tags:

views:

76

answers:

1
+3  Q: 

UAC and elevation prompt pattern

I've read several questions regarding UAC and privilege elevation but I've not found a satisfactory/comprehensive answer.

I have this scenario: on Windows 6 or above, when the user opens a configuration window I have to show the shield (BCM_SETSHIELD) on the OK button only if privilege elevation will be required to complete the task. -- I do know that in the Windows UI the shield is always visualized for "administrative tasks", even if UAC is disabled, but the customer had this specific request.

I have draft this condition in order to show the icon:

  1. The user has not administrative rights
    OR
  2. The current process has TOKEN_ELEVATION_TYPE == TokenElevationTypeLimited

The condition #1 is simple: if the user hasn't administrative rights elevation is always required regardless of UAC. The #2 implies that the user has administrative rights, and any other value of TOKEN_ELEVATION_TYPE means that elevation is not needed.

Is really that simple? I am missing something? And - there's a documented or well-known pattern regarding this topic?

+1  A: 

You are right. Most people just put the shield on if the button will be running elevated, but the right thing to do is to put the shield on if the button will cause elevation (ie suppress it if you are already elevated, since everything you launch will remain elevated unless you go to some trouble to launch a non elevated process, and suppress it if UAC is off.)

The good news is that if someone in the Administrators group runs (under UAC) an application non-elevated, you'll get back false when you ask if they are an admin or not. So I think you might be ok with just that one test.

Kate Gregory  2010-06-26 19:25:01
Well, actually there is a rationale in putting the shield even if the application is already elevated (or if UAC is disabled): this way the user will immediately acknowledge that the button does "administrative stuff". I endorse this UI style, but the customer don't.
Lorenzo  2010-06-26 19:31:23
So do you think that I can rely only on the #1 check?
Lorenzo  2010-06-26 19:33:59
I think you should code it as "if you're not an admin, put on the shield" and then run all your test cases to see if it suffices. My suspicion is that it will.
Kate Gregory  2010-06-26 21:36:16
When UAC is enabled and you are not running elevated you have a limited token; this token has the Administrators group removed, so the first check is enough.
Luke  2010-06-26 22:55:52

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)