Tuesday, November 25, 2008

Programming, RunAsAdminExplorer Shim v2.0.0.Beta10

At last here are the new beta version.

Enjoy!

IMPORTANT!!! This release has a new installer which currently unable to detect and cleanup installations of RAA prior to Beta8!
Please REMOVE any previous version of the software prior to Beta8!

IMPORTANT release notes!
Vista users! Sorry but could not find during earlier testing that the current version of RAA still not fully supports Windows Vista. On that OS ShellExecuteHooks not supported anymore, so the policy could not be applied automatically on files started from the shell via ShellExecute(Ex) :( We have to find another method to get notified about a file startup from the shell.

Sorry but the new beta still has not been fully translated to all the supported languages, except Hungarian.

*** We are still looking for translators to the languages supported earlier yet and an English corrector also! ***

Here are the summary of changes made:

    -----------------------------------------
    v 2.0.0.Beta10
    -----------------------------------------

    Global changes
    - The unrestricted level startup and policy modification confirmation now simulates the windows shutdown confirmation dialog and opened on a separate, secured desktop!
    - At last directories and shell namespace objects can be selected to open at a given restriction level.
    Not finished perfectly yet, known limitations are:
    - Objects pointing to directories now can be opened nicely (f.e. Control Panel, My Computer, etc.), but not objects like Internet, Mail, etc. because they are not yet differentiated from those mentioned first and can not be opened the way like those.
    - Directories opened in explorer view shell namespace objects in single pane view. Later this would be customizable also via the settings dialog.
    - The privilege level colors of the shell command windows now selectable.
    TODO: The color values built in hardcoded, based on the default command dialog color settings, we must read them from the registry and monitor any changes of them.
    - Lots of effort put into that all the dialogs could behave like they were modeless (even if they are modal) so the event and message handling modified hardly. Hope finally we could found a good solution to let all the actions that RAA offers always be available. If you found some trouble please sign to us at our bug report page: http://runasadmin.sourceforge.net/Bugs/
    - Corrected a lot of memory leaks. :(
    - BUG FIX: Strange command window icon and default directory behavior signed at https://sourceforge.net/forum/forum.php?thread_id=1969342&forum_id=433979 corrected.
    - Added new module RAACommon.dll to store project wide common datas, function and classes at a common place. The directory and file placement structure heavily changed.
    - Normal user tokens now contains SeSystemtimePrivilege, but you can force to remove them if you wish together with some other token elemnts via policy rule attributes, see bellow.
    - Added and started to use a more detailed logging solution. The log file can be found the place pointed by HKEY_LOCAL_MACHINE\SOFTWARE\RunAsAdmin\LogFile. The logging level value can be set via HKEY_LOCAL_MACHINE\SOFTWARE\RunAsAdmin\LoggingLevel registry value. The lower the value the more detailed log produced.
    - Added limited support of multiple desktops.
    Known limitations are:
    - RAA tray icon, command, settings and about dialogs are showing only on the primary desktop (WinSta0\Default).
    - Like tray icon the RunAsAdminHook also not installed on another desktops so privilege caption information not shown on the other desktops.
    - Activating the dialogs mentioned above switching automatically to the primary desktop.

    In Explorer.exe
    - The unrestricted level startup and policy modification confirmation now simulates the windows shutdown confirmation dialog and opened on a separate, secured desktop!
    - Added implementation of new option 'Startup level override policy' to let confirm startups that override the security level defined in the policy.
    - Strings in the confirmation dialogs of modification request of level and priority policy now corrected.
    - As a new registered shell RAA do not get set some shell variables f.e. %HOMEDRIVE% and %HOMEPATH%. Splitting up %USERPROFILE% which set correctly at startup to build up the 2 missing.
    - Using now %HOMEDRIVE%%HOMEPATH% as the startup directory of the newly created processes where the directory itself not specified in the file path to execute, otherwise using the path of the file.
    - BUG fixed: TaskmanImageHijack occurred at every startup even if that option was turned off.
    - Added implementation of 'Check For Update' functionality. Now available from the About box as a button and as an automat called periodically and/or at startup as defined in settings. Checks for the repository for explorer.rh at the TheLatestRelease tag directory, parses it's content and compares the version of explorer.exe. If the local version is smaller than signals it, the default project download page can be opened via an url link.
    - Program exit now confirmed (and has a hotkey at debug time, CTRL+SHIFT+ALT+X)

