Mark and Manmeet on .Net Show

Mark and Manmeet appeared on the .Net show last week. Enjoy:  Maarten


MSI uninstall gives unsigned dialog

This week we again had the honor of getting the expert advise of one of the Windows Installer PMs (here and here). He mentioned that when uninstalling a signed msi package you still get the scary this-package-is-unsigned dialog. Reason is that the installer tosses out files from the cab it doesn’t need to save space. Obviously this will ruin…


rundll32.exe appwiz.cpl,NewlInkHere is back

For some reason it was quite common to use an undocumented (and hence unsupported and we-can-pull-rug-underneath-at-any-time) export from the appwiz.cpl called newlinkhere. This export was removed in Vista. Since this was quite a popular export ( for it yourself, you’ll see) we decided at a late stage to put it back in. I haven’t verified…


Session 0 isolation, COM and COM+

Session 0 isolation is not limited to NT services. It also applies to COM+ server applications and COM out-of-process applications running under anything else than the interactive user. So all problems related to services living in a different Terminal Server session from the first logged in user now also apply to dllhost processes (COM+ or surrogated COM dlls) and…


Impact of Least Privilege in System Services

Of all security changes in Vista, UAC with its spit token and MIC is for obvious reasons getting most attention. But there are a lot of other areas that have been tightened up for security reasons and we keep finding new ones that impact customers. One of them is detailed in the document on service…


Per-User COM on Vista for elevated token processes

Per-user COM in Vista (where CLSIDs, etc. go under HKCU\Software\Classes instead of HKLM\Software\Classes) behaves different on Vista compared to XP. Actually it does not work at all for full administrators (to be precise, it is actually for any process with a MIC level higher than medium but more on that later). The CoCreateInstance or CreateObject call will return…


Why you don’t want to launch a process with a filtered token from a full token

Our team works extensively with ISVs on Vista application compatibility – porting XP applications to Windows Vista. We frequently get the question “How can I launch a program with a filtered token from a program with a full token?” Although there sure are ways to do this, there is a slight caveat with this scenario. What…


Command line application with manifest asInvoker

The recommendation for command line applications is to use requestedExecutionLevel=asInvoker in the manifest. If you would mark your console application as “requireAdministrator” (or “highestAvailable” and you are a member of the administrators group) and launch it  from a filtered token prompt, you will see a new console window popping up. All the output will go…


Elevation and process creation APIs

In Vista, process creation APIs behave very differently with respect to UAC.  If you call CreateProcess() on an executable which is manifested as “RequireAdministrator” or is flagged as an installer by Vista, you will get back an ERROR_ELEVATION_REQUIRED (740) error.  ShellExecute() will behave appropriately (pop up the elevation / credential dialog).  As mentioned in an…