寻找关于“正确"文档的文档.在Windows 7上安装应用程序的方法 [英] Looking for documentation on the "right" way to install apps on Windows 7
问题描述
我正在使用一些旧应用程序(10-15岁),并且正在寻求有关在Windows 7上安装和运行它们(以及任何用户应用程序)的正确"方法的指南,而无需完整的管理员权限
I'm working with some legacy applications (10-15 years old), and am trying to find guidance on the "right" way to install and run them (and any user application) on Windows 7 without requiring full Admin privileges.
换句话说,应将可执行文件/只读文件放到哪里,将用户数据/读写文件放到哪里,将注册表项放到哪里,以避免在两次访问期间UAC和Windows 7文件/注册表虚拟化出现问题安装并在运行时.
In other words, where executable/read-only should files go, where user-data/read-write should files go, where registry entries should go, to avoid issues with the UAC and Windows 7 file/registry virtualization during both installation and at run-time.
我似乎记得多年前有关此主题的Microsoft白皮书,但是现在找不到任何相关信息.我已经在用户端找到了信息(如何通过兼容性调整使遗留应用程序在Windows 7上运行),而在开发人员方面却没有找到信息(如何创建/安装应用程序以在Windows 7本机上很好地运行).
I seem to remember, years ago, a Microsoft white paper on this subject, but am unable to find any relevent information now. I have found information on the user side (how to get legacy applications to run on Windows 7 via compatibility tweaks), but none on the developer side (how to create/install applications to play nicely on Windows 7 natively).
任何指向此类信息的指针将不胜感激.谢谢.
Any pointers to such information would be most appreciated. Thanks.
马克
推荐答案
您正在考虑
用户应保持一致且
默认情况下的安全体验
文件的安装位置,而
维护选择安装
申请到他们所处的位置
选择.也有必要存放
正确的应用程序数据
允许几个人去的位置
使用同一台计算机而不
破坏或覆盖彼此的数据和设置. Users should have a consistent and
secure experience with the default
installation location of files, while
maintaining the option to install an
application to the location they
choose. It is also necessary to store
application data in the correct
location to allow several people to
use the same computer without
corrupting or overwriting each other's data and settings. Windows提供
文件系统中的特定位置
存储程序和软件
组件,共享的应用程序数据,
和特定于
用户: Windows provides
specific locations in the file system
to store programs and software
components, shared application data,
and application data specific to a
user: [16] %ProgramFiles%(分别用于本机32位和64位应用程序)和%ProgramFiles(x86)%(对于在x64上运行的32位应用程序) [16] %ProgramFiles% for native 32-bit and 64-bit applications, and %ProgramFiles(x86)% for 32-bit applications running on x64 respectively 必须在计算机上的用户之间共享的所有应用程序数据都应存储在ProgramData中 All application data that must be shared among users on the computer should be stored within ProgramData 特定于用户的所有应用程序数据,并且不与计算机的其他用户共享的所有应用程序数据,必须存储在Users \\ AppData All application data exclusive to a specific user and not to be shared with other users of the computer must be stored in Users\\AppData 切勿直接写入"Windows"目录和/或子目录.使用正确的方法来安装文件,例如字体或驱动程序 Never write directly to the "Windows" directory and or subdirectories. Use the correct methods for installing files, such as fonts or drivers 在按机器"安装中,必须在首次运行时而不是在安装过程中写入用户数据.这是因为在安装时没有正确的用户位置来存储数据.安装后,应用程序尝试在计算机级别修改默认关联行为将失败.相反,必须在每个用户级别声明默认值,以防止多个用户覆盖彼此的默认值. In "per-machine" installations, user data must be written at first run and not during the installation. This is because there is no correct user location to store data at time of installation. Attempts by an application to modify default association behaviors at a machine level after installation will be unsuccessful. Instead, defaults must be claimed on a per-user level, which prevents multiple users from overwriting each other's defaults. 接下来的事实是,您不应将其写入需要管理权限的任何位置. Next is that fact that you should not be writing to any location that requires administrative permissions. 注意:您只需在Windows 2000或Windows XP上以标准用户身份运行即可(只需Windows 2000徽标要求)即可测试所有这些功能. Note: You can test all of this on a Windows 2000 or Windows XP simply by (as Windows 2000 Logo Requirements required) running as a standard user. 由于大多数应用程序都忽略了徽标要求,并且在使用标准用户权限运行时可能会失败,因此Windows Vista包括通过虚拟化对受保护位置的写入来保持这些错误应用程序的能力-而不是使它们失败. Since most applications ignored the logo requirements, and would fail when run with standard user privileges, Windows Vista included the ability to keep these buggy applications limping along by virtualizing writes to protected locations - rather than having them fail. 您可以通过将应用程序显示为 RunAs Invoker 来退出兼容的hack: You can opt out of this compatibly hack by manifesting your application to RunAs Invoker: 徽标准则讨论了UAC和对某些位置的写入的虚拟化: The logo guidelines talk about UAC and virtualization of writes to certain locations: 某些Windows应用程序在
管理员的安全上下文
帐户,并且许多要求过多
用户权限和Windows特权.