    In RAAShellContextMenu
    - Removed local safer level token creation (CreateTokenForSaferLevel). Now using simple signal sending to explorer.exe at every requested level.
    - Path copy now can be used if multiple items selected, the paths copied to the clipboard with a new line separator between each other.
    - The 'Run with priority' context menu item is removed till we implement it on a way that starts the file with policy level check also.

    In RAACommCtrls
    - Added new option 'Startup level override policy' to let confirm startups that override the security level defined in the policy.
    - Policy changes that has effect on priority settings now reflected immediately in opened setup dialogs. Please remember priority-realtime-allow has priority above priority-high-restrict in policy!
    - The privilege level colors of the shell command windows now selectable
    TODO: The color values built in hardcoded, based on the default command dialog color settings, we must read them from the registry and monitor any changes of them.

    In Policy
    - RAA Policy now supports attributes for normal user token creation. You can create the normal user token as an even more restricted one, just set those properties (See in the new Policy.xml) to TRUE (1) to remove the corresponding token elements from the final produced normal user token. You must restart RAA to these changes take affect!
    - Adding a hash based rule from RunAsAdmin now adds a comment also to the policy before the rule, containing the subject readable name to aid identifying the subject of the rule.
    - Policy evaluation now happens in reverse order (from most restricted to least restricted level), so if a subject has multiple rules defined at different levels the most restricted level will be used.
    - Added an xslt policy file (%SYSTEMROOT%\Shim\Policy\Policy.xslt) to support a formatted xml output at policy file writting, but the current file still not works too well :( (therefore not used in the release version). If anyone could give us a working xslt file that can produce a well formatted (tabulated, properly line ended and keeps comment lines also) xml output will'be so glad :D

Wednesday, February 13, 2008

Programming, RunAsAdminExplorer Shim v2.0.0.Beta9.Fix_1

We had to release a quick fix for bug #1892584 in Beta9.
You can download it from here.
You can find the installation instruction in the Readme.txt inside the archive.

Sorry for the inconvenience!

Tuesday, February 12, 2008

Programming, RunAsAdminExplorer Shim v2.0.0.Beta9

We are happy to announce the new beta which contains a lot of new features and bug fixes, please see detailed list below.

IMPORTANT!!! This release has a new installer which currently unable to detect and cleanup installations of RAA prior to Beta8!
Please REMOVE any previous version of the software prior to Beta8!
Sorry but the new beta still has not been fully translated to all the supported languages, except Hungarian, Catalan and Spanish.

*** We are looking for translators to the languages supported earlier yet and an English corrector also! ***

Enjoy!

    Here are the summary of changes made:

    -----------------------------------------
    v 2.0.0.Beta9
    -----------------------------------------
    Global changes
    - Added FileHash.vbs to Samples and RunAsAdminPolicy.pdf to Doc installation directories. Usage of FileHash.vbs: cscript newhash.vbs "file1ToBeHashed" "file2ToBeHashed" "fileNToBeHashed"
    - Added Turkish translation of setup, thanks to Muhammat! To compile innosetup you need Turkish translation file that you can get from here http://www.jrsoftware.org/files/istrans/
    - Added support of w2k sp4.
    Known limitations are on that OS:
    - Currently only Normal and Unrestricted levels supported.

