Will UAC Affect Your Application? UAC對應用程序的影響
Whether or not your application will be affected by UAC depends on the applications current state. In a number of cases, no changes will be necessary to comply with Microsoft Windows® Security requirements. However, some applications, including line of business (LOB) applications, may require changes to their install, function, and update processes to properly work in a Windows Vista UAC environment.
你的應用程序是否會受到UAC的影響,依賴於程序當前的狀態。在許多情形下,沒有必要依從於Microsoft Windows®安全要求去做出改變。但是一些應用程序,包括line of business (LOB) applications,可能需要改變安裝、功能及升級過程,以使其能夠在Windows Vista UAC環境下正常運行。
Designing Applications for Windows Vista
設計Windows Vista應用程序
The following list represents a workflow for designing applications for Windows Vista.
以下列表表示出設計Windows Vista應用程序的工作流程:
Step One: Test Your Application for Application Compatibility.
第一步:測試應用程序的兼容性
Test your application for Windows Vista application compatibility. This testing can be easily performed by installing the Standard User Analyzer.
測試程序的UAC兼容性,可通過安裝Standard User Analyzer完成此測試。
Step Two: Classify Your Application.
第二步:對應用程序分類
Classify your application as a standard user, administrator, or mixed user application. Administrative applications in Windows Vista often have a mixture of both administrative and standard user functionality.
按標準用戶、管理員或混合用戶對程序進行分類。Windows Vista中的Administrative applications通常混合了管理員級和標準用戶的功能。
Step Three: Redesign for UAC Compatibility.
第三步:針對UAC兼容性進行重設計
Redesign your applications functionality for UAC compatibility. Use the information in this section, once you have classified your application and determined whether it must be redesigned for UAC.
針對UAC兼容性重新設計程序功能,一旦對程序進行分級並決定是否應該進行重設計,請參考本節的信息。
Step Four: Redesign Your UI for UAC Compatibility.
第四步:針對UAC兼容性重新設計UI
Redesign your application user interface. Closely adhering to these guidelines in your applications development will ensure that your application will have a consistent and predictable user experience in Windows Vista.
重新設計程序的用戶界面。在程序開發中嚴格遵守這些準則,會確保程序擁有Vista中一致的、可預知的用戶體驗。
Step Five: Redesign Your Installer.
第五步:重設計安裝程序
Redesign your application installer. The best practices in this section are for well-behaved application installations in a Windows Vista or UAC environment.
重設計安裝程序,使其在Vista或UAC環境下運行良好。
Step Six: Create and Embed an Application Manifest.
第六步:創建並嵌入應用程序清單
Create and embed an application manifest with your administrative applications. The correct way to mark your applications is to embed an application manifest within your program that tells the operating system what the application needs.
通過administrative applications創建並嵌入應用程序清單。標明程序的正確做法是在程序中嵌入清單,告訴操作系統程序需要什麼。
Step Seven: Test Your Application.
第七步:測試程序
Test your redesigned or new application for application compatibility using the Standard User Analyzer.
使用Standard User Analyzer測試重設計的或新的程序的兼容性。
Step Eight: Authenticode Signature.
第八步:Authenticode簽名
Sign the application with an Authenticode signature to prevent tampering with the executable.
給程序簽署Authenticode簽名,以防止篡改可執行文件。
Step Nine: Windows Vista Logo Program.
第九步:Windows Vista Logo Program計劃
Participate in the Windows Vista Logo Program.
加入Windows Vista Logo Program計劃。
Impact of UAC on the Windows User Experience
UAC對Windows用戶體驗的影響
The biggest and most immediate impact on the user experience will be felt by administrators. Administrator users will now need to provide permission to accomplish administrative tasks. Coupled with that, standard users will now gain the ability to perform administrative tasks within the currently logged in session by providing valid administrator credentials.
管理員將感受到最大的、最直接的用戶體驗的影響。管理員級別任務現在需要管理員用戶提供許可方能實行。與此相對的,標準用戶在當前登錄的會話中,通過提供有效的管理員憑證,也將得到執行管理級任務的能力。
Goals of the UAC User Experience
UAC用戶體驗的目的
The overall goal for UAC user experience is to provide predictability.
