使用者 Account 控制項的運作方式How User Account Control Works

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

使用者 Account 控制項 (UAC) 損壞電腦可以協助防止惡意程式 (也稱為 「 惡意程式碼),並協助組織部署更容易管理的桌面。User Account Control (UAC) helps prevent malicious programs (also called malware) from damaging a computer and helps organizations deploy a better-managed desktop. 使用 UAC,應用程式和工作永遠執行的安全性部分非系統管理員帳號,除非系統管理員明確授與系統管理員等級系統的存取權。With UAC, applications and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC 可以封鎖自動安裝未經授權的應用程式和系統設定避免不慎的變更。UAC can block the automatic installation of unauthorized applications and prevent inadvertent changes to system settings.

UAC 程序與互動UAC Process and Interactions

每個應用程式需要系統管理員存取權杖必須提示同意系統管理員。Each application that requires the administrator access token must prompt the administrator for consent. 一個例外是之間的父系和子女處理程序的關係。The one exception is the relationship that exists between parent and child processes. 子女的處理程序繼承使用者存取權杖父系處理程序。Child processes inherit the user access token from the parent process. 不過,家長及子女處理程序,必須具有相同的完整性層級。Both the parent and child processes, however, must have the same integrity level. Windows Server 2012,將它們整合等級保護處理程序。Windows Server 2012 protects processes by marking their integrity levels. 整合等級的信任的度量單位。Integrity levels are measurements of trust. [高] 完整性應用程式是執行修改系統資料,例如的磁碟分割應用程式中,「 低 「 完整性應用程式可執行的工作,可能會危害作業系統,例如網頁瀏覽器時的工作。A "high" integrity application is one that performs tasks that modify system data, such as a disk partitioning application, while a "low" integrity application is one that performs tasks that could potentially compromise the operating system, such as a Web browser. 使用較低的完整性層級的應用程式無法修改具有更高版本整合等級的應用程式中的資料。Applications with lower integrity levels cannot modify data in applications with higher integrity levels. 當標準使用者嘗試執行的應用程式需要系統管理員存取權杖時,UAC 需要使用者提供有效的系統管理員認證。When a standard user attempts to run an application that requires an administrator access token, UAC requires that the user provide valid administrator credentials.

以更加了解此程序發生請務必查看 Windows Server 2012 登入程序的詳細資料。In order to better understand how this process happens it is important to review the details of the Windows Server 2012 logon process.

Windows Server 2012 登入程序Windows Server 2012 Logon Process

下圖示範如何系統管理員的身分登入程序 mca 標準使用者登入程序。The following illustration demonstrates how the logon process for an administrator differs from the logon process for a standard user.

圖示範如何系統管理員的身分登入程序 mca 標準使用者登入程序

根據預設,標準使用者系統管理員存取資源並執行的應用程式的標準使用者安全性部分。By default, standard users and administrators access resources and run applications in the security context of standard users. 當使用者登入電腦時,系統會建立使用者存取預付的碼。When a user logs on to a computer, the system creates an access token for that user. 存取權杖包含層級的存取權限授與使用者,包括特定安全性識別碼 (Sid) 以及 Windows 權限的相關資訊。The access token contains information about the level of access that the user is granted, including specific security identifiers (SIDs) and Windows privileges.

當系統管理員的身分登入時,兩個不同的存取權杖建立的使用者: 標準使用者權杖存取和系統管理員存取預付碼。When an administrator logs on, two separate access tokens are created for the user: a standard user access token and an administrator access token. 存取標準使用者權杖包含相同的特定使用者的資訊以系統管理員存取權杖,但 Windows 管理權移除了。The standard user access token contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed. 標準使用者存取權杖用來開始應用程式,並執行管理工作 (使用者標準應用程式)。The standard user access token is used to start applications that do not perform administrative tasks (standard user applications). 標準使用者存取權杖然後用來顯示桌面 (Explorer.exe)。The standard user access token is then used to display the desktop (Explorer.exe). Explorer.exe 是所有其他使用者車載機起始處理程序繼承他們存取權杖父系處理程序。Explorer.exe is the parent process from which all other user-initiated processes inherit their access token. 如此一來,所有的應用程式執行一般的使用者的使用者提供同意或核准使用完整的系統管理存取權杖應用程式認證。As a result, all applications run as a standard user unless a user provides consent or credentials to approve an application to use a full administrative access token.

