Looking for documentation on the "right" way to install apps on Windows 7 -

-

i'm working legacy applications (10-15 years old), , trying find guidance on "right" way install , run them (and user application) on windows 7 without requiring full admin privileges.

in other words, executable/read-only should files go, user-data/read-write should files go, registry entries should go, avoid issues uac , windows 7 file/registry virtualization during both installation , @ run-time.

i seem remember, years ago, microsoft white paper on subject, unable find relevent information now. have found information on user side (how legacy applications run on windows 7 via compatibility tweaks), none on developer side (how create/install applications play nicely on windows 7 natively).

any pointers such information appreciated. thanks.

marc

you're thinking of windows logo requirements.

  1. install correct folders default

users should have consistent , secure experience default installation location of files, while maintaining option install application location choose. necessary store application data in correct location allow several people use same computer without corrupting or overwriting each other's data , settings.

windows provides specific locations in file system store programs , software components, shared application data, , application data specific user:

  • applications should installed program files[16] folder default. user data or application data must never stored in location because of security permissions configured folder

[16] %programfiles% native 32-bit , 64-bit applications, , %programfiles(x86)% 32-bit applications running on x64 respectively

  • all application data must shared among users on computer should stored within programdata

  • all application data exclusive specific user , not shared other users of computer must stored in users\\appdata

  • never write directly "windows" directory , or subdirectories. use correct methods installing files, such fonts or drivers

  • in “per-machine” installations, user data must written @ first run , not during installation. because there no correct user location store data @ time of installation. attempts application modify default association behaviors @ machine level after installation unsuccessful. instead, defaults must claimed on per-user level, prevents multiple users overwriting each other's defaults.

next fact should not writing location requires administrative permissions.

note: can test of on windows 2000 or windows xp (as windows 2000 logo requirements required) running standard user.

since applications ignored logo requirements, , fail when run standard user privileges, windows vista included ability keep these buggy applications limping along virtualizing writes protected locations - rather having them fail.

you can opt out of compatibly hack manifesting application runas invoker:

<?xml version="1.0" encoding="utf-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestversion="1.0">      ...     <!-- disable file , registry virtualization -->     <trustinfo xmlns="urn:schemas-microsoft-com:asm.v2">         <security>             <requestedprivileges>                 <requestedexecutionlevel level="asinvoker" uiaccess="false"/>             </requestedprivileges>         </security>     </trustinfo>     ... </assembly>

the logo guidelines talk uac , virtualization of writes locations:

  1. follow user account control (uac) guidelines

some windows applications run in security context of administrator account, , many require excessive user rights , windows privileges. controlling access resources enables users in control of systems against unwanted 20 changes. important rule controlling access resources provide least amount of access “standard user context” required user perform or necessary tasks. following uac guidelines provides applications necessary permissions when needed, without leaving system exposed security risks.

most applications not require administrator privileges @ run time, , should fine running standard-user. windows applications must have manifest 21 (embedded or external 22 ) defines execution levels , tells os privileges application requires in order run.

  • for example,

  • the main process of application must run standard user (asinvoker). administrative features must moved separate process runs administrative privileges.

  • a waiver required applications run main process 23 elevated privileges (requireadministrator or highestavailable)

waivers considered following scenarios:

  • administrative or system tools execution level set highestavailable, , or requireadministrator

or

  • only accessibility or ui automation framework application setting uiaccess 24 flag true bypass user interface privilege isolation (uipi)

then there high-dpi. windows logo requirements decade has required applications respond appropriately high (i.e. non-96dpi) displays. since applications break horribly if user use "large fonts", microsoft gave and, virtualization of file system, virtualize dpi setting. unless application opts out of compatibility hack: windows lie , tell you 96dpi.

only once you've written app should add entry application's manifest disable high-dpi scaling:

<?xml version="1.0" encoding="utf-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestversion="1.0">      ...     <!-- high-dpi aware on windows vista -->     <asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">         <asmv3:windowssettings xmlns="http://schemas.microsoft.com/smi/2005/windowssettings">             <dpiaware>true</dpiaware>         </asmv3:windowssettings>     </asmv3:application>     ... </assembly>

anyway, it's there, windows 7 client software logo program.

note: if writing windows application 15 years ago (1995) assume writing for:

  • windows 3.1, or
  • windows 95

rather than:

  • windows nt 3.1
  • windows nt 3.5
  • windows nt 4
  • windows 2000
  • windows xp

it's important note windows nt designed secure operating system. not allowed arbitrarily want. fundamental difference from:

  • windows 1
  • windows 2
  • windows 3
  • windows 3.1
  • windows 95
  • windows 98
  • windows me

which had no security.

writes windows , program files folder requires administrator permission. because administrators should install applications. regular users cannot modify, or damage, installed programs - or installation of windows itself, e.g.:


Comments

Post a Comment

Popular posts from this blog

php - What is the difference between $_SERVER['PATH_INFO'] and $_SERVER['ORIG_PATH_INFO']? -

-
what’s difference between $_server['path_info'] , $_server['orig_path_info'] ? how use them? when run print_r($_server) , path_info , orig_path_info not present in array. why not? how can enable them? i have read php manual on them, still don’t understand them. the path_info variable present if invoke php script this: http://www.example.com/phpinfo.php/hello_there it's /hello_there part after .php script. if don't invoke url that, there won't $_server["path_info"] environment variable. the porig_ prefix uncommon. path_info standard cgi-environment variable, , should never prefixed. did read that? (there issues around php3/php4 if invoked php interpreter via cgi-bin/ - hardly has such setups today.) for reference: http://www.ietf.org/rfc/rfc3875
Read more

fortran - Function return type mismatch -

-
i'm attempting recode old c++ program in fortran make use of lapack (i'm aware c++ have lapack++, i'm having lot of trouble installing it, gave up). i didn't have problems compilation, when had variables declared real . when started coding section of program required lapack, found parameters passed dsyev need double precision . tried change double precision (including changing hard coded numbers double precision counterparts, i.e. 0.0 -> 0.0d0) when try compile, following error of functions , subroutines i've written: error: return type mismatch of function <function> @ (1) (real(4)/real(8)) i'm not sure coming from, in program has been changed double precision. for example, i've declared following: double precision :: alpha(3),d(3),zeta1,zeta2 double precision :: a1(3),a2(3),d1(3),d2(3) double precision :: pi pi = 3.14159265359d0 alpha = (/0.109818d0, 0.405771d0, 2.22766d0/) d = (/0.444635d0, 0.535328d0, 0.154329d0 /) 10 i=1,3 ...
Read more

queue - mq_receive: message too long -

-
i implementing communication between 2 processes using queue. problem when call function mq_receive, error: message long. i have done following: struct mq_attr attr; long size = attr.mq_msgsize; .... // initializing queue "/gateway" int rc = mq_receive(gateway, buffer, size, &prio); if print size value, size=1, while when print same size program (got same mechanism), not long integer ( -1217186280 )... how can solve error?....so while size = 1, believe it's right "message long" why 1? p.s. have tried put : int rc = mq_receive(gateway, buffer, sizeof(buffer), &prio); but no result. it seems need read docs more carefully. when call mq_receive should pass size of destination buffer. this size must greater mq_msgsize attribute of queue . in addition, seems have error in queue attributes initialisation makes proper mq_receive call impossible. here standard message queue session: fill mq_attr struct ( doc ): struct mq_a...
Read more