"LUA Bug" demo app

I do a lot of presentations on how to identify and fix “LUA bugs” in applications (*), both for Windows XP and Windows Vista.  I frequently use a little VB6 application to demonstrate writing to various portions of the file system and registry, write to .ini files in protected locations, restart services, explicitly check for admin rights, etc.  People have asked me to post that app to my blog so that they can use it too.  So here it is, including the VB6 project/source code.

As is, no support, hopefully it’s self-explanatory! 

Chris Jackson has a more elaborate demo app with full lab script, geared toward application compatibility tools and techniques on Vista.  You can get it here.

(*)  “LUA” = “limited user account”, a.k.a., “non-admin”, “standard user”
“LUA bugs” = application or feature of an application that 1) works when run by a member of Administrators or Power Users; 2) fails when run by a standard user; and 3) has no valid business or technical reason for requiring administrative control over the computer.


Comments (4)

  1. Rik Hemsley says:

    Lua is a programming language. Can you stop saying Lua bug and say ‘limited user account’ bug instead please?

    [Aaron Margosis]  Sorry about that, but terms and acronyms get re-used all the time.  A Wikipedia search turns up multiple definitions for LUA, including the programming language you refer to as well as to the least privilege concept that I refer to.  And that doesn’t even include Microsoft’s LUA (“Logical Unit Application”) programming interface exposed by Host Information Server.  We’ll just all have to find a way to get along. 🙂

  2. Øyvind Sørbye says:

    Thanks Aaraon, and also thanks for very good presentations here at TechEd!

    [Aaron Margosis]  Thank you!  I hope I can come back next year!

  3. Mike Piazza says:

    I’m nosing around in this area because I have built my son’s system with Win 7 and his account as a LUA.  NOTHING and I MEAN NOTHING runs without me having to enter my admin password.  I have gone in to the main right-click dialog under the compatibility tab on each game and application that refuses to run and checked every box and clicked every button that tells the system to run this app with ‘elevated’ privs and then ‘applied’ the change and each game/app still requires me to enter a password for it to run.  It is really, really, really, really pissing me off!  I cannot find anything anywhere that talks anything more about it than what I have found on your blog.  It is like the functionality that is supposed to be there is not.  It doesn’t do anything!  ARE U READING THIS MICROSOFT??? Please fix your CRAP code?  Have I missed anything?  The only way I have been able to get around it without giving him an admin account is to turn off the UAC completely which kinda defeats the purpose don’t you think?  Any ideas guys? Thanks.

  4. Mike Piazza says:

    Let me add that the game/app writers have to take some heat for this as well by ‘requiring’ elevated privs to run.  I.E. Punkbuster, Steam etc, etc….

    [Aaron Margosis]  Mike, are you trying to install the applications as a standard user?  Most applications need to be installed by an administrator.  Once it’s installed, very few applications should require administrative rights and should be able to be used by a standard user without requiring an admin to enter a password.

    Log in as an administrator and install the games, then have your son log in.  If the app still demands admin rights, then there’s probably something faulty in the app.