群組成員的系統管理員的使用者可以登入,瀏覽網頁,並讀取電子郵件時使用標準使用者權杖存取。A user that is a member of the Administrators group can log on, browse the Web, and read e-mail while using a standard user access token. 當系統管理員必須執行的工作自動需要系統管理員存取權杖、 Windows Server 2012 提示 \ [核准的使用者。When the administrator needs to perform a task that requires the administrator access token, Windows Server 2012 automatically prompts the user for approval. 此提示稱為提高權限提示,並可以使用 [本機安全性原則嵌入式管理單元 (Secpol.msc) 或群組原則設定其行為。This prompt is called an elevation prompt, and its behavior can be configured by using the Local Security Policy snap-in (Secpol.msc) or Group Policy.

注意

字詞 」 提高 」 來參考提示使用者同意,或使用完整的系統管理員存取權杖認證 Windows Server 2012 中的程序。The term "elevate" is used to refer to the process in Windows Server 2012 that prompts the user for consent or credentials to use a full administrator access token.

UAC 使用者體驗The UAC User Experience

時,UAC 會支援時,標準使用者的使用者體驗是不同的系統管理員核准模式中的系統管理員。When UAC is enabled, the user experience for standard users is different from that of administrators in Admin Approval Mode. 建議且更安全的方法執行 Windows Server 2012 是讓您的主要使用者帳號標準帳號。The recommended and more secure method of running Windows Server 2012 is to make your primary user account a standard user account. 一般的使用者身分執行可協助以最大化安全性受管理的環境。Running as a standard user helps to maximize security for a managed environment. 與建的 UAC 提高權限元件標準使用者可以輕鬆地執行管理工作本機系統管理員帳號輸入有效的憑證。With the built-in UAC elevation component, standard users can easily perform an administrative task by entering valid credentials for a local administrator account. 預設值,建標準使用者的 UAC 提高權限元件是 credential 提示。The default, built-in UAC elevation component for standard users is the credential prompt.

另一個是系統管理員核准模式中的系統管理員身分執行一般的使用者身分執行。The alternative to running as a standard user is to run as an administrator in Admin Approval Mode. 與建的 UAC 提高權限元件本機系統管理員群組成員可以輕鬆地提供核准執行管理工作。With the built-in UAC elevation component, members of the local Administrators group can easily perform an administrative task by providing approval. 預設值,建 UAC 提高權限元件管理員,管理核准模式中的稱為同意提示。The default, built-in UAC elevation component for an administrator account in Admin Approval Mode is called the consent prompt. 可以使用 [本機安全性原則嵌入式管理單元 (Secpol.msc) 或群組原則設定的 UAC 提高權限提示行為。The UAC elevation prompting behavior can be configured by using the Local Security Policy snap-in (Secpol.msc) or Group Policy.

同意和認證提示The consent and credential prompts

Windows Server 2012 UAC 支援,會提示您的同意,或在程式或工作需要完整的系統管理員存取權杖開始之前會提示輸入有效的本機系統管理員的認證。With UAC enabled, Windows Server 2012 prompts for consent or prompts for credentials of a valid local administrator account before starting a program or task that requires a full administrator access token. 此提示可確保您可以自動安裝任何惡意軟體。This prompt ensures that no malicious software can be silently installed.

同意提示The consent prompt

同意提示使用者想要執行的工作需要使用者的系統管理員存取預付碼時顯示。The consent prompt is presented when a user attempts to perform a task that requires a user's administrative access token. 以下是同意 UAC 提示的螢幕擷取畫面。The following is a screen shot of the UAC consent prompt.

