I'm speaking at Tech*Ed North America 2008, during the "IT Professionals" week, June 10-13. I'll be presenting SIX (6) sessions, all on non-admin / least-privilege and the resulting application compatibility issues that arise. (When I started my "non-admin" blog back in 2004, it was all about security. Now that least-privilege has increasingly become the default, it has become much more about application compatibility.)
Specific dates/times and session numbers to be determined:
- Finding Permissions Issues with LUA Buglight 2.0
I've been working on an update to LUA Buglight and will discuss/demo it. (I hope to have something you can download and run by then -- can't promise, though.)
- Fixing "LUA Bugs" (Admin-Permissions-Required Bugs)
Similar to the "Fixing LUA Bugs" series on my blog, but updated with more info pertinent to Vista and additional information regarding app-compat shims
- Identifying "LUA Bugs" (Admin-Permissions-Required Bugs)
Comparing/constrasting Sysinternals Process Monitor, Standard User Analyzer and LUA Buglight for identifying root causes of LUA bugs
- Windows Vista App-Compat Topics: MIC, UIPI, Protected Mode IE
Mandatory Integrity Control, User Interface Privilege Isolation, Protected Mode Internet Explorer, what they are and how they impact application compatibility
- Miscellaneous App-Compat/Architecture Topics: Terminal Services Sessions vs. Logon Sessions; Where Mapped Drives are Defined, and More
Some really nerdy deep-dive stuff that is actually worth knowing.
- How We Got Where We Are: Why Windows Has Traditionally Required Admin Rights
Vista makes a big shift in how users interact with their computers and how developers have to write code for those users. Why couldn't "least-privilege" have been the default from the beginning? This session explains the decisions that were made and why those decisions made sense. (Most sessions talk about current or near-future technologies -- this is all history stuff. I'm really looking forward to this one.)
All of them are 400-level, except the last which is a 200-level session.