Looks like a great tool. Is there a link for anyone who wants to
download it?
Joe
------------------------------
*From:* thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] *On
Behalf Of *Rick Mack
*Sent:* Sunday, December 17, 2006 1:36 PM
*To:* thin@xxxxxxxxxxxxx
*Subject:* [THIN] Microsoft Standard User Analyzer
Hi People,
Microsoft have released a new application deployment tool that is going to
make life hugely easier in terms of getting difficult applications ported to
terminal services.
To quote Microsoft:
*The Standard User Analyzer helps developers and IT professionals diagnose
issues that would prevent a program from running properly without
administrator privileges. On Windows Vista, even administrators run most
programs with standard user privileges by default, so it is important to
ensure that your application does not have administrator access as a
dependency. *
*Using the Standard User Analyzer to test your application can identify
the following administrator dependencies and return the results in a
graphical interface:*
*Details of functions provided:*
*Tab*
*Details*
*File*
*Lists file system access issues. *
*For example, an application attempting to write to a file that normally
only administrators can access.*
* *
*Registry*
*Lists system registry access issues. *
*For example, an application attempting to write to a registry key under
HKLM, which is a location that normally only administrators can access.*
* *
*INI*
*Lists WriteProfile APIs issues. *
*WriteProfile APIs were originally used for 16-bit Windows but are still
popular some modern applications. *
*One example is the Calculator in Windows XP. If the view is changed from
"Standard" to "Scientific", calc.exe calls WriteProfile API to write into
windows\win.ini, which is only writable by administrator users.*
* *
*Token*
*Lists access token checking issues. *
*If an application explicitly checks for the "Builtin\Administrators"
security identifier (SID) in a user's access token, the application most
likely will not work for a standard user.*
* *
*Privilege*
*Lists privilege issues. *
*For example, if an application explicitly enables "SeDebugPrivilege", it
will not work for a standard user.*
* *
*Name Space*
*Lists issues that are caused when an application creates system objects (
e.g. events, memory mappings) in restricted namespace. Applications that
have this error will not work for a standard user.*
* *
*Other Objects*
*Lists issues related to accessing objects other than files and registry
keys. *
* *
*Process*
*Lists issues related to process elevation. *
*On Vista, if an application uses CreateProcess API to launch executables
that require elevation, the application will not work for a standard user.
*
* *
This basically extends the LUA Analyzer so that you can see any activity
by the application that requires increased privileges on the users part.
No more privilege auditting and messing around with the registry and file
monitors plus you'll get an idea whether vitualiztion will be able to "fix"
things.
If only we could have had this tool a few years ago.
regards,
Rick
--
Ulrich Mack
Commander Australia