同意 UAC 提示螢幕擷取畫面

Credential 提示The credential prompt

認證命令提示字元中會呈現標準使用者嘗試執行的工作需要使用者的系統管理員存取預付碼。The credential prompt is presented when a standard user attempts to perform a task that requires a user's administrative access token. 可以使用本機安全性原則嵌入式管理單元 (Secpol.msc) 或群組原則設定預設提示標準使用者的行為。This standard user default prompt behavior can be configured by using the Local Security Policy snap-in (Secpol.msc) or Group Policy. 系統管理員也可能需要提供認證來設定使用者 Account 控制項: 行為將值設定為 [命令提示字元中,輸入認證管理員核准模式原則中的系統管理員權限提示。Administrators can also be required to provide their credentials by setting the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode policy setting value to Prompt for credentials.

下列螢幕擷取畫面就的 UAC credential 提示。The following screen shot is an example of the UAC credential prompt.

螢幕擷取畫面顯示的 UAC credential 提示範例

UAC 提高權限提示UAC elevation prompts

UAC 提高權限提示是不同的色彩,將特定應用程式,就如立即驗證的應用程式的潛在的安全性風險。The UAC elevation prompts are color-coded to be application-specific, enabling for immediate identification of an application's potential security risk. 當系統管理員身分完整存取預付碼執行嘗試應用程式時,Windows Server 2012 第一次分析判斷及其發行者的可執行檔。When an application attempts to run with an administrator's full access token, Windows Server 2012 first analyzes the executable file to determine its publisher. 應用程式第一次分成三類根據的可執行檔發行者: Windows Server 2012,驗證的發行者 (簽署),並不驗證的發行者 (簽署)。Applications are first separated into three categories based on the executable file's publisher: Windows Server 2012 , publisher verified (signed), and publisher not verified (unsigned). 下圖顯示 Windows Server 2012 如何判斷要對使用者顯示的色彩提高權限提示。The following diagram illustrates how Windows Server 2012 determines which color elevation prompt to present to the user.

提高權限提示編碼如下:The elevation prompt color-coding is as follows:

  • 紅色背景紅色 shield 圖示: 應用程式群組原則中封鎖或封鎖發行者。Red background with a red shield icon: The application is blocked by Group Policy or is from a publisher that is blocked.

  • 藍色背景 shield 藍色和金會員圖示: 的是 Windows Server 2012 管理應用程式,例如 [控制台] 項目。Blue background with a blue and gold shield icon: The application is a Windows Server 2012 administrative application, such as a Control Panel item.

  • 藍色背景藍色 shield 圖示: 應用程式已使用的驗證碼,並信任的樹系的本機電腦。Blue background with a blue shield icon: The application is signed by using Authenticode and is trusted by the local computer.

  • 黃色背景黃色 shield 圖示: 未經簽署的應用程式,或是簽署,但尚未信任的本機電腦。Yellow background with a yellow shield icon: The application is unsigned or signed but is not yet trusted by the local computer.

Shield 圖示Shield icon

某些控制台項目,例如的日期和時間屬性,包含的系統管理員身分和標準使用者操作組合。Some Control Panel items, such as Date and Time Properties, contain a combination of administrator and standard user operations. 標準使用者都可以檢視時鐘和變更的時區,但所需完整的系統管理員存取預付碼變更本機系統時間。Standard users can view the clock and change the time zone, but a full administrator access token is required to change the local system time. 以下是的螢幕擷取畫面的日期和時間屬性[控制台] 項目。The following is a screen shot of the Date and Time Properties Control Panel item.

螢幕擷取畫面顯示 * * 的日期和時間屬性 * * 控制台項目

在 shield 圖示變更日期和時間按鈕表示程序,需要存取權杖完整的系統管理員,且將會顯示的 UAC 提高權限提示。The shield icon on the Change date and time button indicates that the process requires a full administrator access token and will display a UAC elevation prompt.

