Windows Vista应用程序的开发中，对应UAC(User Account Control, 用户帐户控制)的开发需求 （三）

Will UAC Affect Your Application?　　UAC对应用程序的影响

Whether or not your application will be affected by UAC depends on the applications current state. In a number of cases, no changes will be necessary to comply with Microsoft Windows® Security requirements. However, some applications, including line of business (LOB) applications, may require changes to their install, function, and update processes to properly work in a Windows Vista UAC environment.
你的应用程序是否会受到UAC的影响，依赖于程序当前的状态。在许多情形下，没有必要依从于Microsoft Windows®安全要求去做出改变。但是一些应用程序，包括line of business (LOB) applications，可能需要改变安装、功能及升级过程，以使其能够在Windows Vista UAC环境下正常运行。

 

Designing Applications for Windows Vista
设计Windows Vista应用程序

The following list represents a workflow for designing applications for Windows Vista.
以下列表表示出设计Windows Vista应用程序的工作流程：

Step One: Test Your Application for Application Compatibility.
第一步：测试应用程序的兼容性

Test your application for Windows Vista application compatibility. This testing can be easily performed by installing the Standard User Analyzer.
测试程序的UAC兼容性，可通过安装Standard User Analyzer完成此测试。

Step Two: Classify Your Application.
第二步：对应用程序分类

Classify your application as a standard user, administrator, or mixed user application. Administrative applications in Windows Vista often have a mixture of both administrative and standard user functionality.
按标准用户、管理员或混合用户对程序进行分类。Windows Vista中的Administrative applications通常混合了管理员级和标准用户的功能。

Step Three: Redesign for UAC Compatibility.
第三步：针对UAC兼容性进行重设计

Redesign your applications functionality for UAC compatibility. Use the information in this section, once you have classified your application and determined whether it must be redesigned for UAC.
针对UAC兼容性重新设计程序功能，一旦对程序进行分级并决定是否应该进行重设计，请参考本节的信息。

Step Four: Redesign Your UI for UAC Compatibility.
第四步：针对UAC兼容性重新设计UI

Redesign your application user interface. Closely adhering to these guidelines in your applications development will ensure that your application will have a consistent and predictable user experience in Windows Vista.
重新设计程序的用户界面。在程序开发中严格遵守这些准则，会确保程序拥有Vista中一致的、可预知的用户体验。

Step Five: Redesign Your Installer.
第五步：重设计安装程序

Redesign your application installer. The best practices in this section are for well-behaved application installations in a Windows Vista or UAC environment.
重设计安装程序，使其在Vista或UAC环境下运行良好。
Step Six: Create and Embed an Application Manifest.

第六步：创建并嵌入应用程序清单

Create and embed an application manifest with your administrative applications. The correct way to mark your applications is to embed an application manifest within your program that tells the operating system what the application needs.
通过administrative applications创建并嵌入应用程序清单。标明程序的正确做法是在程序中嵌入清单，告诉操作系统程序需要什么。

Step Seven: Test Your Application.
第七步：测试程序

Test your redesigned or new application for application compatibility using the Standard User Analyzer.
使用Standard User Analyzer测试重设计的或新的程序的兼容性。

Step Eight: Authenticode Signature.
第八步：Authenticode签名

Sign the application with an Authenticode signature to prevent tampering with the executable.
给程序签署Authenticode签名，以防止篡改可执行文件。

Step Nine: Windows Vista Logo Program.
第九步：Windows Vista Logo Program计划

Participate in the Windows Vista Logo Program.
加入Windows Vista Logo Program计划。

 

Impact of UAC on the Windows User Experience
        UAC对Windows用户体验的影响

The biggest and most immediate impact on the user experience will be felt by administrators. Administrator users will now need to provide permission to accomplish administrative tasks. Coupled with that, standard users will now gain the ability to perform administrative tasks within the currently logged in session by providing valid administrator credentials.
管理员将感受到最大的、最直接的用户体验的影响。管理员级别任务现在需要管理员用户提供许可方能实行。与此相对的，标准用户在当前登录的会话中，通过提供有效的管理员凭证，也将得到执行管理级任务的能力。