控制对资源的访问
使用户可以控制
他们的系统针对不需要的20
变化.最重要的规则
控制对资源的访问是为了
提供最少的访问量
所需的标准用户上下文"
用户执行其必要的操作
任务.遵循UAC准则
为应用程序提供
必要时具有必要的权限,
无需不断离开系统
面临安全风险. Some Windows applications run in the
security context of an administrator
account, and many require excessive
user rights and Windows privileges.
Controlling access to resources
enables users to be in control of
their systems against unwanted 20
changes. The most important rule for
controlling access to resources is to
provide the least amount of access
"standard user context" required for a
user to perform his or her necessary
tasks. Following UAC guidelines
provides applications with the
necessary permissions when needed,
without leaving the system constantly
exposed to security risks. 大多数应用程序不需要
运行时的管理员权限,
并且应该可以很好地运行
标准用户. Windows应用程序
必须有清单21(嵌入或
外部22)定义了他们的
执行级别并告诉OS什么
应用程序所需的特权
为了运行. Most applications do not require
administrator privileges at run time,
and should be just fine running as a
standard-user. Windows applications
must have a manifest 21 (embedded or
external 22 ) that defines their
execution levels and tells the OS what
privileges the application requires in
order to run. 例如 For example, 应用程序的主进程必须以标准用户身份运行
(asInvoker).任何行政
功能必须移到单独的位置
与管理一起运行的过程
特权. The main process of the application must be run as a standard user
(asInvoker). Any administrative
features must be moved into a separate
process that runs with administrative
privileges. 运行主程序的应用程序需要豁免
具有提升特权的进程23
(requireAdministrator或
最高) A waiver is required for applications that run their main
process 23 with elevated privileges
(requireAdministrator or
highestAvailable) 豁免将被视为
以下情况: Waivers will be considered for the
following scenarios: 或 然后是高dpi.十年来Windows Logo的要求要求应用程序对高(即非96dpi)显示做出适当的响应.由于如果用户确实使用大字体",大多数应用程序都会崩溃,因此Microsoft放弃了,并且像文件系统虚拟化一样,它们也对dpi设置进行了虚拟化.除非应用程序选择退出兼容性攻击:否则Windows会对您撒谎,并告诉您您的分辨率为96dpi. Then there was high-dpi. The Windows Logo requirements for a decade has required applications to respond appropriately to high (i.e. non-96dpi) displays. Since most applications break horribly if the user does use "Large Fonts", Microsoft gave up and, like virtualization of the file system, they also virtualize the dpi setting. Unless an application opts out of the compatibility hack: Windows will lie to you and tell you that you are 96dpi. 只有在正确编写应用后,才应在应用清单中添加一个条目以禁用高dpi缩放: Only once you've written your app properly should you add an entry to your application's manifest to disable high-dpi scaling: 无论如何,都在这里, Windows 7客户端软件徽标计划. Anyway, it's all there, the Windows 7 Client Software Logo Program. 注意:如果您15年前(1995年)正在编写Windows应用程序,那么我假设您是在为以下内容编写: Note: If you were writing a Windows application 15 years ago (1995) i assume you were writing for: 而不是: 重要的是要注意Windows NT被设计为安全的操作系统.您不得随意做任何您想做的事.这是与以下内容的根本区别: It's important to note that Windows NT was designed as a secure operating system. You are not allowed to arbitrarily do anything you want. This is a fundamental difference from: 没有安全性. 写入Windows和Program Files文件夹需要管理员权限.这是因为通常只有管理员才能安装应用程序.但是普通用户无法修改或损坏已安装的程序-或Windows本身的安装,例如: Writes to the Windows and Program Files folder requires administrator permission. This is because normally only administrators should install applications. But it regular users cannot modify, or damage, installed programs - or the installation of Windows itself, e.g.: 这篇关于寻找关于“正确"文档的文档.在Windows 7上安装应用程序的方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
...
<!-- Disable file and registry virtualization -->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
...
</assembly>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
...
<!-- We are high-dpi aware on Windows Vista -->
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3">
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
...
</assembly>