VS2005/Vista issues
in [MFC]
|
From: Anthony Wieser on 18 Jun 2007 11:54 How about you change your account type to admin to install VS2005, so the correct profile gets updated when you install VS2005, and change it when you find you really need admin privileges, but then revert back to limited when you don't... Anthony Wieser Wieser Software Ltd > This suggests that if I make myself an administrator account (add my > account to the > administrator group) then I would NOT be subjected to the limitations of > my current > account. I want code that runs under my login account to have all the > llimitations of an > ordinary user (including to being able to set hooks, etc.), but if I run a > program that > wants privileges (as specified in its manifest) then it will prompt me, > and I can simply > click one mouse button to get them, so I can do the things I need to do > without massive > hassle while still getting a credible representation of what end users > will normally see. > joe
From: Tom Serface on 18 Jun 2007 12:34 Yeah, that is easy for C++ programmers to say. Try debugging and ASP.NET application on Vista without running VS 2005 as an administrator... I find it annoying to have to remember to do that every time I am working in one environment as opposed to another and so far I haven't been able to figure out a way to run "As administrator" all the time so I always have to right click and select the item. I guess I could turn off UAC, but that would make me run differently than my users and I'm sure I'd discover all kinds of things that would be wrong with that approach as soon as people started testing my release builds :o) Tom "Anthony Wieser" <newsgroups-sansspam(a)wieser-software.com> wrote in message news:eoZxmEcsHHA.5008(a)TK2MSFTNGP03.phx.gbl... > How about you change your account type to admin to install VS2005, so the > correct profile gets updated when you install VS2005, and change it when > you find you really need admin privileges, but then revert back to limited > when you don't...
From: Anthony Wieser on 18 Jun 2007 12:42 I see. I guess that's Software as a Service for you! Tony "Tom Serface" <tom.nospam(a)camaswood.com> wrote in message news:89FB685D-CF02-4EBF-B7F8-81E4A74F85C9(a)microsoft.com... > Yeah, that is easy for C++ programmers to say. Try debugging and ASP.NET > application on Vista without running VS 2005 as an administrator... I find > it annoying to have to remember to do that every time I am working in one > environment as opposed to another and so far I haven't been able to figure > out a way to run "As administrator" all the time so I always have to right > click and select the item. I guess I could turn off UAC, but that would > make me run differently than my users and I'm sure I'd discover all kinds > of things that would be wrong with that approach as soon as people started > testing my release builds :o) > > Tom > > "Anthony Wieser" <newsgroups-sansspam(a)wieser-software.com> wrote in > message news:eoZxmEcsHHA.5008(a)TK2MSFTNGP03.phx.gbl... >> How about you change your account type to admin to install VS2005, so the >> correct profile gets updated when you install VS2005, and change it when >> you find you really need admin privileges, but then revert back to >> limited when you don't... >
From: David Ching on 18 Jun 2007 16:37 "Joseph M. Newcomer" <newcomer(a)flounder.com> wrote in message news:g59d73luv7ul8a21lpqio7fsgnsr1j4rhq(a)4ax.com... > This question was based on the earlier reply in this thread: > >>Actually there is BIG difference. A "limited" process running under >>administrator account can open a handle to an "elevated" process with full >>access rights and screw with it any way it wants - run a remote thread, >>inject code, etc. It's like being on the other side of the fence, but >>still >>having a key to the gate. So it's just an illusion of protection. >> >>A process running under "true" limited user CANNOT open handle to an >>administrator process. It even cannot send arbitrary windows messages to >>it. > > This suggests that if I make myself an administrator account (add my > account to the > administrator group) then I would NOT be subjected to the limitations of > my current > account. I want code that runs under my login account to have all the > llimitations of an > ordinary user (including to being able to set hooks, etc.), but if I run a > program that > wants privileges (as specified in its manifest) then it will prompt me, > and I can simply > click one mouse button to get them, so I can do the things I need to do > without massive > hassle while still getting a credible representation of what end users > will normally see. > joe > Yes, and I pointed out that the assertion you quoted is simply wrong, in my experience. SetWindowsHookEx() does install a global hook, but you will see your DLL does *not* get injected into elevated processes, if the injector is not elevated. -- David
From: Joseph M. Newcomer on 18 Jun 2007 22:36
Because installing VS2005 has nothing to do with my problem. I want to run "limited" in a context where I will be prompted if I need to elevate privilege, but I want the prompt to be reasonably unobtrusive. Unfortunately, it keeps prompting me for a password, which is deeply offensive, since there is exactly one user on my machine, and that is me. joe On Mon, 18 Jun 2007 16:54:33 +0100, "Anthony Wieser" <newsgroups-sansspam(a)wieser-software.com> wrote: >How about you change your account type to admin to install VS2005, so the >correct profile gets updated when you install VS2005, and change it when you >find you really need admin privileges, but then revert back to limited when >you don't... > >Anthony Wieser >Wieser Software Ltd > >> This suggests that if I make myself an administrator account (add my >> account to the >> administrator group) then I would NOT be subjected to the limitations of >> my current >> account. I want code that runs under my login account to have all the >> llimitations of an >> ordinary user (including to being able to set hooks, etc.), but if I run a >> program that >> wants privileges (as specified in its manifest) then it will prompt me, >> and I can simply >> click one mouse button to get them, so I can do the things I need to do >> without massive >> hassle while still getting a credible representation of what end users >> will normally see. >> joe Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm |