Yes it does, try it.
Right click on an icon, go into advanced and tick run as administrator. Regards Dale Fraser http://dale.fraser.id.au/blog From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Scott Sent: Friday, 13 April 2007 5:31 PM To: [EMAIL PROTECTED] Subject: [cfaussie] Re: OT: Vista Application Ok now I am confused... Justin are you saying that if I deploy and application with Administrator privellages to run, it is going to ask me to Allow or Deny? On 4/13/07, Justin Carter <[EMAIL PROTECTED]> wrote: On Apr 13, 2:11 pm, "Dale Fraser" <[EMAIL PROTECTED] > wrote: > Trusted in what way? > > If I install my app into Program Files it can't do anything, including > writing files into subdirectories of the install path. > > If I install out side of Program Files it can do everything. > > So I think stuff in Program Files is less trusted, either i'm missing > something or they have not thought this through That's right, and that's how XP works. Anything can write anywhere it likes (NTFS permissions permitting). Vista aims to do things differently. Program Files is secured by UAC, meaning that if you want to change something, you have to give the process permission. If you install an app into Program Files you can trust that the app can't been infected/exploited by another non-admin process since requests for access are filtered through UAC, and when you run the app as Admin you should be able to trust it to do what it is supposed to do. If you install an app outside of Program Files it is open to a certain form of exploitation by a virus or other malicious user that can write to the files the application uses (purely because it is stored outside Program Files). If the application is compromised and you have it set up to run as Administrator, you are effectively giving the injected code a free ticket to ride, and since you already trust this particular app (in your own mind) you might be inclined allow privilege elevation whenever it requests it, when infact it could be some injected code doing it's dirty work under the guise of this other application. In your case Dale, if your app doesn't run as Admin when stored outside Program Files then there is considerably less risk that some other application which might always need to run as Administrator for whatever reason. But if your app did get compromised then some malicious injected code could be masquerading under the name of your app and will happily show the user a UAC prompt. Now what does the user do when "DalesApp01.exe" requests a privilege elevation? Will they be able to trust what will happen next? But the app is stored outside Program Files?! Arghhh! "To be continued..." :) Anyway, that's just my understanding of (part of) why the whole Program Files security stuff exists. That and the fact that we (mostly) all insist on using Admin accounts for every day use. But trust me, there is far less whinging and moaning with UAC than there would be if you weren't allowed to log on to the desktop with an Administrator account *at all*. IMO, the world would be in chaos and the internet would explode with "complaint overload" :P www.aegeon.com.au Phone: +613 8676 4223 Mobile: 0404 998 273 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to [EMAIL PROTECTED] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---