    In Explorer.exe
    - Command dialog is now runs modeless totally.
    Note: Earlier modal behavior caused the following problems:
    - A stop dialog at runtime to close the open command dialog(s) before exit
    - Running a file from the context menu was delayed until the command dialog(s) not closed.
    - Drag and drop onto our tray icon blocked until the command dialog(s) not closed.
    If you still find problem like mentioned above please sign us.
    Attention! Although these limitations are eliminated by the new modless dialog but when you drop a file onto the tray icon and choosed the command dialog be opened in that case and also you have opened command dialog at that time, than the file will be appended to the 'Run' line of the dialog.
    - Drag and Drop feature on our tray icon and command dialog is enhanced. Also added balloon tooltip when D&D started or when has other tipp about the D&D process (currently when any of the run command dialogs are open). You can disable this balloon tooltip window at 'Options\Drag options\Show balloon tooltips'.
    - BUG FIX: #1686842 fixed, Tasks run as normal user now have shutdown and undock privileges in their token. The new self made token now works (at least we hope it;) on every supported OSes. Also that token made possible to support w2k also.
    - FEATURE REQUEST IMPLEMENTED: #139070, the task manager will start by the configured hotkey at a restriction level depending on policy setting.
    - Similar to the solution of task #127552, the file have to be run from our command dialog now also can be start with options 'Always run as' ands/or 'Always run with priority'. Note: Currently 'Always run with priority' is enabled only if the targeted file is an executable (.com;.exe)!
    - BUG FIX: #1758345 fixed, RAA was unable to start windows shell as normal user if local policy have been set 'System objects: Default owner for objects created by members of the Administrators group' to 'Administrators group'. The normal user token now has a deafult DACL contains full rights for Admins, System and the Logon ID Sid.
    - BUG FIX: #1599717 fixed.
    - BUG FIX: #1415310 fixed, RAA now updates it's environment variables from the actual user and system environment variables in case of runtime changes occurred.
    - Added built in confirmation option of unrestricted file start and/or RAA's policy modification. The implementation of the confirmation dialog is not perfect yet. TODO: The confirmation dialog can be closed by any window that become active. This must be corrected, only SHIFT+CTRL+ESC (task manager), CTRL+ALT+DEL (login window or task manager) or CTRL+ESC (start menu) should close our dialog.

    In RAAShellContextMenu
    - TASK FINISHED: #131949. You can add rule to RAA Policy for a given file based on it's path or hash to get the file always be started at a given startup restriction level. Simply use any of the 'Always run as' menu items from the context menu.
    - TASK FINISHED: #127552. Added implementation of priority policy. You can control startup priority of a given file just like for startup level, simply use any of the 'Always run with priority' menu items from the context menu. Note: Currently only executable files (.com;.exe) can be added to the policy as 'Always run with priority' rule this way!
    - Added new option to let paths to be copied automatically surrounded by double quotes. You can select the behavior this way of the CTRL key held down during the copy.
    - BUG 1491386 fixed: The 'New Folder' button now works fine in the Save (as) dialogs.

