Enjoy!
IMPORTANT!!! This release has a new installer which currently unable to detect and cleanup installations of RAA prior to Beta8!
Please REMOVE any previous version of the software prior to Beta8!
IMPORTANT release notes!
Vista users! Sorry but could not find during earlier testing that the current version of RAA still not fully supports Windows Vista. On that OS ShellExecuteHooks not supported anymore, so the policy could not be applied automatically on files started from the shell via ShellExecute(Ex) :( We have to find another method to get notified about a file startup from the shell.
Sorry but the new beta still has not been fully translated to all the supported languages, except Hungarian.
*** We are still looking for translators to the languages supported earlier yet and an English corrector also! ***
Here are the summary of changes made:
- -----------------------------------------
v 2.0.0.Beta10
-----------------------------------------
Global changes
- The unrestricted level startup and policy modification confirmation now simulates the windows shutdown confirmation dialog and opened on a separate, secured desktop!
- At last directories and shell namespace objects can be selected to open at a given restriction level.
Not finished perfectly yet, known limitations are:
- Objects pointing to directories now can be opened nicely (f.e. Control Panel, My Computer, etc.), but not objects like Internet, Mail, etc. because they are not yet differentiated from those mentioned first and can not be opened the way like those.
- Directories opened in explorer view shell namespace objects in single pane view. Later this would be customizable also via the settings dialog.
- The privilege level colors of the shell command windows now selectable.
TODO: The color values built in hardcoded, based on the default command dialog color settings, we must read them from the registry and monitor any changes of them.
- Lots of effort put into that all the dialogs could behave like they were modeless (even if they are modal) so the event and message handling modified hardly. Hope finally we could found a good solution to let all the actions that RAA offers always be available. If you found some trouble please sign to us at our bug report page: http://runasadmin.sourceforge.net/Bugs/
- Corrected a lot of memory leaks. :(
- BUG FIX: Strange command window icon and default directory behavior signed at https://sourceforge.net/forum/forum.php?thread_id=1969342&forum_id=433979 corrected.
- Added new module RAACommon.dll to store project wide common datas, function and classes at a common place. The directory and file placement structure heavily changed.
- Normal user tokens now contains SeSystemtimePrivilege, but you can force to remove them if you wish together with some other token elemnts via policy rule attributes, see bellow.
- Added and started to use a more detailed logging solution. The log file can be found the place pointed by HKEY_LOCAL_MACHINE\SOFTWARE\RunAsAdmin\LogFile. The logging level value can be set via HKEY_LOCAL_MACHINE\SOFTWARE\RunAsAdmin\LoggingLevel registry value. The lower the value the more detailed log produced.
- Added limited support of multiple desktops.
Known limitations are:
- RAA tray icon, command, settings and about dialogs are showing only on the primary desktop (WinSta0\Default).
- Like tray icon the RunAsAdminHook also not installed on another desktops so privilege caption information not shown on the other desktops.
- Activating the dialogs mentioned above switching automatically to the primary desktop.
In Explorer.exe
- The unrestricted level startup and policy modification confirmation now simulates the windows shutdown confirmation dialog and opened on a separate, secured desktop!
- Added implementation of new option 'Startup level override policy' to let confirm startups that override the security level defined in the policy.
- Strings in the confirmation dialogs of modification request of level and priority policy now corrected.
- As a new registered shell RAA do not get set some shell variables f.e. %HOMEDRIVE% and %HOMEPATH%. Splitting up %USERPROFILE% which set correctly at startup to build up the 2 missing.
- Using now %HOMEDRIVE%%HOMEPATH% as the startup directory of the newly created processes where the directory itself not specified in the file path to execute, otherwise using the path of the file.
- BUG fixed: TaskmanImageHijack occurred at every startup even if that option was turned off.
- Added implementation of 'Check For Update' functionality. Now available from the About box as a button and as an automat called periodically and/or at startup as defined in settings. Checks for the repository for explorer.rh at the TheLatestRelease tag directory, parses it's content and compares the version of explorer.exe. If the local version is smaller than signals it, the default project download page can be opened via an url link.
- Program exit now confirmed (and has a hotkey at debug time, CTRL+SHIFT+ALT+X)
In RAAShellContextMenu
- Removed local safer level token creation (CreateTokenForSaferLevel). Now using simple signal sending to explorer.exe at every requested level.
- Path copy now can be used if multiple items selected, the paths copied to the clipboard with a new line separator between each other.
- The 'Run with priority' context menu item is removed till we implement it on a way that starts the file with policy level check also.
In RAACommCtrls
- Added new option 'Startup level override policy' to let confirm startups that override the security level defined in the policy.
- Policy changes that has effect on priority settings now reflected immediately in opened setup dialogs. Please remember priority-realtime-allow has priority above priority-high-restrict in policy!
- The privilege level colors of the shell command windows now selectable
TODO: The color values built in hardcoded, based on the default command dialog color settings, we must read them from the registry and monitor any changes of them.
In Policy
- RAA Policy now supports attributes for normal user token creation. You can create the normal user token as an even more restricted one, just set those properties (See in the new Policy.xml) to TRUE (1) to remove the corresponding token elements from the final produced normal user token. You must restart RAA to these changes take affect!
- Adding a hash based rule from RunAsAdmin now adds a comment also to the policy before the rule, containing the subject readable name to aid identifying the subject of the rule.
- Policy evaluation now happens in reverse order (from most restricted to least restricted level), so if a subject has multiple rules defined at different levels the most restricted level will be used.
- Added an xslt policy file (%SYSTEMROOT%\Shim\Policy\Policy.xslt) to support a formatted xml output at policy file writting, but the current file still not works too well :( (therefore not used in the release version). If anyone could give us a working xslt file that can produce a well formatted (tabulated, properly line ended and keeps comment lines also) xml output will'be so glad :D