Working with Windows Vista User Account Control
Windows Vista uses User Account Control (UAC) to manage user accounts. It is recommended that you understand how Windows Vista uses these accounts to install and run applications and how it affects the installation process and general operations. For more information about working with Windows Vista User Account Control, see Developer Best Practices and Guidelines for Applications in a Least Privileged Environment.
The Windows Media Center Extender session runs in the context of a protected administrator account. This account is created during the Windows Media Center Extender setup. This account is hidden from the user and cannot be used outside of a Windows Media Center Extender session. Although these accounts are members of the Administrators group, they are incapable of UAC elevation, since elevation on an Extender device will automatically fail. For more information about UAC, search for UAC account information on the MSDN Web site.
When developing third-party applications for Windows Media Center, you should consider how UAC affects your end users:
- It is recommended that you install your applications for all users (rather than for the current user), which requires the user to either have administrator credentials or to be running from an account with administrator privileges. During installation, a UAC dialog box is displayed, prompting the user to confirm the installation (if the account already has administrator privileges) or to provide authentication (by entering the user name and password of an account with administrator privileges). The user can respond to the dialog box using a remote control. However, if a user name and password are required, the remote control can only provide a numeric password. If the password for the administrator account contains non-numeric characters, the user must enter the password using a keyboard to continue.
- Actions resulting in the display of UAC dialog box in an Extender session will automatically be canceled and will not run.
- Because users running in an Extender session cannot install applications for all users, consider recommending that your users install your application from the Windows Media Center PC. You can have your application detect whether the user is running from an Extender session, and then create a desktop shortcut to your installation process so that the user can resume installation from a Windows Media Center PC. For more information, see Detecting a Windows Media Center Extender Session, the MediaCenterEnvironment.CreateDesktopShortcut method for managed code, and MediaCenter.CreateDesktopShortcut for hosted HTML.
- When joining a wireless network through Windows Media Center, the connection is made for all users rather than for the current user, so this process requires an account with administrator privileges.
The group membership of the Windows Media Center Extender user account includes:
- Remote Desktop Users
As you design your application for use by Windows Media Center Extender users, remember that they cannot access certain resources that are typically accessible to other members of the Administrators group because Windows Media Center Extender user accounts are unable to elevate to full administrator privileges. To provide a good user experience, your application should still function properly despite this limitation. The restricted resources that your application cannot access from a Windows Media Center Extender session include, but are not limited to, the following:
- Write permission to registry settings in HKEY_LOCAL_MACHINE.
- Write permission to file resources in the \Program Files folder, or \Document folders in other user accounts.
- Secure API calls (for example, calls that access Local Security Authority (LSA) secrets).
Most applications need to save persistent settings in the Windows registry. Developers often choose to store these settings under the HKEY_LOCAL_MACHINE\SOFTWARE key so the settings are globally available on the computer. However, because the Windows Media Center Extender account cannot elevate to full administrator privileges, an application receives an access-denied error if it attempts to write settings to HKEY_LOCAL_MACHINE\SOFTWARE. For this reason, your application should read and write settings to HKEY_CURRENT_USER\SOFTWARE.
When writing data to the file system, your application must write to a location that has write permissions for Windows Media Center Extender users, such as the public Documents folder (C:\Users\Public\Documents). Because your application can read from and write to files and folders in this location, it is the recommended location for storing all downloaded content. To read and write data in another location in the file system, your application must apply the appropriate security settings to the target folder. Your application should not modify the access control list (ACL) on a folder that your installation package or application does not create. For more information, see Creating or Modifying an ACL on the MSDN Web site.