© Copyright 2009 Microsoft Corporation. Alle Rechte vorbehalten. MSDN Webcasts:

© Copyright 2009 Microsoft Corporation. Alle Rechte vorbehalten. MSDN Webcasts:

Session 0 Window Station Desktop Screen Saver Login Services 1 st User’s Window Shatter Attack

Session 0 Window Station Desktop Service Session 1 Window Station Desktop Screen Saver Login 1 st User’s Window Secure

Allowed Run most applications Change per user settings Not Allowed Install applications Change system components Change per machine settings Admin “privileges”

“Standard User” Token Admin Token Abby App Admin Token Child App Standard User Token App Standard User Token Child App Standard User Token

Protected Administrator SystemSystemAdministratorAdministratorexplorer.exe AppInfo Service consent.exeelevatedapp.exeRPCReparented ShellExecute(elevatedapp.exe)CreateProcessAsUser(elevatedapp.exe)

ApplicationApplicationWindowsWindows Shim DLL ImportFunctionImportFunctionExportFunctionExportFunctionImportFunctionImportFunctionExportFunctionExportFunction

asInvoker Launch with the same token as the parent process highestAvailable Launch with the highest token this user possesses requireAdministrator Highest token of the User provided User is a member of Administrators group

32 My totally sweet Vista application

Request Access: Read + Write Request Access: Read Read Access Token: Who I am Who I am Groups Groups Privileges Privileges Security Descriptor: Object Owner Object Owner Discretionary ACL Discretionary ACL “Toby” Groups: Users Users DACL: Users: Read Users: Read Admins: Full Ctrl Admins: Full Ctrl

Request Access: Read + Write Request Access: Read + Write R+W Internet Explorer + 3 rd party add-ons MS Money Toby’sStartupfolder R+W

LevelTypical process SystemServices HighElevated user apps MediumNormal user apps – default LowIE Protected Mode

Medium IL Process ProcessHighHighMediumMediumLowLowHighHighMediumMediumLowLow Read Write Low IL Process Process Processes Objects

No Write UpNo Read UpNo Execute Write  Read  Execute  and Object policy includes… and access requested includes…

Request Access: Read + Write Request Access: Read + Write R+W Internet Explorer [LOW IL] MS Money [Medium IL] Toby’sStartupFolder Medium (NW)

HWND SendMessage WM_COMMAND/BM_CLICK FindWindow “Calculator” Program 1 Window Manager Program 2

Performance Responsiveness Consumes resources Boot, Shutdown, Logoff, etc. Reliability Memory leaks System crashes & hangs Dependent application crashes Security Greater Attach Surface System privileges Successful attack may compromise entire system Power consumption Extra disk, CPU utilization Decrease in battery life Prevents idle efficiencies

Monitor Max Resolution % Set to Maximum 1280X102456% 1400X105079% 1600X120032% 1680X105066% 1920X105039% 1920X120078% Avg. set to default55% User's Chosen Resolution % using that resolution 640X4801% 800X6007% 1024X76857% 1280X1024 3% 1600X120032% Total100.00% DetailsDetails Users with Max Resolution of 1600X1200 Users are lowering their screen resolution to get larger text…

Clipped Text Layout Issues & Image Size Issues Pixilated Bitmaps WinForms Issues Blurry UIMismatched Font Sizes

Setting What to look for 120 DPI* This is an effective resolution of ~800x600, so look for UI clipped off the screen or layout issues. Also look for pixilated bitmaps and icons. *NOTE: if your app requires 1024x768, then do this test at 1280x DPI Blurry UI. Verify that all mouse operations work, especially drag and drop operations. Also verify full-screen modes work properly 144 DPI with DPI Virtualization Disabled from DPI UI -> Custom -> use XP Style Scaling Often buttons and UI won’t scale in relation to larger text and there will be significant text clipping. Look for layout issues in general and pixilated bitmaps and icons. Recommendation: Write a list of the issues identified, best is to add them to your bug DB with a High DPI tag for later validation. Integrate a variety of configurations into all future test passes. Also see references for link to whitepaper on how to remedy issue you find.

…and beyond

RunningRunning Not running Multiple windows + hover ActiveActive

Destinations (“nouns”) Tasks (“verbs”) Known categories Custom categories User Tasks Taskbar Tasks Pinned category

© Copyright 2009 Microsoft Corporation. Alle Rechte vorbehalten. MSDN Webcasts: Software Full Featured Development tools and production licenses of server products No upfront costs (USD$100 at program exit) Support Community support from network and hosting partners Professional technical support from Microsoft Visibility Profile and promotion on the BizSparkDB Software Visibility Support

1 2 3 Drive new business opportunities o WebsiteSpark Marketplace o Partner Recruiting Portal o Web App Gallery Benefit from professional support and training o Two professional support incidents per program membership for break-fix issues o Unlimited access to technical managed newsgroups on MSDN o Unlimited program support for non-technical issues o Broad community support through partners and peers Receive software and solutions for development and hosting o Design Tools/Development Tools/Testing Tools: o Visual Studio ® 2008 Professional Edition – 3 user licenses o Expression ® Studio 2 (or 3) – 1 user license o Expression ® Web 2 (or 3) – 2 user licenses o Windows Web Server ® 2008 (or R2 when available) – 3 user licenses o SQL Server ® 2008 Web – 3 user licenses o Production Hosting Licenses (if self-hosting) o Windows Web Server 2008 R2 (when available) – 4 processor licenses o SQL Server 2008 Web Edition – 4 processor licenses o Premium Web site control panel (DotNetPanel) For Web Pros