    In RAACommCtrls
    - FEATURE REQUEST IMPLEMENTED: #139070, the task manager will start by the configured hotkey at a restriction level depending on policy setting.
    - TASK FINISHED: #139069. The taskmanager started by winlogon under NT AUTHORITY\SYSTEM acc now disabled if required.
    - TASK FINISHED: #139068. The two old property priority-realtime-allow and priority-high-restrict finally not removed from the policy, they have global restriction meaning from now. The policy settings has priority over the user settings therefore if the policy restricts the priority level the user settings can add a more restrictive rule only. The state of the controls representing the user settings of the two startup priority restriction level now set also corresponding to the restriction level set in the policy. It means they can appear in disabled state or can be hidden depending on the global restriction level of the policy and depending on the state of the user settings. f.e. If the policy has priority-realtime-allow="0" priority-high-restrict="0" level setting then the user can only set the 'Priority high restricted' option and would not see the realtime priority level in the context menu or the command dialog of RAA. As earlier priority-realtime-allow="1" priority-high-restrict="1" means no restriction on level 'high', priority-realtime-allow has priority over priority-high-restrict if enabled, this is true in the options dialog also, which also signed by the state of the corresponding controls.
    - TASK FINISHED: #139097. Load and Save settings functions now handles admin options separately reads and stores admin settings under HKLM\SOFTWARE\RunAsAdmin\AdminSettings\%COMPUTERDOMAIN%\%USERNAME%. User settings stored at HKCU\SOFTWARE\RunAsAdmin\UserSettings. Any admin option presented will overwrites the usersettings at Load time and will be saved separately under the HKLM key at Save time. Via this new feature finally we can perfectly control access of admin options of RAA and protect settings of file startup with unrestricted level. The new sample at https://sourceforge.net/forum/forum.php?thread_id=1734421&forum_id=543633 shows you how to enable access of admin options and 'Run As Unrestricted' possibilities from menus and dialogs for specified users only.
    - TASK IMPLEMENTED: #127557 80% ready, Now you can choose privilege info to be shown in shell windows also. Actually you can select text to be shown just like for normal windows earlier (the same controls used for that) and can select if you'd like to change the colors of the shell window with admin privilege. The text would be ADMIN and NONADMIN (for the English version, your translator can change it). The colors itself now could not be customized from the program, turned this option on the admin shell background color changes to Bright White and the text color to Light Red. The non admin shell keeps the default color settings. If you'd like to change colors to a custom value please see: http://tinyurl.com/398hw5. RAA implements this feature very similar, just check the HKCU\SOFTWARE\Microsoft\Command Processor\AutoRun Value and the help of the 'color' command. Our shell command privilege info not set directly in the autoruns reg key, but using now 2 separated command files AutoRuns.cmd and RAAAutoRuns.cmd. They are stored at %APPDATA%\RunAsAdmin\Command Processor\. The first one is specified in autoruns and calls the other. Also merged into the first file at creation the previously defined autoruns if any. This way the user can henceforward customise autoruns and also RAA can call the required commands to support privilege caption info (till the user do not remove our reference from the first file) Enabling controls of the shell privilege info setting enhanced. Now you can not deselect 'Show text' if 'Show in shell window also' selected and 'Change shell window color' not selected, because that setting would not have affect on the shell window (neither caption nor color would have been changed). Also if both 'Show text', 'Show in shell window also' and 'Change shell window color' were deselected turning on 'Show in shell window also' will turn on 'Change shell window color' automatically.Currently only the built in windows shell modified, to get the modified a custom shell f.e. PowerShell please see http://tinyurl.com/2yzg23. Thanks for Aaron Margosis and other contributors write on his blog page for the FSUTIL trick.
    - Added new option to let paths to be copied automatically surrounded by double quotes. You can select the behavior this way of the CTRL key held down during the copy.
    - Added new option to let the user control which privileged action be confirmed. (Unrestricted file run, RAA's policy modification...)

    In Policy
    - Added handling of the new policy attribute allow-priority-override, which is by defult enabled. If allow-priority-override false then the priority policy checking functions does not let it's allowed priority return value to be set higher than defined by the priority-realtime-allow and priority-high-restrict attributes even if the examined subject has a priority rule with higher value allowed.
    - TASK FINISHED: #127552. Added implementation of priority policy. You can control startup priority just like startup level, just use 'priorities' element like 'levels' f.e.

    <priorities> 
    <belownormal> 
    <record groupName="AlwaysBelowNormalPriority"/> 
    </belownormal> 
    </priorities> 

    Note: If allow-priority-override is "0" in RAA's policy the 'priorities' elements still could not override the global priority-realtime-allow and priority-high-restrict level settings of policy. Any higher value than the allowed by priority-realtime-allow and priority-high-restrict fall back to that allowed maximum level.
    Note: The current implementation of this feature might cause a bit overall system performance overhead (because of periodical registry and file system reading) due to our policy not yet cached!
    You can turn off this feature at "Options\Performance options\Adjust all listed in policy"
    - Added two new signal element 'always-priority-rule' and 'always-level-rule' to handle the two corresponding policy modification requests.