Windows Vista应用程序的开发中，对应UAC(User Account Control, 用户帐户控制)的开发需求 （一）

 
The Windows Vista and Windows Server 2008 Developer Story: Windows Vista Application Development Requirements for User Account Control (UAC)
 
Windows Vista和Windows Server 2008开发者故事：Windows Vista应用程序的开发中，对应UAC(User Account Control, 用户帐户控制)的开发需求
 
Contents
Introduction        介绍
Why User Account Control?         意图
How UAC Works             UAC如何工作
Will UAC Affect Your Application?            UAC对应用程序的影响
Designing Applications for Windows Vista           设计Windows Vista应用程序
Deploying and Patching Applications for Standard Users

为Standard Users部署和升级应用程序
Troubleshooting Common Issues             一般问题解决
References        参考
Conclusion         结语

Introduction        介绍

This article is intended to assist application developers with designing Windows Vista capable applications that are User Account Control (UAC) compliant. Detailed steps about the design process are included, along with code samples, requirements, and best practices. This article also details technical updates and changes to the user experience in Windows Vista.

    本文算帮助应用开发人员设计服从UAC的Windows Vista应用程序。包含设计过程的详细步骤，代码样例，需求，以及最优方法。本文也详述了Windows Vista中的技术更新和用户体验。

Why User Account Control?         意图

Application developers have consistently created Microsoft Windows applications that require excessive user rights and Windows privileges, often requiring that the executing user be an administrator. As a result, few Windows users run with the least user rights and Windows privileges required. Many enterprises, seeking to balance ease of deployment and ease of use with security, have often resorted to deploying their desktops as administrator due to standard user application compatibility problems.

    应用程序开发人员一贯创建需要过多用户权限和视窗特权的应用程序，经常要求程序执行用户是管理员身份。结果，几乎没有Windows用户运行于最小用户权限和特权下。许多企业为平衡部署简易和安全使用简易，常常部署为管理员身份，以对应在标准用户下运行时的兼容性问题。

 

The following list details additional reasons it is difficult to run as a standard user on computers running operating systems earlier than Microsoft Windows Vista.

    以下条目详述了更多原因，为什么在运行着Windows Vista以前版本系统的计算机上使用标准用户存在困难。

1.      Many Windows applications require that the logged on user be an administrator, but these applications do not actually require administrator-level access. These applications perform a variety of administrator access checks before being permitted to run, including:

          许多Windows应用程序要求登录用户是管理员，但是实际上并不需要管理员级别的访问权。这些程序在被允许运行前，会进行多种管理员访问权检查，这包括：

    a.      Administrator access token checks.

              管理员访问令牌检查。

    b.      "All access" access requests in system protected locations.

             系统保护单元需要”All access”访问权限。

    c.      Data writing to protected locations, such as %ProgramFiles%, %Windir%, and HKEY_LOCAL_MACHINE/Software.

             向保护区域（如：%ProgramFiles%，%Windir%及HKEY_LOCAL_MACHINE/Software）写数据。

 
2.       Many Windows applications are not designed with the concept of least-privilege and do not separate user and administrator functionality into two separate processes.

          许多Windows应用程序没有按最小权限原则进行设计，并且没有把用户和管理员的功能划分开。

 
3.      Windows 2000 and Windows XP create every new user account as administrator by default; therefore, key Windows components, such as the Date and Time and the Power Management control panels do not work well for a standard user.

          Windows 2000和Windows XP默认创建管理员身份的新用户帐户；Windows核心组件（如Data and Time, Power Management）控制面板在普通用户下不能很好地运行。
 

4.     Windows 2000 and Windows XP administrators must create two separate user accounts—one for administrative tasks and a standard user account to perform day-to-day tasks. Therefore, users must log off their standard user accounts and log in again as an administrator, or use Run As to perform any administrative tasks. 

          Windows 2000和Windows XP管理员必须创建两个分立的用户帐户——一个完成管理员级别任务，另一个完成日常事务。因此，用户必须登出标准用户帐户并登入管理员级别账户，或者直接运行在管理员账户上，以完成任何管理员级别的任务。

With User Account Control (UAC), Microsoft provides a technology to simplify deploying standard user desktops in the enterprise and at home.