保護提高權限提示Securing the elevation prompt

提高權限程序進一步受到引導安全桌面的提示。The elevation process is further secured by directing the prompt to the secure desktop. 同意和認證提示在 Windows Server 2012 預設會顯示在安全的桌面。The consent and credential prompts are displayed on the secure desktop by default in Windows Server 2012 . 僅限 Windows 處理程序可以存取安全桌面。Only Windows processes can access the secure desktop. 適用於更高安全性的我們建議事物使用者 Account 控制項: 切換到安全桌面提高權限提示時原則設定支援。For higher levels of security, we recommend keeping the User Account Control: Switch to the secure desktop when prompting for elevation policy setting enabled.

當可執行檔要求權限時,也稱為使用者桌面互動式桌面切換到安全桌面。When an executable file requests elevation, the interactive desktop, also called the user desktop, is switched to the secure desktop. 安全桌面暗使用者桌面,而會顯示,必須先回應提高權限提示。The secure desktop dims the user desktop and displays an elevation prompt that must be responded to before continuing. 當使用者按下 [是] 或桌面否,切換回使用者桌面。When the user clicks Yes or No, the desktop switches back to the user desktop.

惡意程式碼可呈現的安全桌面,但使用者 Account 控制 imitation: 行為的原則設定的系統管理員核准模式] 中的系統管理員權限提示同意設定為 [命令提示字元中,如果使用者 imitation 上按一下 [是] 的惡意程式碼不會獲得提高權限。Malware can present an imitation of the secure desktop, but when the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode policy setting is set to Prompt for consent, the malware does not gain elevation if the user clicks Yes on the imitation. 如果原則設定設定為 [命令提示字元中輸入認證,模仿認證命令提示字元中的惡意程式碼可以收集使用者的認證。If the policy setting is set to Prompt for credentials, malware imitating the credential prompt may be able to gather the credentials from the user. 不過,惡意軟體不能取得提高權限,系統會有其他減少控制收割後的密碼更的使用者介面的惡意程式碼保護。However, the malware does not gain elevated privilege and the system has other protections that mitigate malware from taking control of the user interface even with a harvested password.

當惡意程式碼可能會呈現的安全桌面 imitation 時,除非先前的電腦上安裝的惡意程式碼的使用者,無法發生此問題。While malware could present an imitation of the secure desktop, this issue cannot occur unless a user previously installed the malware on the computer. 使用者時,UAC 會支援,需要系統管理員存取權杖處理程序以無訊息方式無法安裝,因為必須明確地提供同意按一下[是]或提供系統管理員認證。Because processes requiring an administrator access token cannot silently install when UAC is enabled, the user must explicitly provide consent by clicking Yes or by providing administrator credentials. 特定的 UAC 提高權限提示行為是仰賴群組原則。The specific behavior of the UAC elevation prompt is dependent upon Group Policy.

UAC 架構UAC Architecture

下圖詳細的 UAC 架構。The following diagram details the UAC architecture.

圖表詳細的 UAC 架構

若要更加了解每個元件,檢視如下表所示:To better understand each component, review the table below:

