Print E-mail
Non-admin

CSI-450 - Win7 LUA/Non-Admin Application Integration

Least-privileged User Account or LUA is the desired approach for all computing platforms. Essentially it means that applications should be able to run effectively with regular user rights and permissions. This course gives the fundamentals of how to test for, detect and mitigate application behaviors which impact application compatiblity and performance.

Topics

Native Platform Still Relevant
Even if you will be persuing application virtualization as your primary method of running applications without admin rights, there will still be a stubstantial number of applications that cannot be virtualized. If you company is committed to running Standard Users (LUA/Non-Admin), then these applications will need to be integrated directly into Windows 7.

Testing and Discovery of LUA Issues
A variety of tools will be used to detect LUA issues, including Process Monitor (Procmon), Process Explorer (ProcExp), Multimon (system monitor), LUA Buglight, Event Logs, Object Auditing, Standard User Analyzer, AppVerifier and many others.

Methods for Mitigating LUA Issues
  • Change the source code (not covered in class).
  • Shim the problem by preconfiguring PCA.
  • Shim the problem with Compatibility Admin.
  • Reconfigure Windows Security.

    • Mitigation by Permissions Changes
    You will learn what permission changes are required to mitigate various LUA issues.
  • File and Registry Permissions.
  • User Account Special Permissions.
    • Mitigation by Shimming
    You will learn to us Compatibility Admin from the MS Application Compatibility Toolkit to shim a variety of related problems that can create problems getting applications to run.
  • Administrator Rights Checks.
  • OS Version Checks.
  • Other Software Version Checks.
  • Windows Standard Folder Redirection.
  • Setup.exe and MSI shims.

    • Other Shimming Topics
  • Methods of deploying shims (per-app, Corporate-wide, MSI).
  • Auditing Shim Application
  • How PCA (Program Compatibility Assistant) works, how to adjust settings it makes and how to deploy PCA tweaks in packaging.

    • Displaying & Suppressing the UAC Prompt
    Teaches the many ways there are to display or suppress the UAC prompt including: shims, environment variables, shortcut properties, shell verbs, manifests and scripting.

    Isolating DLLs
    Application virtualization can handles DLL isolation very elegantly.  However, applications that cannot be virtualized will need to use traditional techniques such as .LOCAL, Side-by-Side (SXS) and .NET manifests to facilitate isolation.

    Pre-requisites
    It is important that you have a solid understanding of the Native Windows Application Environment before taking this course. This content is taught in our CSI-300 course.

    Labs & Templates:
  • LUA Buglight for detecting LUA bugs
  • AppVerifier
  • Comparison Testing
    • Tools:
  • LUABuglight
  • Compatibility Admin (shimming)
  • AppVerifier
  • Standard User Analyzer
  • All tools from CSI-300
    		•