 

Goals of the UAC User Experience
        UAC用户体验的目的

 

The overall goal for UAC user experience is to provide predictability.
UAC用户体验的总体目的是提供可预测性。

• For an administrator, this means that the user always know when he/she will need to give permission to run an elevated task.
     对于管理员，这意味着他随时知道自己将对提升级别的任务提供运行许可。
This is the act of requesting the user's own administrator access token so that he/she can make administrator-required changes.
此行为要求用户自己的管理员访问令牌，来进行管理员需求变更。

• For standard users, this means that they will know when they:
     对于标准用户这意味着以下时刻他们将知晓：
　　　　• Will need to provide administrator credentials (home and unmanaged environments) for administrative tasks.
　　　　　　需要为管理级任务提供管理员凭证(home and unmanaged environments)时。
　　　　• OR when they cannot complete a task (managed environments where elevation is explicitly disallowed) and must contact the help desk.
　　　　　　或者当用户无法完成任务(managed environments where elevation is explicitly disallowed)并必须寻求帮助时。

Elevation Prompt  提升提示

The elevation prompt is built upon an existing Windows user interface. The elevation prompt displays contextual information about the executable requesting elevation, and the context is different depending on whether the application is Authenticode signed. The elevation prompt is seen in two variations: the consent prompt and the credential prompt.
提升提示建立在已存在的Windows用户界面上。提升提示显示可执行文件申请提升的上下文信息，此信息依应用是否经过Authenticode签名而不同。提升提示有两种：许可提示和凭证提示。

Consent Prompt  许可提示

The consent prompt is displayed to administrators in Admin Approval Mode when they attempt to perform an administrative task. This is the default user experience for administrators in Admin Approval Mode and can be configured in the local Security Policy Manager snap-in (secpol.msc) and with Group Policy.
The following illustration is an example of a User Account Control consent prompt.
当管理员用户试图执行管理级别任务时，许可提示以Admin Approval模式显示给管理员。这是Admin Approval模式下管理员用户的默认用户体验，可以在本地安全策略管理器(secpol.msc)和组策略中进行配置。

 

Credential Prompt  凭证提示

The credential prompt is displayed to standard users when they attempt to perform an administrative task. This is the default user experience for standard users and can be configured in the local Security Policy Manager snap-in (secpol.msc) and with Group Policy.
当标准用户试图执行管理级别任务时，会显示凭证提示。这是标准用户的默认用户体验，可以在本地安全策略管理器(secpol.msc)和组策略中进行配置。

 

Deploying and Patching Applications for Standard Users
为Standard Users部署和升级应用程序

This section discusses how to ensure that your application can be deployed for standard users. For detailed information about "Deploying and Patching Applications for Standard Users," see the Windows Help file, which can be downloaded here. To find this article in the help file, expand Fundamentals, expand Secure Applications, expand Developing Secure Applications, and then click User Account Control (UAC).
本节讨论如何确保应用程序能为标准用户进行部署。

 

Troubleshooting Common Issues
This section lists common development and installation issues that arise in Microsoft .NET applications. For detailed information about "Troubleshooting Common Issues," see the Windows Help file, which can be downloaded here. To find this article in the help file, expand Fundamentals, expand Secure Applications, expand Developing Secure Applications, and then click User Account Control (UAC).

References 参考
This section includes a virtualization reference and a security settings reference. For detailed information about "Virtualization Reference," see the Windows Help file, which can be downloaded here. To find this article in the help file, expand Fundamentals, expand Secure Applications, expand Developing Secure Applications, and then click User Account Control (UAC).

Conclusion 结论
With User Account Control (UAC), Microsoft has provided a technology designed to simplify deploying standard user desktops in the enterprise and at home.
通过UAC，微软提供技术以简化企业及家庭中标准用户桌面的部署。
Building off the Windows security architecture, the UAC team sought to implement a standard user model that is both flexible and more secure.
UAC小组建立Windows安全体系，寻求一种既灵活又安全的标准用户模型。