ComponentComponent 描述Description
使用者User
使用者執行操作,因而需要權限User performs operation requiring privilege 如果作業會變更系統檔案或登錄,稱為 「 模擬。If the operation changes the file system or registry, Virtualization is called. 所有其他作業通話 ShellExecute。All other operations call ShellExecute.
ShellExecuteShellExecute ShellExecute 呼叫 CreateProcess。ShellExecute calls CreateProcess. 從 CreateProcess ERROR_ELEVATION_REQUIRED 錯誤尋找 ShellExecute。ShellExecute looks for the ERROR_ELEVATION_REQUIRED error from CreateProcess. 如果您收到錯誤,ShellExecute 呼叫應用程式資訊服務嘗試執行要求的作業提升權限提示。If it receives the error, ShellExecute calls the Application Information service to attempt to perform the requested task with the elevated prompt.
CreateProcessCreateProcess 在應用程式需要權限,CreateProcess 取消 ERROR_ELEVATION_REQUIRED 的電話。If the application requires elevation, CreateProcess rejects the call with ERROR_ELEVATION_REQUIRED.
系統System
應用程式資訊服務Application Information service 系統服務,可協助開始需要一個或多個提高權限來執行,例如 [本機管理工作,使用者權限的應用程式和應用程式,需要更高版本完整性層級。A system service that helps start applications that require one or more elevated privileges or user rights to run, such as local administrative tasks, and applications that require higher integrity levels. 同意這類應用程式權限提高需要與 (根據群組原則),以系統管理員的使用者完整存取權杖建立新的處理的應用程式的應用程式資訊服務可協助開始使用者提供給執行這項操作。The Application Information service helps start such applications by creating a new process for the application with an administrative user's full access token when elevation is required and (depending on Group Policy) consent is given by the user to do so.
ActiveX 安裝提高權限Elevating an ActiveX install 如果未安裝 ActiveX,系統會檢查 UAC 滑層級。If ActiveX is not installed, the system checks the UAC slider level. 如果已安裝 ActiveX,使用者 Account 控制項: 切換到安全桌面提高權限提示時已選取的群組原則設定。If ActiveX is installed, the User Account Control: Switch to the secure desktop when prompting for elevation Group Policy setting is checked.
檢查 UAC 滑層級Check UAC slider level UAC 現在會有四種層級選擇通知和滑使用選擇通知的層級:UAC now has four levels of notification to choose from and a slider to use to select the notification level:

  • High

    如果滑為通知,系統會檢查是否已支援安全桌面。If the slider is set to Always notify, the system checks whether the secure desktop is enabled.
  • 媒體Medium

    如果滑設定為預設通知我的程式,請試著變更我的電腦時,只使用者 Account 控制項: 僅限提高已簽章與驗證的可執行檔核取原則設定:If the slider is set to Default-Notify me only when programs try to make changes to my computer, the User Account Control: Only elevate executable files that are signed and validated policy setting is checked:

    • 原則設定時,如果被執行公用基礎結構 (PKI) 認證路徑驗證指定可執行檔之前,允許執行。If the policy setting is enabled, the public key infrastructure (PKI) certification path validation is enforced for a given executable file before it is permitted to run.
    • 如果不是原則設定支援 (預設值) PKI 認證路徑驗證不執行之前,允許執行特定的可執行檔。If the policy setting is not enabled (default), the PKI certification path validation is not enforced before a given executable file is permitted to run. 使用者 Account 控制項: 切換到安全桌面提高權限提示時核取群組原則設定。The User Account Control: Switch to the secure desktop when prompting for elevation Group Policy setting is checked.
  • Low

    如果滑設定為的程式,請試著變更我的電腦時,才,請通知我 (執行變暗的桌面),稱為 「 CreateProcess。If the slider is set to Notify me only when programs try to make changes to my computer (do not dim by desktop), the CreateProcess is called.
  • 不要通知Never Notify

    如果滑為永遠不會通知我時,UAC 提示將永遠不會通知時嘗試安裝程式或想要在電腦上的任何變更。If the slider is set to Never notify me when, UAC prompt will never notify when a program is trying to install or trying to make any change on the computer. 重要事項:不建議使用此設定。Important: This setting is not recommended. 此設定為相同設定使用者 Account 控制項: 行為的系統管理員核准模式中的系統管理員權限提示原則設定,以Elevate 不會提示This setting is the same as setting the User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode policy setting to Elevate without prompting.
支援的安全桌面Secure desktop enabled 使用者 Account 控制項: 切換到安全桌面提高權限提示時核取原則設定:The User Account Control: Switch to the secure desktop when prompting for elevation policy setting is checked:

