Announcing Microsoft Standard User Analyzer Beta 1

The UAC team has just released the first beta version of the Microsoft Standard User Analyzer (SUA) tool. SUA is a tool that independent software vendors (ISVs) and IT developers can use to diagnose and identify possible application compatibility issues when migrating applications from running as administrator on down level Windows operating systems to Windows Vista which even with administrators run most programs with standard user privileges by default.

SUA is a runtime diagnose tool and has two modes, predictive mode and diagnose mode. In predictive mode, the application being tested is launched elevated with administrative privileges. SUA works by monitoring a set of selected APIs that are used to access resources, like files and registry keys, on the operating system. During application runtime, SUA interprets how each API is called, monitors the result, and logs the result on whether such a call will succeed or fail when the application is running as standard user instead of as administrator. This allows the application to be fully exercised to provide a high level summary of all the potential standard user issues in the application. In diagnose mode, the application being tested is launch with a standard user token. The application may fail at the first error it encounters. This mode is useful if you want to test the application in a standard user environment after you have fixed all the issues identified by SUA in the predictive mode.


Figure 1 Screenshot of Standard User Analyzer Beta 1

As we progress in our understanding of standard user application compatibility issues, we will be integrating our knowledge into the next beta version of the tool. We hope you will find this tool useful in helping you change your application to be standard user ready on Windows Vista.

Please visit the Standard User Analyzer site to obtain additional information and to download the tool.

 

Thanks,

Wei Wang

Lead SDE/T

Windows Security

Comments

  • Anonymous
    May 26, 2006
    PingBack from http://www.centplus.com/announcing-microsoft-standard-user-analyzer-beta-1the-uac-team-has/
  • Anonymous
    May 26, 2006
    PingBack from http://www.centplus.com/how-do-i-get-the-cent-sign-in-a-microsoft/
  • Anonymous
    May 29, 2006
    I was hoping this could be used by a sysadmin to help see what an app needs in order to run, but I am totally lost here!

    I've tried launching several apps via the tool - none seem to load. The first time around, it notified me that I needed appverif.exe - fine, went and got that.

    Now I see various messages in the debug window, like:

    Launching: C:Program FilesMoffsoft FreeCalcMoffFreeCalc.exe
    Returned  : 216

    Executing: appverif.exe -disable luapriv -for "MoffFreeCalc.exe"
    Returned : 0

    Executing: appverif.exe -export log -for "MoffFreeCalc.exe" -with to="C:DOCUME~1BRYAN~1.PURLOCALS~1TempMoffFreeCalc.exe.xml" Symbols="C:WINDOWS"
    Returned : 1

    ... but nothing else happens. There's no Help. I've tried playing with various options. So far, this seems kind of useless! Maybe some additional documentation pointers would be valuable here ...
  • Anonymous
    May 29, 2006
    It seems my real problem is this:

    StampLogFile failed
    Refresh log #1
    Executing: appverif.exe -stamp log -for "anyapp.exe" -with Stamp=STAMP1
    Returned : 1

    I seem to be getting this error no matter what I do. And I seem to get LOTS of them when I run apps that I know are generating LUA errors. I am running the program itself while logged in as a member of Administrators. I get the problem when I 'Launch elevated' whether I launch as a member of Administrators, or the Administrator account itself.

    How to resolve?
  • Anonymous
    May 29, 2006
    Please give me the instructions how to use MS standard user analyzer.
  • Anonymous
    May 30, 2006
    Hi Koti, when you run the MSI that installs the Standard User Analyzer, it installs a SUAnalyzer.rtf file in the Program FilesStandard User Analyzer directory.  Just open that file in an editor that can handle the RTF format (such as WinWord).  Let us know if the instructions in that document are helpful.

    thanks
  • Anonymous
    May 31, 2006
    I think this is going to be a very useful (stand-alone) tool. I do have a question though-
    At the core, what is the difference between this tool and the UAC Evaluator that is included in AppCompat Toolkit?

    thanks
    mags
  • Anonymous
    May 31, 2006
    What a great tool.  I've downloaded it and plan on using/testing it this afternoon.  

    I do have one question regarding the SUA.  When running it in 'diagnose' mode, is virtualization truned off automatically or do you recommend turning it off via the Security Policy manager?

    Please advise.  Thanks.
  • Anonymous
    June 01, 2006
     
    First, let me introduce myself, my name is Steve Hiskey, and I am the Lead Program Manager for...
  • Anonymous
    June 02, 2006
    So, I used SUA to analyze and diagnose an application.  I wish to save the log file to disk.  However, the 'Export Log File' option under the File menu item is disabled!  How is a log file exported or what am I missing?  Please advise.
  • Anonymous
    June 07, 2006
    I am not sure if this is really the right thread for this question, but give me a chance. We have an application running on XP, etc., that we are trying to adapt to Vista. I need to have process A, which is running with elevated privileges (after undergoing an elevation prompt at creation), to run process B without elevated privileges. It is a security risk to run it with elevated privileges. How do I do that? CreateProcess does not seem to allow for any flags to control the privilege level to be granted to the child process.
  • Anonymous
    June 20, 2006
    For what it's worth, there's a bug in this tool as it stands -- running it on our app, the resulting XML file contains non-standard ascii characters (in particular, e acute), so it can't read its own log files back in again, so there's no way to get useful results out.

    I wrote a tiny app that strips out all bytes >128 from files to fix this, so now I can get useful info, but you folks at MS might want to see what could be going on here.
  • Anonymous
    June 20, 2006
    The comment has been removed
  • Anonymous
    June 20, 2006
    The comment has been removed
  • Anonymous
    June 20, 2006
    Denverite, the virtualization setting for the target application is the same as when you start the application without Standard User Analyzer. In other words, it’s usually on unless the target application is a system binary with a runlevel setting in its manifest. You can leave it on when using SUA.
    Virtualization is a stop-gap technology and it’s meant to help legacy applications run on Vista but in the long run, all new applications written for Vista should not rely on it. In fact, Vista Logo requires Vista-approved application to run well with virtualization turned off.
  • Anonymous
    June 20, 2006
    Bryan, error 216 is ERROR_EXE_MACHINE_TYPE_MISMATCH.  Is your application a 64-bit application? Right now, Standard User Analyzer only works for 32-bit application as we expect most legacy application to be 32-bit applications.
    As for “StampLogFile” issue, did you have “Realtime Diagnosis” enabled? If so, try to disable it and see how it goes.
  • Anonymous
    February 15, 2007
    Nice tool, when its going open source?