none
TC3.1.1 "Verify application launches with Least Privilege user token" RRS feed

  • Question

  •  

    Hi All,

     

    I have some questions about "LuaPriv" tests in the Application Verifier.

     

    We have an application - windows service. It's possible to use it (setup, start/stop) only by administrators. We have a manifest requires administrative privileges to launch it. Our service provides functionality of web service to access some database.

     

    Q1: Does the AppVerifier "LuaPriv" test applicable for my application (not setup)? 

    Q2: If "yes", what is the way to pass it. Now I get about thousands errors that indicate about "restricted acces" and similar.

    Q3: Is there any recommendations to test applications like this? (except Logo Test Framework).

     

    Thanks.

    Monday, July 7, 2008 6:44 AM

Answers

  • Hi Stealth,

     

    As per my knowledge, it’s not that LuaPriv tests are applicable only for setup application.

     

    LuaPriv is one of the test that that AppVerifier can perform. This can be turned on or off for each application being tested. To turn on a test for the application, select the check box next to it.

    LuaPriv contains different tests that can be used in two different scenarios:

    -      Predictive — Determines whether an application running with administrative privileges would work if run with less privilege (generally, as a normal user). For example, if the application writes to files that only allow access to administrators, then that application will not be able to write to the same file if run as a non-admin.

    -      Diagnostic — When running as a non-admin, identifies potential problems that may already exist with the current run. For example, if the application tries to write to a file that only grants admin access, the application will get an ACCESS_DENIED error.

     

    Please refer the following link for more details on AppVerifier http://msdn.microsoft.com/en-us/library/aa480483.aspx.

     

    Hope it clarifies.

     

    Thanks,

     

    Leena

     

    Friday, July 11, 2008 1:37 PM

All replies

  • Hi,

     

    "LuaPriv" tests in the Application Verifier is applicable in TC2.4.1 : Does the application attempt to write to or replace files under Windows Resource Protection? This test applies to Server and Client components. The application must not attempt to write to WRP Registry Keys or replace any system files during install in order to pass this test case.

     

    STEPS:

     

    1.      Launch AppVerifier and attach msiexec.exe and application installer.

    2.      Only select the LuaPriv test for each msiexec.exe and application installer.

    3.      Install application. Perform Primary Functionality, and any Post Install configuration that may install any “Just in Time” applications, Services, or set registry keys.

    4.      Visually ensure the application did not attempt to write to or replace any WRP Registry Key or Windows System File:

    a.      Make note of any WRP Registry Key or Windows System File that the application attempted to write to or replace.

    b.      Note any Access Denied dialog boxes.

    c.      Note any WRP dialogs.

     

    Examine the logs from AppVerifier. Examine all LayerName=”LuaPriv”, and Severity=”Error”. Any Errors or Warnings should be examined.

     

    Please refer the Windows Server 2008 Software Test Framework document for more clarification.

     

    Hope it helps.

     

    Thanks,

     

    Leena

    Wednesday, July 9, 2008 6:25 PM
  • Hi Leena,

     

    It helps me much.

    As I understood, "LuaPriv" tests are applicable only for setup application. (Please, correct me, if I'm wrong).

     

    Thanks, so much.

    Thursday, July 10, 2008 9:43 AM
  • Hi Stealth,

     

    As per my knowledge, it’s not that LuaPriv tests are applicable only for setup application.

     

    LuaPriv is one of the test that that AppVerifier can perform. This can be turned on or off for each application being tested. To turn on a test for the application, select the check box next to it.

    LuaPriv contains different tests that can be used in two different scenarios:

    -      Predictive — Determines whether an application running with administrative privileges would work if run with less privilege (generally, as a normal user). For example, if the application writes to files that only allow access to administrators, then that application will not be able to write to the same file if run as a non-admin.

    -      Diagnostic — When running as a non-admin, identifies potential problems that may already exist with the current run. For example, if the application tries to write to a file that only grants admin access, the application will get an ACCESS_DENIED error.

     

    Please refer the following link for more details on AppVerifier http://msdn.microsoft.com/en-us/library/aa480483.aspx.

     

    Hope it clarifies.

     

    Thanks,

     

    Leena

     

    Friday, July 11, 2008 1:37 PM