-如果尚未安全桌面,無論提示行為原則設定的系統管理員和標準使用者安全桌面移所有提升權限要求。- If the secure desktop is enabled, all elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
-如果不支援安全桌面,是所有提升權限要求移至互動式使用者的桌面,並使用適用於系統管理員和標準使用者每一位使用者的設定。- If the secure desktop is not enabled, all elevation requests go to the interactive user's desktop, and the per-user settings for administrators and standard users are used.
CreateProcessCreateProcess CreateProcess 呼叫 AppCompat、 融合,以及安裝程式偵測評估在應用程式需要權限。CreateProcess calls AppCompat, Fusion, and Installer detection to assess if the application requires elevation. 可執行檔再檢查以判斷其要求的執行層級,會儲存在應用程式資訊清單檔中。The executable file is then inspected to determine its requested execution level, which is stored in the application manifest for the executable file. CreateProcess 如果要求的執行層級的資訊清單中指定不符合存取預付碼將會失敗,並傳回 ShellExecute 錯誤 (ERROR_ELEVATION_REQUIRED)。CreateProcess fails if the requested execution level specified in the manifest does not match the access token and returns an error (ERROR_ELEVATION_REQUIRED) to ShellExecute.
AppCompatAppCompat AppCompat 資料庫會將資訊儲存在應用程式的應用程式的相容性修正項目。The AppCompat database stores information in the application compatibility fix entries for an application.
融合Fusion 融合資料庫儲存的應用程式資訊清單描述應用程式的資訊。The Fusion database stores information from application manifests that describe the applications. 若要新增新的要求的執行層級欄位更新資訊清單結構描述。The manifest schema is updated to add a new requested execution level field.
偵測安裝程式Installer detection 安裝程式偵測偵測設定可執行檔,避免未經使用者的確認和同意執行從安裝。Installer detection detects setup executable files, which helps prevent installations from being run without the user's knowledge and consent.
核心Kernel
模擬Virtualization 模擬技術確保的不相容應用程式執行動作不無訊息方式執行無法執行或失敗的原因無法判斷的方式。Virtualization technology ensures that non-compliant applications do not silently fail to run or fail in a way that the cause cannot be determined. UAC 也會提供檔案及登錄模擬和寫入區域受保護的應用程式的登入。UAC also provides file and registry virtualization and logging for applications that write to protected areas.
系統檔案及登錄File system and registry 每個使用者的檔案及登錄模擬重新導向至 amc 每一台電腦登錄和檔案寫入要求相當於每個使用者的位置。The per-user file and registry virtualization redirects per-computer registry and file write requests to equivalent per-user locations. 朗讀要求會重新導向至模擬每個使用者位置秒第一次,並在每一台電腦的位置。Read requests are redirected to the virtualized per-user location first and to the per-computer location second.

有是從先前的 Windows 版本的 Windows Server 2012 uac 變更。There is a change on Windows Server 2012 UAC from previous Windows versions. 新滑將不會將 UAC 完全關閉。The new slider will never turn UAC completely off. 將新的設定:The new setting will:

  • 請繼續執行的 UAC 服務。Keep the UAC service running.

  • 原因所有提高權限要求車載機起始,而不會顯示在 UAC 提示將 [自動核准系統管理員。Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.

  • 自動拒絕標準使用者的所有提升權限要求。Automatically deny all elevation requests for standard users.

重要

您必須以完全停用 UAC 停用原則使用者 Account 控制項: 以系統管理員核准模式執行的所有管理員In order to fully disable UAC you must disable the policy User Account Control: Run all administrators in Admin Approval Mode.

警告

量身打造的應用程式將無法在 Windows Server 2012 時,UAC 會停用。Tailored Applications will not work on Windows Server 2012 when UAC is disabled.

模擬Virtualization

在企業環境中的系統管理員嘗試安全系統,因為許多行營運 (LOB) 應用程式使用只標準使用者存取權杖設計。Because system administrators in enterprise environments attempt to secure systems, many line-of-business (LOB) applications are designed to use only a standard user access token. 如此一來,IT 系統管理員不需要的 UAC 支援執行 Windows Server 2012 時取代大部分的應用程式。As a result, IT administrators do not need to replace the majority of applications when running Windows Server 2012 with UAC enabled.

