Accessible UAC Prompts

Posted by:
James Senior
12:20 PM Thursday
Jan 25, 2007
29 Comments

There have been some comments on the blog recently suggesting that the UAC dialog boxes in Windows Vista are not accessible and I just wanted to clear up the confusion here.

First, to set the scene though. When a user attempts to access an application or setting that requires elevated privileges to run, they are presented with a UAC prompt, the appearance of which will vary depending on the type of user they are or the type of application that is trying to run. This diagram shows the types of dialog boxes that you might see and the process flow that triggers each type:

UAC

There is also a credential prompt which will be displayed if the current user is not an administrator:

UAC 2

These prompts are protected from receiving communications from other applications so that malicious software cannot simulate the actions of users. This is obviously a problem for screenreaders or other applications that need to use UI Automation in order to provide interaction with the User Interface. This problem has a solution though.

In order to gain access to the UAC prompts - or other processes running at a higher privilege level - an application must be trusted by the system and run with special privileges. To make this happen the application should be built with a manifest file that includes the following elements and attributes:

<trustInfo xmlns="urn:0073chemas-microsoft-com:asm.v3">

<security>

<requestedPrivileges>

<requestedExecutionLevel

level="highestAvailable"

UIAccess="true" />

</requestedPrivileges>

</security>

</trustInfo>

The important tag to note is the UIAccess, which must be true in order for the application to gain access to the UAC prompts.

There is an MSDN article which you should refer to for more information: http://msdn2.microsoft.com/en-us/library/ms742884.aspx

Comments

r3m0t

Posted on: January 25, 2007 at 2:36PM
So basically, you expect everybody to get new screenreader software for Vista, instead of allowing the most popular current screenreaders to access the Secure Desktop and expecting new versions to have the manifest file? That's unusual from Microsoft.
tino

Posted on: January 26, 2007 at 8:15AM
Why there is so much text on the dialogs? I think it could have been made easier to use and access (some UAC dialogs in RC2 didnt have keyboard support, hope this is fixed in the final version)
barlog-だい

Posted on: January 26, 2007 at 8:32AM
Thanks for kind description .

Daisuke
The MAZZTer

Posted on: January 26, 2007 at 9:42AM
I sincerely hope there is a mechanism in place to prevent malware.exe from dumping the above manifest data into malware.exe.manifest and relaunching itself?
Spiderbill

Posted on: January 26, 2007 at 10:02AM
Hold on. In order to run with the settings in the manifest required to access the UAC promts, the screen reader must be run with higher privileges. So in order to run the screen reader, you must first give it permission to run, which requires a UAC prompt? Perhaps, this is only a one time action on installation ( I hope ) but if its not that could be a real problem.
Democritus

Posted on: January 26, 2007 at 11:32AM
I understand the reasoning behind showing the different kind of UAC screen. And it makes perfect sense.

What does not make perfect sense is that you can just click 'ok' without authentication of your identity and get past the screen.

If this kind of screen pops up regularly it will not please the regular user. Specifically because it makes the user come to a screaming halt. You can't do anything until you click a button.

Does this seem elegant to you?

On a Mac [I am a Mac driver] the user needs to authenticate with a password that soandso action is ok for the system to proceed with. If the user can't be bothered with doing that right-this-very-second, they can do something else without a problem. Only when they want to do this specific thing, do they need to authenticate.

Why did Microsoft choose not to implement their UAC [the idea behind which is very sensible indeed] this way instead of a method that is, to my taste, rather too intrusive to be useful. I could not use a system that will force me to drop whatever I happen to be doing just because it needs me to confirm something.

If this technology is deemed too intrusive by the regular user, and I could easily see where they would think so, they are just going to click 'ok' whenever the button comes up. I can't possibly believe that this is the idea.
SeanB

Posted on: January 26, 2007 at 12:41PM
"What does not make perfect sense is that you can just click 'ok' without authentication of your identity and get past the screen."

This is only for administrators. Every time I install Vista, I name the first account Admin. I do all of the initial configuration and application installs from this account, since I won't need to retype my password a bunch. Then I create a standard user and use it almost exclusively. For this account, the UAC prompt requires my Admin password.

"Specifically because it makes the user come to a screaming halt. You can't do anything until you click a button."

It only comes to a halt if the active application is the one trying to elevate. Otherwise the UAC prompt is minimized on the taskbar until you decide to deal with it.
oldguy28

Posted on: January 27, 2007 at 11:26AM
Two Things that will keep me from upgrading to Vista. The release is 4 days away

Winhlp32 has not been fixed. The vendor of the software I am using is Microsoft.

ATI has not come out with the software to enable

MMC and capture. Without capture All in Wonder cards are just another video card.

Microsoft and ATI get on the ball.

oldguy28
Darragh

Posted on: January 29, 2007 at 4:08AM
Ok, then why is your Narrator not trusted by Vista? Sounds strange that you wouldn't trust your own application. Especially if the fix is so easy to implement.

I like one of the first resposnes. Why should we all have to upgrade our screen readers just to use Vista? I am using jaws 7.1 and jaws 8 will cost me hundreds of Euro. In fact, at least double the price of Vista. How is that fair?

Microsoft get your act together. Surely you can put some kind of pressure on companies such as FreedomScientific to release updates for some earlier versions of vista? I am really annoyed that I have to spend over a thousand Euro just to update my operating system and my dependent screen reader. Surely you can see our point?
James Senior

Posted on: February 01, 2007 at 5:53AM
Democritus,

Security is not just about the code you can put in place to stop malware and viruses etc, it's about combatting the social engineering which is the cause for about 70% of infections of PCs. The UAC dialog boxes and the "screaming to a halt" effect that you mention is a method by which we combat the social engineering factor.

JS

Trackbacks

Posted by: Eric Denekamp on January 29, 2007 at 8:58AM
On Windows Vista Blog there is a nice article about UAC and the prompts you get and what they will look
Posted by: InstallSite Blog on February 07, 2007 at 9:32AM
An article in the Windows Vista Team Blog shows the various types of UAC prompts and in which case (singed
Posted by: Partner-TV: telling it like it is on February 15, 2007 at 12:39PM
Now that Windows Vista has been released to manufacturing, some new assistive technologies have also
Posted by: James Finnigan on March 14, 2007 at 1:09PM
I've moved onto the Windows Experience team. It should a lot of fun to continue to follow Guided Help,
Posted by: RSS It All on March 14, 2007 at 1:23PM
I've moved onto the Windows Experience team. It should a lot of fun to continue to follow Guided
Posted by: InstallSite Blog on April 18, 2007 at 1:10PM
Recently I encountered a strange problem when I tried to install an MSI based setup on Windows Vista.

Welcome to The Windows Blog