Testing Applications on Windows Vista TM Edited By Michael Shaw

Guidance for Application Testers Before Testing Ensure all tests pass on Windows XP Ensure all tests pass on Windows XP This helps to ensure only regression bugs are found This helps to ensure only regression bugs are found Test on XP as a non-Admin user Test on XP as a non-Admin user This will eliminate complexity if the application has issues with non-Admin accounts This will eliminate complexity if the application has issues with non-Admin accounts Bonus: Certified for Windows Vista Guidelines Certified for Windows Vista GuidelinesCertified for Windows Vista Guidelines

Hardware Configuration Windows Vista Minimum Requirements Windows Vista Minimum Requirements “Modern” CPU (800+MHz), 512MB RAM, DX9 GPU w/128MB onboard, 40GB HD, DVD “Modern” CPU (800+MHz), 512MB RAM, DX9 GPU w/128MB onboard, 40GB HD, DVD Recommended hardware for testing Windows Vista compatibility Recommended hardware for testing Windows Vista compatibility Dual x64 CPU, 1GB RAM, WDDM GPU, 80GB HD, DVD Dual x64 CPU, 1GB RAM, WDDM GPU, 80GB HD, DVD Using high end hardware for testing will help uncover more bugs Using high end hardware for testing will help uncover more bugs Multi-proc specific issues Multi-proc specific issues Painting issues with desktop compositing enabled Painting issues with desktop compositing enabled Can be used for both x86 and x64 testing Can be used for both x86 and x64 testing Data Execution Prevention (DEP) support Data Execution Prevention (DEP) support

OS Configuration Leave all functions enabled Leave all functions enabled Search Indexer, UAC, System Restore, Sidebar, etc. Search Indexer, UAC, System Restore, Sidebar, etc. Create multiple users Create multiple users 1x Administrator, 1x Non-Admin 1x Administrator, 1x Non-Admin Do not rely on built-in “Administrator” Do not rely on built-in “Administrator” Ensure WDDM video w/Glass is being used Ensure WDDM video w/Glass is being used Test both x86 and x64 - clean install Test both x86 and x64 - clean install Test x86 upgrade from XP to Windows Vista Test x86 upgrade from XP to Windows Vista Install XP -> Install App -> Upgrade to Windows Vista -> Test App Install XP -> Install App -> Upgrade to Windows Vista -> Test App Bonus: Enable NX protection. Enable AppVerifier. Enable 120 DPI.

Test Cases Non-Admin Install/Update Non-Admin Install/Update Should prompt for administrative credentials Should prompt for administrative credentials Shortcuts should appear for all users Shortcuts should appear for all users Explorer thumbnail previews Explorer thumbnail previews Content previews in explorer windows Content previews in explorer windows Rich preview handlers Rich preview handlers Rich preview handlers Rich preview handlers Search indexing Search indexing Extend the indexer to include the contents of your data files Extend the indexer to include the contents of your data files Property Handlers Property Handlers Property Handlers Property Handlers Default Programs / File Extensions Default Programs / File Extensions Per user defaults Per user defaults

Guidance for Application Testers Test how your installation and update is done Test how your installation and update is done Use MSI 3.1 for Install and Update Use MSI 3.1 for Install and Update Alternate to MSI3.1 – call Update.exe marked as admin to do the update Alternate to MSI3.1 – call Update.exe marked as admin to do the update Self Updating Code – DON’T DO IT Self Updating Code – DON’T DO IT This is the LARGEST Application Compatibility problem with home consumer user applications This is the LARGEST Application Compatibility problem with home consumer user applications Use MSI 3.1 updating procedures for this functionality Use MSI 3.1 updating procedures for this functionality Examples of what not to do: Examples of what not to do: Do not assume the user is an administrator Do not assume the user is an administrator Run Custom Actions in right context Run Custom Actions in right context

Guidance for Application Testers (cont.) Test where the application data is stored Test where the application data is stored The apps per user setup is performed at first run The apps per user setup is performed at first run Place per-user data into %LOCALAPPDATA% Place per-user data into %LOCALAPPDATA% Roaming into %APPDATA% Roaming into %APPDATA% Place Per-Machine (Shared) data into %ALLUSERPROFILE% Place Per-Machine (Shared) data into %ALLUSERPROFILE% Examples of what not to do: Examples of what not to do: Do not perform admin configuration at first run. Do not perform admin configuration at first run. Do your admin operations during setup Do your admin operations during setup Do not perform explicit Admin checks for Standard User applications Do not perform explicit Admin checks for Standard User applications

User Account Controls (UAC) Guidance for Application Testers Split-Token Split-Token By default, all users are running with a standard token By default, all users are running with a standard token Admin accounts will fail when performing privileged operations even though they worked in the past Admin accounts will fail when performing privileged operations even though they worked in the past Credential/Consent UI Credential/Consent UI This UI is not automatable from a standard user process. There must be an elevated process or service to help drive the elevation UI. This UI is not automatable from a standard user process. There must be an elevated process or service to help drive the elevation UI.