Windows Server 2012 包含不相容的 UAC 且需要系統管理員身分存取預付碼才能正常執行的應用程式的檔案和登錄模擬技術。Windows Server 2012 includes file and registry virtualization technology for applications that are not UAC compliant and that require an administrator's access token to run correctly. 模擬確保甚至不相容的 UAC 的應用程式與 Windows Server 2012 相容。Virtualization ensures that even applications that are not UAC compliant are compatible with Windows Server 2012 . 不相容的 UAC 管理應用程式嘗試至受保護的 directory,例如程式的檔案,撰寫時 UAC 提供應用程式嘗試變更資源自己模擬的檢視。When an administrative application that is not UAC compliant attempts to write to a protected directory, such as Program Files, UAC gives the application its own virtualized view of the resource it is attempting to change. 模擬的複製會保留使用者的設定檔中。The virtualized copy is maintained in the user's profile. 這項策略建立不同模擬執行的不相容應用程式的每個使用者的檔案的複本。This strategy creates a separate copy of the virtualized file for each user that runs the non-compliant application.

大部分的應用程式工作正常運作,利用模擬功能。Most application tasks operate properly by using virtualization features. 雖然模擬允許大部分的應用程式執行時,它是短期修正程式,而不是長期方案。Although virtualization allows a majority of applications to run, it is a short-term fix and not a long-term solution. 應用程式開發人員應該修改相容與 Windows Server 2012 商標計畫儘速,而非依賴檔案、 資料夾及登錄模擬他們應用程式。Application developers should modify their applications to be compliant with the Windows Server 2012 logo program as soon as possible, rather than relying on file, folder, and registry virtualization.

模擬不是下列案例中的選項:Virtualization is not in option in the following scenarios:

  1. 模擬不適用於,較高的完整的系統管理存取權杖執行的應用程式。Virtualization does not apply to applications that are elevated and run with a full administrative access token.

  2. 模擬支援只 32 位元應用程式。Virtualization supports only 32-bit applications. 64 位元非提升權限的應用程式只會接收拒絕存取的訊息時使用者想要取得 Windows 物件控點 (的唯一)。Non-elevated 64-bit applications simply receive an access denied message when they attempt to acquire a handle (a unique identifier) to a Windows object. 原生 Windows 64 位元應用程式的相容性的 UAC,以及將資料寫入正確的位置。Native Windows 64-bit applications are required to be compatible with UAC and to write data into the correct locations.

  3. 如果應用程式包括層級屬性要求的執行的應用程式資訊清單模擬已停用應用程式。Virtualization is disabled for an application if the application includes an application manifest with a requested execution level attribute.

要求執行層級Request Execution Levels

應用程式資訊清單會告訴您,並指出應用程式應該要繫結至執行階段共用和私人以並排組件的 XML 檔案。An application manifest is an XML file that describes and identifies the shared and private side-by-side assemblies that an application should bind to at run time. 在 Windows Server 2012,應用程式資訊清單會包含 UAC 應用程式的相容性目的的項目。In Windows Server 2012 , the application manifest includes entries for UAC application compatibility purposes. 管理應用程式在應用程式資訊清單中,項目提示權限存取的使用者存取權杖給使用者。Administrative applications that include an entry in the application manifest prompt the user for permission to access the user's access token. 雖然不應用程式資訊清單中的項目,大部分管理應用程式使用來執行修改而應用程式的相容性的修正。Although they lack an entry in the application manifest, most administrative applications can run without modification by using application compatibility fixes. 應用程式的相容性的修正會資料庫項目,可讓應用程式的不相容的 UAC,來與 Windows Server 2012 正常運作。Application compatibility fixes are database entries that enable applications that are not UAC compliant to work properly with Windows Server 2012 .

