ax.com... > ACtually, it is reasonably important to me that under "normal" operating > conditions that I > be unable to set hooks or send messages to elevated processes. Yet I > still need to be > able to get privileges when I need them, but not be annoyed by having to > type a password > each time. It sounds like these are incompatible goals. I don't know what the problem is. Under "normal" conditions, you WON'T be able to set hooks or send messages to elevated processes. The only way to do so is to first elevate your process. For an Admin account, all you have to do is click OK when the screen darkens, not type in a password. What about this situation do you not like? -- David
From: Joseph M. Newcomer on 18 Jun 2007 11:32
This question was based on the earlier reply in this thread: >Actually there is BIG difference. A "limited" process running under >administrator account can open a handle to an "elevated" process with full >access rights and screw with it any way it wants - run a remote thread, >inject code, etc. It's like being on the other side of the fence, but still >having a key to the gate. So it's just an illusion of protection. > >A process running under "true" limited user CANNOT open handle to an >administrator process. It even cannot send arbitrary windows messages to it. This suggests that if I make myself an administrator account (add my account to the administrator group) then I would NOT be subjected to the limitations of my current account. I want code that runs under my login account to have all the llimitations of an ordinary user (including to being able to set hooks, etc.), but if I run a program that wants privileges (as specified in its manifest) then it will prompt me, and I can simply click one mouse button to get them, so I can do the things I need to do without massive hassle while still getting a credible representation of what end users will normally see. joe On Sun, 17 Jun 2007 14:34:49 -0700, "David Ching" <dc(a)remove-this.dcsoft.com> wrote: >"Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message >news:76sa735dfhre15c27imnich4aena0erps7(a)4ax.com... >> ACtually, it is reasonably important to me that under "normal" operating >> conditions that I >> be unable to set hooks or send messages to elevated processes. Yet I >> still need to be >> able to get privileges when I need them, but not be annoyed by having to >> type a password >> each time. It sounds like these are incompatible goals. > >I don't know what the problem is. Under "normal" conditions, you WON'T be >able to set hooks or send messages to elevated processes. The only way to >do so is to first elevate your process. For an Admin account, all you have >to do is click OK when the screen darkens, not type in a password. What >about this situation do you not like? > >-- David > Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm |