Looks like a great tool. Is there a link for anyone who wants to download it? Joe _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Rick Mack Sent: Sunday, December 17, 2006 1:36 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Microsoft Standard User Analyzer Hi People, Microsoft have released a new application deployment tool that is going to make life hugely easier in terms of getting difficult applications ported to terminal services. To quote Microsoft: The Standard User Analyzer helps developers and IT professionals diagnose issues that would prevent a program from running properly without administrator privileges. On Windows Vista, even administrators run most programs with standard user privileges by default, so it is important to ensure that your application does not have administrator access as a dependency. Using the Standard User Analyzer to test your application can identify the following administrator dependencies and return the results in a graphical interface: Details of functions provided: Tab Details File Lists file system access issues. For example, an application attempting to write to a file that normally only administrators can access. Registry Lists system registry access issues. For example, an application attempting to write to a registry key under HKLM, which is a location that normally only administrators can access. INI Lists WriteProfile APIs issues. WriteProfile APIs were originally used for 16-bit Windows but are still popular some modern applications. One example is the Calculator in Windows XP. If the view is changed from "Standard" to "Scientific", calc.exe calls WriteProfile API to write into windows\win.ini, which is only writable by administrator users. Token Lists access token checking issues. If an application explicitly checks for the "Builtin\Administrators" security identifier (SID) in a user's access token, the application most likely will not work for a standard user. Privilege Lists privilege issues. For example, if an application explicitly enables "SeDebugPrivilege", it will not work for a standard user. Name Space Lists issues that are caused when an application creates system objects (e.g. events, memory mappings) in restricted namespace. Applications that have this error will not work for a standard user. Other Objects Lists issues related to accessing objects other than files and registry keys. Process Lists issues related to process elevation. On Vista, if an application uses CreateProcess API to launch executables that require elevation, the application will not work for a standard user. This basically extends the LUA Analyzer so that you can see any activity by the application that requires increased privileges on the users part. No more privilege auditting and messing around with the registry and file monitors plus you'll get an idea whether vitualiztion will be able to "fix" things. If only we could have had this tool a few years ago. regards, Rick -- Ulrich Mack Commander Australia