Windows Vista Integrity Mechanism Technical Reference
This article details what the Windows® integrity mechanism is, why it was designed, how it works, and how you can code your applications for it. In this technical reference, we discuss the following topics:
- What is the Windows Integrity Mechanism?
Discusses what an integrity mechanism is, the concept of integrity models, and why the Windows integrity mechanism was designed.
- Windows Integrity Mechanism Design
Shows how the Windows integrity mechanism was designed to be an extension to the Windows security architecture.
- How the Integrity Mechanism Is Implemented in Windows Vista
Shows how the Windows integrity mechanism was modified in Windows Vista® to include support for User Account Control (UAC), Microsoft Internet Explorer® Protected Mode, and the Windows Component Object Model (COM).
- Designing Applications to Run at a Low Integrity Level
Shows how to design and develop applications to run at a low integrity level, and how to identify whether your application can run at a low integrity level.
- Appendix A: SDDL for Mandatory Labels
Shows how to understand and implement Security Descriptor Definition Language (SDDL) functions for mandatory labels.
- Appendix B: Icacls and File Integrity Levels
Shows how to use the Icacls command-line tool to manage the security settings on files. The Windows Vista version of Icacls supports mandatory labels on files.
- Appendix C: The Windows Integrity Mechanism and Windows Kernel Mode Code Integrity
Discusses how the Windows integrity mechanism enhances the security of the Windows kernel by requiring that all kernel mode binaries be digitally signed on 64-bit computers that are running Windows Vista.
- Appendix D: Getting the Integrity Level for an Access Token
Shows how to use the GetTokenInformation API to get the integrity level for an access token.
- Windows Integrity Mechanism Resources
Additional reading that we recommend and the references that we used for creating this technical reference.
Who Should Use This Reference
- Software developers and knowledgeable IT professionals who want to learn how the Windows integrity mechanism works
- Software developers who want to learn how to code for the Windows integrity mechanism
What Is Not in This Reference
- High-level background information about how Windows security works
If you are unfamiliar with any of the terms or concepts that are discussed in this reference, refer to the References section to learn more about general Windows security topics.
- Detailed step-by-step content for designing applications for general Windows Vista compatibility
If you are looking for guidance about how to make your application Windows Vista-capable, see the Windows Vista Developer Story.