      微软依靠UAC(用户帐户控制)来提供技术，简化在企业和家用版系统上对标准用户桌面的部署。

Building off of the Windows security architecture, as originally designed in the Microsoft Windows NT 3.1 operating system, the UAC team sought to implement a standard user model that was both flexible and more secure. In previous versions of Windows, one access token was created for an administrator during the logon process. The administrator's access token includes most Windows privileges and most administrative security identifiers (SIDs). This access token ensures that an administrator can install applications, configure the operating system, and access any resource on the computer.

      构建Windows安全体系的设计始于Microsoft Windows NT 3.1系统，UAC小组寻求实现既灵活又安全的标准用户模型。Windows以前的版本，为管理员登录过程提供访问令牌，管理员的访问令牌包括大多数视窗特权和大多数管理员级别安全标识符(SID)。这确保管理员能够安装应用程序、配置操作系统、以及访问计算机的任何资源。

The UAC team took a drastically different approach to designing the access token creation process in Windows Vista. When an administrator user logs on to a Windows Vista computer, two access tokens are created: a filtered standard user access token and a full administrator access token. Instead of launching the desktop (the Explorer.exe process) with the administrator's full access token, the filtered standard user access token is used. All child processes inherit from this initial launch of the desktop, which helps limit the attack surface of Windows Vista. By default, all users, including administrators, log on to Windows Vista as standard users.

      UAC小组在Windows Vista中采用完全不同的方式设计访问令牌的创建过程。当一个管理员用户登录到Windows Vista系统的机器时，有两个访问令牌被创建：一个经过过滤的标准用户令牌和一个完整的管理员访问令牌。用过滤的标准用户令牌代替管理员的完整访问令牌来启动桌面（即Explorer.exe进程）。所有子进程均继承自此初始启动桌面，这样能有效限制Windows Vista的受攻击面。所有用户帐户，包括管理员，都默认以标准用户身份登录Windows Vista系统。

Note   There is one exception to the preceding statement: Guests log on to the computer with fewer user rights and privileges than standard users.

注意    以上情况有一个例外：以Guest身份登录到计算机，比标准用户拥有更少的用户权限和特权。

When an administrator user attempts to perform an administrative task, such as installing an application, UAC prompts the user to approve the action. When the administrator user approves the action, the task is launched with the administrator's full administrator access token. This is the default administrator prompt behavior, and it is configurable in the local Security Policy Manager snap-in (secpol.msc) and with Group Policy (gpedit.msc).

      当管理员用户试图执行一个管理员级的任务时，例如安装应用程序，UAC会提示用户批准此操作，任务才用管理员访问令牌启动。这是默认的管理员提升行为，它可在本地安全管理插接(secpol.msc)和组策略(gpedit.msc)中进行配置。

Note   An administrator account on a Windows Vista computer with UAC enabled is also called an administrator account in Admin Approval Mode. Admin Approval Mode identifies the default user experience for administrators in Windows Vista.

注意    UAC有效的Windows Vista上的管理员账户，也被称为“管理员许可模式的管理员账户”。管理员许可模式认定管理员为默认用户体验。

Each administrative elevation is also process specific, which prevents other processes from using the access token without prompting the user for approval. As a result, administrator users have more granular control on what applications install while greatly impacting malicious software that expects the logged on user to be running with a full administrator access token.

      每次管理员提升之间也是进程分离的，可以阻止其它进程在没有得到用户批准的情况下使用访问令牌。这样，管理员用户对于应用程序的安装就有更粒度化的控制，同时对那些期望登录用户使用完整的管理员访问令牌运行的恶意软件造成了极大的冲击。

Standard users also have the opportunity to elevate within a task flow to perform administrative tasks by using the UAC infrastructure. When a standard user attempts to perform an administrative task, UAC prompts the user to enter valid credentials for an administrator account. This is the default standard user prompt behavior, and it is configurable in the local Security Policy Manager snap-in (secpol.msc) and with Group Policy (gpedit.msc).

      标准用户通过使用UAC机制，有机会在完成管理员级别的任务流中提升（权限）。当标准用户试图完成管理员级任务时，UAC会提示用户输入管理员账户的有效证明书（管理员用户名及密码）。这是标准用户默认提示行为，它可以在本地安全管理插接(secpol.msc)和组策略(gpedit.msc)中进行配置。

For detailed information about "Why User Account Control?" see the Windows Help file. To find this article in the Help file, expand Fundamentals, expand Secure Applications, expand Developing Secure Applications, and then click User Account Control (UAC).

      想了解关于“为什么引入UAC？”的详细信息，请参看Windows帮助文件。

未完待续...