UAC用戶體驗的總體目的是提供可預測性。
• For an administrator, this means that the user always know when he/she will need to give permission to run an elevated task.
對於管理員,這意味着他隨時知道自己將對提升級別的任務提供運行許可。
This is the act of requesting the user's own administrator access token so that he/she can make administrator-required changes.
此行爲要求用戶自己的管理員訪問令牌,來進行管理員需求變更。
• For standard users, this means that they will know when they:
對於標準用戶這意味着以下時刻他們將知曉:
• Will need to provide administrator credentials (home and unmanaged environments) for administrative tasks.
需要爲管理級任務提供管理員憑證(home and unmanaged environments)時。
• OR when they cannot complete a task (managed environments where elevation is explicitly disallowed) and must contact the help desk.
或者當用戶無法完成任務(managed environments where elevation is explicitly disallowed)並必須尋求幫助時。
Elevation Prompt 提升提示
The elevation prompt is built upon an existing Windows user interface. The elevation prompt displays contextual information about the executable requesting elevation, and the context is different depending on whether the application is Authenticode signed. The elevation prompt is seen in two variations: the consent prompt and the credential prompt.
提升提示建立在已存在的Windows用戶界面上。提升提示顯示可執行文件申請提升的上下文信息,此信息依應用是否經過Authenticode簽名而不同。提升提示有兩種:許可提示和憑證提示。
Consent Prompt 許可提示
The consent prompt is displayed to administrators in Admin Approval Mode when they attempt to perform an administrative task. This is the default user experience for administrators in Admin Approval Mode and can be configured in the local Security Policy Manager snap-in (secpol.msc) and with Group Policy.
The following illustration is an example of a User Account Control consent prompt.
當管理員用戶試圖執行管理級別任務時,許可提示以Admin Approval模式顯示給管理員。這是Admin Approval模式下管理員用戶的默認用戶體驗,可以在本地安全策略管理器(secpol.msc)和組策略中進行配置。
Credential Prompt 憑證提示
The credential prompt is displayed to standard users when they attempt to perform an administrative task. This is the default user experience for standard users and can be configured in the local Security Policy Manager snap-in (secpol.msc) and with Group Policy.
當標準用戶試圖執行管理級別任務時,會顯示憑證提示。這是標準用戶的默認用戶體驗,可以在本地安全策略管理器(secpol.msc)和組策略中進行配置。
Deploying and Patching Applications for Standard Users
爲Standard Users部署和升級應用程序
This section discusses how to ensure that your application can be deployed for standard users. For detailed information about "Deploying and Patching Applications for Standard Users," see the Windows Help file, which can be downloaded here. To find this article in the help file, expand Fundamentals, expand Secure Applications, expand Developing Secure Applications, and then click User Account Control (UAC).
本節討論如何確保應用程序能爲標準用戶進行部署。
Troubleshooting Common Issues
This section lists common development and installation issues that arise in Microsoft .NET applications. For detailed information about "Troubleshooting Common Issues," see the Windows Help file, which can be downloaded here. To find this article in the help file, expand Fundamentals, expand Secure Applications, expand Developing Secure Applications, and then click User Account Control (UAC).
References 參考
This section includes a virtualization reference and a security settings reference. For detailed information about "Virtualization Reference," see the Windows Help file, which can be downloaded here. To find this article in the help file, expand Fundamentals, expand Secure Applications, expand Developing Secure Applications, and then click User Account Control (UAC).
Conclusion 結論
With User Account Control (UAC), Microsoft has provided a technology designed to simplify deploying standard user desktops in the enterprise and at home.
通過UAC,微軟提供技術以簡化企業及家庭中標準用戶桌面的部署。
Building off the Windows security architecture, the UAC team sought to implement a standard user model that is both flexible and more secure.
UAC小組建立Windows安全體系,尋求一種既靈活又安全的標準用戶模型。
