locked
VISTA standard user privileges - is this REALLY a standard? RRS feed

  • Question

  • Hello all,

     

    This is a very fundamental question that appears to have been overlooked, but -

     

    If there is a set of "standard user priviliges" defined for Vista, where can software developers obtain documentation for this standard?

     

    If not, why is the term "standard" being employed in this context?

     

    Have a nice day,

     

    Jeff Page

    Wednesday, July 25, 2007 6:00 PM

All replies

  • It's not a formally defined standard, if that is what you mean. It is what used to be referred to as a 'Limited User', but the term was changed to something that sounds less derogatory.

     

    The general rule of thumb is that a Standard User cannot make system wide changes or alter the experience of using the computer for other users. It is, in effect, defined by the set of rights and permissions granted by default to a non Administrative user account.

     

    Best practice is to assume any operation could fail due to security restrictions in place and to fail gracefully it it isn't possible to continue as a result.

    Wednesday, July 25, 2007 10:04 PM
  • Hello all,

     

    Here are some related observations of unexpected behaviour from User Access Control on Vista:

     

    1) A commercial setup program fails to register a COM server (without providing notification)

     

    2) Executing regsvr32 as local administrator from the command line fails with a rather generic message {online search associates the error code with a variety of unrelated software issues]

     

    3) Disabling User Access Control causes the first two items to complte successfully.

     

    One wonders if is the observed behaviour a bug or by design. I would ask all interested parties to repeat this experiment and post their observations. By running this simple experiment on many systems [with different configurations] we can determone if this is consistent behaviour. The next step is determining if it is correct behaviour.

     

    Ultimately it seems  the behaviour of User Access Control MUST be more precisely specified - many develops depend on predictable and correct behaviour - not just emprical observations form machine experiements

     

    Regards,

     

    Jeff Page

    Saturday, July 28, 2007 7:01 PM
  •  

    1) If the setup doesn't elevate (because it is non-vista aware and installer detection doesn't spot it) then yes this will fail. Registering a COM server is a privileged operation. Right-clicking the executable and selecting Run As Administrator should fix this.

     

    2) Again, it's a privileged operation. You must launch the command prompt elevated via Run As Administrator or use a command line tool like elevate.cmd to launch the executable.

     

    3) With UAC off, everything run by an Administrator is launched elevated, which is why it succeeds.

     

     

    I'm not quite sure what you expect to be defined, Anything that writes to HKLM or Program Files or the Windows directory is a privileged operation. Where possible, Windows will virtualise writes for compatibility reasons, but in some cases (generally these related to installing or updating software) this is insufficient and those operations will fail unless run with full Administrative rights.

    Sunday, July 29, 2007 9:17 PM