所有的 UAC 相容應用程式應該會有的應用程式資訊清單新增要求的執行層級。All UAC-compliant applications should have a requested execution level added to the application manifest. 在應用程式需要系統管理員系統的存取權,然後將應用程式要求執行 「 需要系統管理員 」 的層級確保系統辨識管理應用程式與程式,而且執行所需的權限提高步驟。If the application requires administrative access to the system, then marking the application with a requested execution level of "require administrator" ensures that the system identifies this program as an administrative application and performs the necessary elevation steps. 要求的執行層級指定的應用程式所需的權限。Requested execution levels specify the privileges required for an application.

安裝程式偵測技術Installer Detection Technology

安裝程式是設計用來部署軟體的應用程式。Installation programs are applications designed to deploy software. 大部分的安裝程式寫入系統目錄和登錄鍵。Most installation programs write to system directories and registry keys. 這些受保護的系統位置的通常只是由系統管理員可以在安裝程式偵測技術,這表示您的使用者標準不能安裝應用程式不足存取寫入。These protected system locations are typically writeable only by an administrator in Installer detection technology, which means that standard users do not have sufficient access to install programs. Windows Server 2012 啟發偵測到安裝程式與要求的認證管理員或的系統管理員使用者從 \ [核准才能執行的存取權限。Windows Server 2012 heuristically detects installation programs and requests administrator credentials or approval from the administrator user in order to run with access privileges. Windows Server 2012 啟發也會偵測更新及解除安裝應用程式的程式。Windows Server 2012 also heuristically detects updates and programs that uninstall applications. UAC 的設計目的是無法安裝未經使用者同意正在執行的同意因為安裝程式寫入登錄和檔案系統的受保護的區域。One of the design goals of UAC is to prevent installations from being run without the user's knowledge and consent because installation programs write to protected areas of the file system and registry.

安裝程式偵測功能僅適用於:Installer detection only applies to:

  • 32 位元可執行檔。32-bit executable files.

  • 應用程式,而不需要執行要求層級的屬性。Applications without a requested execution level attribute.

  • 執行一般的使用者與支援的 UAC 互動式處理程序。Interactive processes running as a standard user with UAC enabled.

建立 32 位元處理程序之前,下列屬性會檢查以判斷它是安裝程式:Before a 32-bit process is created, the following attributes are checked to determine whether it is an installer:

  • 檔案名稱包含關鍵字,例如 「 安裝,「 「 設定 」 或 「 更新 」。The file name includes keywords such as "install," "setup," or "update."

  • 版本資源欄位包含下列關鍵字: 廠商、 公司名稱、 Product 名稱、 描述檔案、 原始檔名、 內部名稱和匯出名稱。Versioning Resource fields contain the following keywords: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.

  • 關鍵字以並排資訊清單中的 embedded 的可執行檔中。Keywords in the side-by-side manifest are embedded in the executable file.

  • 關鍵字特定 StringTable 項目中的可執行檔的連結。Keywords in specific StringTable entries are linked in the executable file.

  • 主要屬性資源指令碼資料中連結的可執行檔中。Key attributes in the resource script data are linked in the executable file.

  • 有目標的位元組序列的可執行檔中。There are targeted sequences of bytes within the executable file.

注意

關鍵字和位元組序列的已從一般的各種不同的安裝程式技術觀察到的特性。The keywords and sequences of bytes were derived from common characteristics observed from various installer technologies.

注意

使用者 Account 控制項: 偵測安裝應用程式,並提示必須安裝程式來偵測安裝程式的偵測功能的權限提高原則設定的。The User Account Control: Detect application installations and prompt for elevation policy setting must be enabled for installer detection to detect installation programs. 此設定預設會讓和可以在本機使用設定本機安全性原則嵌入式管理單元 (Secpol.msc) 或群組原則 (Gpedit.msc) 設定針對網域、 滑鼠或特定的群組。This setting is enabled by default and can be configured locally by using the Local Security Policy snap-in (Secpol.msc) or configured for the domain, OU, or specific groups by Group Policy (Gpedit.msc).