UAC Guidance for Application Testers Process Isolation Process Isolation Integrity level is assigned to each process Integrity level is assigned to each process Lower integrity processes are blocked from writing to & reading from higher integrity processes Lower integrity processes are blocked from writing to & reading from higher integrity processes Lower integrity processes are blocked from sending Windows messages to higher integrity processes Lower integrity processes are blocked from sending Windows messages to higher integrity processes See the app compat cookbook See the app compat cookbook UAC is the default configuration for Windows Vista (and beyond)

UAC Test Impact (cont.) File and Registry Virtualization/Data Redirection File and Registry Virtualization/Data Redirection A list of protected system files, directories, registry locations when written to by a standard user will be virtualized to a per-user location. A list of protected system files, directories, registry locations when written to by a standard user will be virtualized to a per-user location. Each standard user will have a virtualized view of the FS and Registry Each standard user will have a virtualized view of the FS and Registry Processes running elevated will not see virtualized FS & Registry Processes running elevated will not see virtualized FS & Registry Changing system setting from standard user process may succeed due to virtualization, but it doesn’t affect the system Changing system setting from standard user process may succeed due to virtualization, but it doesn’t affect the system

UAC Test Guidance Test under the default OS environment Test under the default OS environment Don’t turn UAC off Don’t turn UAC off Move away from testing as the built-in administrator Move away from testing as the built-in administrator Test application for UAC Test application for UAC Test component or application as standard user Test component or application as standard user Make sure all application functionalities are working Make sure all application functionalities are working Pay attention to update and anything that is disabled due to admin check. Pay attention to update and anything that is disabled due to admin check.

UAC Testing Support (cont.) UAC User Level Library UAC User Level Library Identify the level of the user token Identify the level of the user token Allow easy query of well-known groups and privileges Allow easy query of well-known groups and privileges Allow easy query and set of UAC policy Allow easy query and set of UAC policy Allow easy test case selection & pass/failure determination Allow easy test case selection & pass/failure determination Available in native and managed code Available in native and managed code

Common Issues Dependencies on deprecated binaries/API’s Dependencies on deprecated binaries/API’s Kernel mode printer drivers, HLP files Kernel mode printer drivers, HLP files Assuming administrative rights Assuming administrative rights Windows Resource Protection Windows Resource Protection Do not attempt to modify system binaries Do not attempt to modify system binaries Registry protection for system keys Registry protection for system keys Rendering / Painting / DPI scaling issues Rendering / Painting / DPI scaling issues Black areas when not painting the entire hwnd Black areas when not painting the entire hwnd Glass self-disable when a process attempts to paint outside it’s client area Glass self-disable when a process attempts to paint outside it’s client area Clipped Text Clipped Text

Common Issues Cont. Per user vs. per machine settings Per user vs. per machine settings Do not configure system settings on first launch Do not configure system settings on first launch IE7+ Compatibility – Low Rights IE IE7+ Compatibility – Low Rights IE Doing work in DLLMain Doing work in DLLMainDLLMain User Interface Privilege Isolation (UIPI) User Interface Privilege Isolation (UIPI) Lower privilege processes cannot send messages to higher privileged processes Lower privilege processes cannot send messages to higher privileged processes SendMessage will still return success SendMessage will still return success OS version checks OS version checks

x64 Specific Issues No 16-Bit binary support No 16-Bit binary support No 32-Bit kernel mode driver support No 32-Bit kernel mode driver support 64-Bit kernel mode drives must be signed 64-Bit kernel mode drives must be signed Side by side application install conflicts Side by side application install conflicts Hardware architecture checks Hardware architecture checks

UAC FAQ If I mark my app as “admin”, can I skip the elevation consent dialog? – No If I mark my app as “admin”, can I skip the elevation consent dialog? – No Can you modify the privilege of a running application? - No Can you modify the privilege of a running application? - No Will LUA elevate whenever a privileged API is used? – No, the entire process is either elevated or not Will LUA elevate whenever a privileged API is used? – No, the entire process is either elevated or not How long does the elevated process last? Can it time out? – Life of the process How long does the elevated process last? Can it time out? – Life of the process Can I enable which users will use UAC? – Currently this is a per machine setting Can I enable which users will use UAC? – Currently this is a per machine setting Does UAC apply to all processes and services? – Interactive processes only Does UAC apply to all processes and services? – Interactive processes only What areas of the Registry and File system get redirected? – HKLM\Software, %SystemRoot%, %ProgramFiles% What areas of the Registry and File system get redirected? – HKLM\Software, %SystemRoot%, %ProgramFiles% Won’t Redirection de-motivate developers to fix their code? – Yes, it is a short term mitigation, not in 64bit Won’t Redirection de-motivate developers to fix their code? – Yes, it is a short term mitigation, not in 64bit What happens when installer detection fails? – The app runs as non-admin What happens when installer detection fails? – The app runs as non-admin Will UAC be going down-level? - No Will UAC be going down-level? - No

Standard User Analyzer (SUA) Intended to predict whether an application would work correctly as a standard user. Intended to predict whether an application would work correctly as a standard user. Identifies API calls that would fail if attempted by a user Identifies API calls that would fail if attempted by a user Identifies all access requiring elevated privileges Identifies all access requiring elevated privileges Example of Standard User Analyzer test pass: Example of Standard User Analyzer test pass: Use SUA to launch your application as elevated Use SUA to launch your application as elevated Test application Test application Analyze the log for API calls that will fail for standard user Analyze the log for API calls that will fail for standard user 8c70-b0d9d3d2f575&DisplayLang=en 8c70-b0d9d3d2f575&DisplayLang=en 8c70-b0d9d3d2f575&DisplayLang=en 8c70-b0d9d3d2f575&DisplayLang=en