Jump back to the top page Jump back to the top page

 What is XXCOPY ?
 F A Q 
 About Us (Pixelab) 
On-Line Manual 
XXTB #001 
XXTB #002 
XXTB #003 
XXTB #004 
XXTB #005 
             . . .  


©2016 Copyright

 All rights reserved  
    [ Table of Contents ] [ Show as Detached ] [ >> ]


    From:    Kan Yabumoto           tech@xxcopy.com
    To:      XXCOPY user
    Subject: XXCOPY on Windows Vista --- living with UAC
    Date:    2007-09-01
        It is no surprise that the corporate world has been in the usual
        "Wait-and-see" mode since the introduction of Windows Vista this
        January.  It may be just me, but the transition from XP to Vista
        seems to be slower than any of previous Windows' version updates.
        Aside from the cosmetic changes, the most notable enhancement in
        Vista is the new User Account Control (UAC) scheme.  Because of
        its importance and pervasiveness, everyone needs to take time and
        examine what UAC is all about and how it affects our use of the
        computer, especially in XXCOPY's operations.
        In this article, I will try to summarize the UAC-related issues
        that are relevant to XXCOPY operations in my own words.
        In essence, the UAC scheme tries to improve the system security
        by erecting a boundary between the standard (regular) system
        resources and the administrative (vulnerable) resources.
        One of the most informative articles on the subject that I have
        seen so far is "Inside Windows Vista User Account Control"
        written by the widely respected author, Mark Russinovich of
        Winternals. Although very technical, it is a very good reading
        for those who want to run XXCOPY on Windows Vista.
    Too busy to learn UAC?
        For those who refuse to pay the due in learning the UAC scheme,
        there is a simple way to avoid the UAC-related hassles and get
        on the business of using Vista (and XXCOPY on it) --- at least
        for now and to revisit the issue when there is more time:
        Just disable the UAC settings.  Here's how.
        Control Panel > User Accounts > Turn User Account Control on or off
           uncheck the following check box:
           [ ] Use User Account Control (UAC) to help protect your computer
           then, click [OK] and reboot the system.  That is it!
        Of course, disabling UAC means that you are giving up the improved
        security that the UAC scheme promises.  It sounds a bit scary.
        But, using the Vista without UAC would not be any worse than
        running a previous version of Windows.
        When you disable the UAC setting, XXCOPY will work just fine.
        All the headaches associated with the UAC scheme will go away.
        You can even stop reading this page here because the rest of
        this article is relevant only when you enable UAC on Vista.
        Make sure that you revisit this article when you turn on UAC.
    Then again, why Vista?
        Unless your new computer arrived with a pre-installed Vista,
        it may be wise to wait a little longer if not for all the third-
        party Vista support infrastructure become available.  For one
        thing, Vista does demand considerably more system resources
        (faster CPU and more memory) to sustain the same level of
        responsiveness of the previous version of Windows.
        Lastly, if you are like most of us who need to live with Windows
        in the foreseeable future, you will eventually have to face
        the tune of Vista (and UAC).  So, let's get on with it, now.
    UAC's view of things:
        The UAC scheme is to force a user in the Administrator group
        to operate in Standard User mode most of the time and to grant
        the administrative rights only to programs that need them with
        an explicit user prompt on a case-by-case basis.  The idea is
        to minimize the exposure of the critical system resources to
        malware and viruses by shielding the vulnerable parts from most
        of the programs.
        If you are a standard (non-administrator) user, you can't modify
        the protected resources on the disk (the root directory, the
        "Windows" and "Program Files" directories).
        One important thing to recognize is that UAC implements its
        policy on a program-by-program basis.  UAC classifies programs
        into there types:
          1.  Legacy programs that do not declare as Vista-compatible.
          2.  Programs that do not change administrative resources.
          3.  Programs that may change administrative resources.
        All Vista-compatible programs need to provide a "manifest"
        (an XML document) where the requirement for administrative
        privileges is declared.  (XXCOPY of Ver 2.96.0 or newer has
        a embedded manifest within the program for user convenience.)
        Unfortunately, an application program such as XXCOPY.EXE cannot
        acquire the administrative privileges on an As-Needed basis.
        Therefore, whether or not your XXCOPY command modifies the
        protected directories (such as the root directory), UAC will
        intervene and prompt you for your acknowledgement that you
        are knowingly invoking the "high-risk" program.  In order to
        serve those who do not intend to modify files that require
        administrative privilege, we decided to package a version of
        XXCOPY for the standard (non-administrative) user that does
        not elevate the privileges, namely, XXCOPYSU.EXE.
        Using UAC's classifications (see above), various versions of
        XXCOPY can be categorized as follows:
          1. XXCOPY.EXE (legacy) // old version (v.2.9x.x or earlier)
          2. XXCOPYSU.EXE        // the standard-user version of XXCOPY
          3. XXCOPY.EXE          // the full-capability XXCOPY program 
        The UAC scheme also classifies resources in the computer into
        two groups:
          1. regular resources   // any program can modify
