On Jun 15, 7:46 pm, Jimmy Brush <j...@mvps.org> wrote:
> Superfreak3wrote:
> > I'm working on getting our application installation ready for VISTA
> > and hope I'm almost there. I just want to verify the following...
>
> > from technet2.microsoft.com....
>
> > Understanding and Configuring User Account Control in Windows Vista
> > Migrating from the Power Users
> > "UAC does not leverage the Power Users group, and the
> > permissions granted to he Power Users group on Windows XP have been
> > removed from Windows Vista."
>
> > Does this mean that the concept of Power Users no longer exists in
> > Vista at all or only that the PU concept is no longer available if UAC
> > enabled?
>
> > Later in this section I see "To use the Power Users group on Windows
> > Vista, a new security template must be applied to change the default
> > permissions on system folders and the registry to grant PU gropu
> > permissions equivalent to Windows XP."
>
> > The reason I pose the question is that in testing the install, it runs
> > through with UAC enabled. If I disable it and try to install with a
> > user I've added to the Power Users group (no new security template
> > applied), I get a 1303 error indicating I don't have permissions to
> > the Program Files\My App location. If I install with UAC disabled as
> > an Admin, I'm OK.
>
> > I thought I also read somewhere, maybe in the same document, that
> > Program Files is now similar to System folders with regard to security
> > now in Vista. ??
>
> > A brief answer(s) is all I'm looking for here, nothing too detailed (I
> > know that may be impossible with Vista.). I think I've read all the
> > Microsoft 'stuff' I can at this point. My head is spinning.
>
> > Any help is greatly appreciated!
>
> > Thanks in advance!!
>
> The "concept" of power users is gone.
>
> However, the Power Users group still exists in Vista, but like the
> document says, they are not ACL'ed access to system resources, so you
> have to run the special file first to grant them extra access.
>
> Program Files has always been "restricted" for standard users in the
> manner you speak of. It is important that this be so, because if any
> user and any program could just overwrite system-wide .exe's, they could
> easily hijack other applications, hijack other users, and elevate their
> account/program to administrator status.
>
> Also, in order for your program to use the extra "Power Users" power,
> your application must explicitly tell Windows that it wants the extra
> power by including a Vista-style manifest with your application that
> specifies a requestedExecutionLevel of "highestAvailable".
>
> This will cause your program to prompt for admin power if the user is an
> administrator, silently receive the extra power if the user is a power
> user, and run with no extra power if the user is a standard user.
>
> The power users "experience" is pretty broken in Vista. For example,
> explorer does not ask to use the "power user" power, so power users
> cannot use their extra privileges when using windows explorer.
>
> Confused yet? 
>
> --
> -JB
> Microsoft MVP - Windows Shell/User
> Windows Vista Support FAQ -http://www.jimmah.com/vista/- Hide quoted text -
>
> - Show quoted text -
Oh, big time confused! I guess we'll just have to waddle our way
through.
My immediate concern if for installation of our software at the moment
as that is basically what I do.
Our previous installation was allowed or designed, I should say for
Admins and Power Users, so I was just wondering what the impact would
be to our installations where end users may have utilized Power Users
to install.
Painting with a broad stroke, it looks as though installation Custom
Actions and ensuring their execution is one of the big 'battles' with
readying pre-Vista install packages for Vista.
I guess the other concept would be to develop a purely Standard User
or user install. ??
Any more information with regard to impact on our installs caused by
Vista would be, as always, GREATLY appreciated!
Thanks for the info so far!!!