RE: Problems with uiAccess = true

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi Jeffrey,

Thanks for you answer.

I made a small native test program (Complied in both 32bit and x64) and both
fail with the referral error if uiAccess=true.
The Security policy is as follows:

Only elevate executables that are singed and validated = disabled
Only elevate UIAccess applications that are installed in secure locations =
disabled


The code looks like this :

#include "stdafx.h"



int _tmain(int argc, _TCHAR* argv[])
{
HWND controlHandel = (HWND)0x00803D8;
LRESULT length = SendMessage(controlHandel,WM_GETTEXTLENGTH,0,0);
printf("Length %d\n",length);
wchar_t *text = new wchar_t[length+1];
LRESULT numberOfChars
= SendMessage(controlHandel,WM_GETTEXT,length+1,(LPARAM)text);
_tprintf_s(L"Chars copied %d\ntext: %s \n",numberOfChars,text);
_tprintf_s(L"Press any key to end");
getwchar();
return 0;
}

and the manifest like this:

<?xml version="1.0" encoding="utf-8" ?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity version="1.0.0.0" processorArchitecture="X86"
name="TestGetText" type="win32" />
<description>testing</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="true"/>

</requestedPrivileges>
</security>
</trustInfo>
</assembly>

If I set uiAccess to false I can query controls that are not running with
elevated rights. But I need to be able to query controls at all levels.

If you want a copy of the test project give me your email so that I can sent
it to you.


Thanks
Martin

""Jeffrey Tan[MSFT]"" wrote:

Hi Martin,

I have tried to search your problem in Microsoft's internal database. I
found that the error message "A referral was returned from the server"
corresponds to: ERROR_DS_REFERRAL.

Further discussion shows that ShellExecute API will call the
AIS(Application Information Service) to elevate the launched application.
However, if you have set policy "User Account Control: Only elevate
executables that are signed and validated" to enabled in secplo.msc, AIS
will try to contact the certificate/signing subsystem. to validate your
Exetable. If the validation fails, the AIS retruns ERROR_DS_REFERRAL to the
ShellExecute, which is finally reported to the end user. Yes, this error
message is not informative now, the Vista security team filed an internal
bug to discuss this and may catalog and translate all of those error codes
into ERROR_ACCESS_DENIED_BY_POLICY in the future.

To verify if your problem is caused by the AIS validation failure, you may
try to disable "Local Policies"->"Security Options"->"User Account Control:
Only elevate executables that are signed and validated" in secplo.msc.
Note: it is disabled by default in my Vista machine.

If you still can not address this problem, is it possible for you to create
a little sample project for me to reproduce this problem? Then I may give
it a troubleshoot. Additionally, to isolate this problem better, I
recommend you use pure Win32 unmanaged to write a this sample.

Thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • RE: XML Validation problem
    ... the errors for each validation in each webmethod call, ... Microsoft MSDN Online Support Lead ... nature are best handled working with a dedicated Microsoft Support Engineer ... I have a web servicce which receives an XMLDocument and then uses the ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Fastcode Status
    ... the Delphi version problem etc. ... We decided to support D5 based on a voting. ... not consider the huge impact D5 support would have on validation. ... when we placed D6 to D2005 in the targets and decided to benchmark ...
    (borland.public.delphi.language.basm)
  • Summary of (dis)agreements on latewst FastCode developments
    ... > I would like to see all subbench results in main report as normal. ... Please respect all the Fastcode rules and conventions. ... Making an effort to support Delphi 5 is not the same thing as officially supporting ... >> Validation is aborted after 256 failures, ...
    (borland.public.delphi.language.basm)
  • Re: problem - myDiv.style.display=none doesnt make anything invisible.
    ... Providing an url where a webpage can be examined, tested (markup validation, http headers, mime type supported, CSS validation, etc.) conveniently with tools, verified is a lot more convenient for all parties involved. ... Even if javascript support is active, enabled, semantically speaking, I think you should be using a button, not a link since the button will toggle the display of a form. ...
    (comp.lang.javascript)
  • RE: Problems with uiAccess = true
    ... found that the error message "A referral was returned from the server" ... To verify if your problem is caused by the AIS validation failure, ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.win32.programmer.ui)