          2. admin resources     // only privileged programs can modify
        The regular resource (files in ordinary directories or entries
        in ordinary areas in the system registry) can be modified by
        any class of programs without restrictions.  The great majority
        of files on your disk follow this scenario. 
        The admin resource includes the root directory, the Windows
        directory, the "Program Files" directory and certain areas in
        the system registry.  When a program attempts to modify a file
        in such directories, the result depends upon which of the three
        types the program belongs to.
    Program Behaviors when UAC is enabled:
        In the discussion above, three types of programs were mentioned.
        Any of these programs can manipulate files in a directory in the
        general resource in the same old way.  Nothing special.
        The key difference is when files in a directory that belongs to
        the admin resource is written or modified, the outcome will vary
        depending upon which of the three types the program belongs.
        1.  A legacy program (e.g., old XXCOPY.EXE) will appear to work
            well without showing an error condition.  However, the Vista
            environment puts the program in a "sand box" where the
            program writes the output into a virtualized directory.
            In actuality, the Vista environment protects the admin
            resource (such as the root directory) by faking the changes.
            While the fooled program believes that it made changes in
            a file in the root directory, the new file is written in a
            separate directory.
        2.  A regular program without the administrative privilege (e.g.,
            XXCOPYSU.EXE) will fail to modify an admin resource (e.g.,
            to change a file in the root directory).  The UAC-enabled
            environment simply refuses to let a program to alter the
            contents of admin resource without proper permissions.
        3.  The invocation of a privileged program (vista-compatible
            XXCOPY.EXE) will prompt users for the UAC elevation.  If
            the log-in user belongs to administrators group, then,
            the user prompt can be dismissed by a simple mouse click.
            If the log-in user is a standard user, then, it invokes
            a "OTS" elevation which asks for the choice of administrator
            and his password to proceed.  In either case, the administrator
            privilege will be granted with the temporary log-in (when
            the password is entered correctly) and the remaining execution
            of the program will work unimpeded.
        The important thing to remember is that the execution of XXCOPY
        will prompt you for either a simple mouse-click (if you have the
        administrator privilege) or an administrator password (if you
        are a standard user) in a UAC-enabled environment. 
    Types of UAC Dialog Boxes:
        If you (the current log-in user) are an administrator, you will
        encounter one of the following dialog boxes.  It is color-coded
        Green: Very Safe,  Gray: Generally Safe, Yellow: Need Caution.
            A program that comes with Windows (supplied by Microsoft)
            You can trust this type of programs (at least in theory).
            A third-party program with the publishser's digital signiature
            If you are not familiar with the publisher, examine the
            publisher's digital signature carefully.  It's usually safe.
            A third-party program without a digital signiature.
            If such a window popped up unexpectedly, you should cancel it.
            However, there are cases where a legitimate application comes
            without a digital signature.  
        For a standard user (not logged-in as an administrator), the dialog
        boxes will be slightly different.  The choice to proceed with the
        program requires a special (temporary) log-in as a user with the
        andministrator privilege.  
            The dialog box provides a choice of the log-in user and
            a box for password.
    Avoiding the UAC-related prompts:
        When you run XXCOPY a number of times in a setting, or run
        a batch file that repeatedly launches XXCOPY or other programs
        that require the UAC-elevation, the prompts caused by the UAC-
        enabled environment will not only become a nuisance, but also
        prevent an unattended operation.
        We suggest that you create a user console (CMD.EXE --- so-called
        DOS Box) that is invoked with the elevated UAC privilege.
        Once inside the privileged console, all XXCOPY executions will
        be carried out with the elevated privilege without a prompt.
    XXConsole, a Super Console Generator:
        The following command line installs XXCOPY on your computer:
            xxcopy /install
        It saves XXCOPY-related files from the temporary directory
        (where the downloaded ZIP file is expanded) into the final
        destination (typically at \Windows\system32).  This procedure
        also creates a shortcut icon of the command processor (CMD.EXE)
        in the Desktop under the label of XXConsole.
            xxc icon
        It is to make XXCOPY users' life simpler by a dedicated shortcut
        for an administrator console with a regular mouse click.
            admin console
            Note the "Administrator:" label at the top left corner.
        Since this window which is created by the command processor (CMD.EXE)
        is launched with the administrative privilege, all command-line
        executions of the XXCOPY program and all batch file invocations inside
        this console window will inherit the elevated UAC setting without
        any additional user prompt.
        The next technical bulletin explains the XXConsole tool in detail.
    [ Table of Contents ] [ Show as Detached ] [ >> ]