Get Mesh (and why we require UAC)

I’m John Macintyre, the Group Program Manager for Live Mesh Client Platform & Runtime (it fits on a business card if you use 6 point type).  I wanted to talk about how Live Mesh client install works, and address the questions we’ve seen about why User Account Control (UAC) must be enabled on Windows Vista in order for Live Mesh to work.

The design challenge we faced with Live Mesh client deployment was to make it simple to install, while providing rich client experiences that are deeply integrated with the device experience i.e. today your Windows Shell, tomorrow your Mac, Mobile device etc. 

It’s worth taking a quick look at the client footprint before we cover how it is deployed. The Live Mesh client can be separated into two distinct components:

  1. Mesh Operating Environment (MOE) – this is the client version of our services composition runtime, a cohesive programming model for interacting with the mesh.  On the client, it is responsible for data synchronization, cloud interaction, P2P interaction and handling requests from applications.

  2. Live Mesh Client – this is the set of core experiences that are built on the runtime to deliver experiences around Live Mesh Folders and Live Mesh Remote Desktop.  

There is a further subcomponent breakdown but at a conceptual level you can think of the client as a runtime engine with an experience layered on top of it.  Today the client is deployed as a single unit but in subsequent refreshes we will enable other configuration and distribution scenarios.

We’ve tried to keep the client deployment model as seamless and simple as possible.  It can be broken into three separate stages …

1) Add Device …

The Live Mesh client is deployed through the Devices page of  Clicking on “Add Device” will initiate the download of the Live Mesh installer.  The first thing that you may notice is the installer is relatively small.  The initial install of the Live Mesh client is actually just a bootstrap component that reaches out to a server and retrieves the latest version of the client.  This provides the benefit of small download from the browser and an always up-to-date client footprint.

2) Run LiveMesh.exe …

Once the bootstrap installer has been downloaded, users click on ‘run’ to launch the installer.  Live Mesh installs on the system as “per user” which means that installation only applies to the current Windows user. So by default, installing on Vista does not require administrator privileges, and no UAC prompt is shown.   The runtime client binaries are deployed to the user’s profile under application data and all COM objects are registered for the current user.  This means that installations are not shared across Windows accounts.  Another interesting aspect of install is that the user is not presented with a terms of use or confirmation dialog since this was already done through service sign-up.  We hope this simplifies the overall flow and experience around client deployment.

Why does Live Mesh require UAC?

At this point it’s worth talking about UAC and why the Live Mesh client requires that UAC be turned on. If you’ve tried to install Live Mesh on a system with UAC disabled you’ll have found that the installer blocks on this configuration.  There’s a technical reason why we impose this restriction:  In Vista RTM with UAC off, COM does not read the per-user hive, meaning COM objects registered per-user do not work.  Since Live Mesh installs per-user without elevation it is subject to this restriction.  To prevent users from installing on unsupported configurations we added a block in our installer when UAC is off.  Fortunately there’s light at the end of the tunnel for users that run with UAC disabled.  Windows Vista SP1 has a change that allows per-user COM when UAC is disabled.  With the release of SP1, we have begun validating that Live Mesh fully functions with UAC disabled, but haven't yet finished our testing.  Expect this configuration to be supported in a subsequent refresh.   As you can probably guess, this also means that even after you install, UAC must remain enabled for Live Mesh to work correctly.  If you turn UAC off, we won’t be able to find any of our COM objects.  

3) Add Device …

After installing the Live Mesh client, users are prompted to sign-in with their Live ID.  This Live ID is used to link the device to your personal mesh.  By “device” we generally mean Windows user account.  Multiple Live IDs can independently use the same Windows account (similar to Messenger).  Once the device is part of your mesh you can initiate sharing (or synchronization) with your other devices, the cloud or other users.
Vista users will see an additional option on the Add Device dialog.  This option is to enable features that require administrator privileges including system level Live Mesh Remote Desktop (accessing the system while it is locked or an account is not logged in) and peer to peer file transfer.  By default this option is selected and users will be asked to elevate to proceed with the device claim.  If the user is not an administrator they can disable this option.

Once the user goes through this client deployment flow they are up and running with their mesh-enabled device.  The runtime and experience components will continue to update themselves as new versions are available.  As much as possible we try to do this without affecting the overall experience or disturbing the user.

Technorati Tags:

Comments (21)

  1. Do you have more information on this per-user COM functionality?

    From what I understood, the entire reason to skip per-user COM configuration to reduce elevation of privilege attacks (user code running in elevated process).

  2. ak says:

    wow, did not know that about RTM, scary, its been supported since win2k (Guess none of the devs or beta testers run without UAC)

    As someone that rather unpacks a setup and edits the registry by hand instead of running an installer as admin, I can’t thank you guys enough for creating something that installs as non admin (Hello Live Messenger?!?!)

    Again, thank you for thinking of the non admins!

  3. Some One says:

    I the world of .NET why are we still using old school COM objects?

    How are you going to get COM objects to work on a Mac? If you can make a client on a Mac with out COM or on a Mobile Deivce then why not on Vista?

  4. johnmac_ms says:

    More info on the COM restriction

    Check out the 2006 blog post from Junfeng (also a Live Mesh team member).  I believe it links out to additional details.

    COM registration from a runtime that is supposed to run everywhere … what gives!

    Rest assured (no pun intended) that COM will not be the exclusive interface for Live Mesh.  We use COM to register with the Shell.  We don’t expect all apps to talk to MOE through COM.

  5. Guest says:

    i wanted to know why while the desktop clinet installs, works and performs really good, it only has one problem.

    it don´t prompts you with the window to put your Live ID, i don´t know how to make it prompt me with it.. can you help me out?

  6. Jordan Mills says:

    Thanks for explaining the UAC bit.  I was pretty dismayed about the UAC requirement, especially since the UAC is so universally hated, but the reason is pretty solid.  I’m glad to see you’re hard at work to remove this requirement once it’s not needed for technical reasons.

  7. jabbera says:

    Any support for Server 2008 planned? I use it as a primary dev machine and would love to sync files with it.

  8. Jan Thewes says:

    Any chance to get this one running on a german system? I really want to test that but it just doesn’ work. After tweaking the registry i was able to install the client but it always gets an error while starting Live Mesh.

    You are designing WEB services and the WEB normally is INTERNATIONAL why don’t you support other languages? I don’t want a german interface i just want it to work!!!


  9. rwlyonsjr says:

    I have "Live Mesh" running on my Vista computer, but the interesting thing is that the web client runs on Firefox and Not on IE. When I try to go to on IE it just acts as if I have no connection to the net. Has anybody had this issue or can anyone point me in the right direction to work this out? I think it is funny that it would work in Firefox…

  10. MSDN Archive says:

    @jabbera, Jan Thewes, & rwlyonsjr

    You may wish to visit our forums:

    We have a nice support community developing there (and there is at least one thread already about the language requirements for Live Mesh Tech Preview).

  11. Pearls says:

    So will the “UAC-less refresh” installer be something that will eventually made available by using the device widget? If not, how will it be rolled out to beta participants like myself that choose not (read: absolutely refuse) to run under UAC’s ridiculously prohibitive and utterly useless restrictions?

    The only effect that I’ve ever seen UAC have on Vista users was to condition them to respond to its constant nagging in a Pavlovian fashion, and automatically dismiss all prompts for elevated privileges.

    *ding* => elevate => do what I wanted to all along.

    All it serves to do for those of us on the 20 side of the 80/20 rule is annoy us when our work gets interrupted by throwing us to the secured desktop first (and yes, we actually do occassionally wish to read/modify the registry by running regedt32 from time to time, but thanks for asking – meh).

  12. johnmac_MSFT says:

    Thanks for all the great comments.  I would like to address a couple specific questions:

    International – it is absolutely important and support is on the way.  

    "How do I get the UAC-less update" – this will be available on the Add Device page.  Actually, there will still be one LiveMesh.exe … we will just deploy a new version that lifts the UAC requirement for SP1 systems.

  13. Matt says:

    This is a serious FAIL from my point of view.  If I have to turn UAC on then the product isn’t worth having at this point.

    I have now searched on the internet and found your post with information about why this is.  However, I shouldn’t have to do this.

  14. johnmac_msft says:

    When the "UAC-less" refresh is available it will roll out through the Add Device page on  We do not plan to introduce another installler or client.  We will release a refresh to the Live Mesh installer that lifts the UAC requirement for SP1 systems.

  15. mikeycooper says:

    Sounds like there won’t be an easy way to determine that the new client is there, in that case.  Will there be an entry in the "All your news" tab or anything?  If not, please post here when the refresh of the installer happens, so those of us who can’t try out the Mesh client know when to click Add Devices again. 😉

  16. James says:

    I’m interested too in the non-UAC version. I received an invite for the live mesh beta, but have no interest in turning UAC back on, so I will continue to use foldershare, etc in the meantime. I also use Windows Server 2008 as a development machine, and without support for that, Live Mesh isn’t viable for me right now.

  17. Chris says:

    Looking forward to not having to UAC. I was excited to get the invite for the beta and happy about this. But I wont use it unless I can not use UAC.

  18. Timothy says:

    Just an FYI… UAC is not totally required.

    1) Turn on UAC.

    2) Install Mesh.

    3) Set it to auto start.

    4) Turn off UAC.

    Even though you don’t think it’s on… you will still be able to “remote desktop” in… but the folder syncing doesn’t work (I don’t think).

  19. When I saw the name of this particular technology ( Live Mesh ), I admit that the image it inspired was

  20. Live Mesh says:

    We’re continually working to fix bugs reported by our Tech Preview users, as well as implement popular

Skip to main content