Expect a Secure Desktop

Windows 2000 provides a secure operating environment. This means that access controls can be placed on various system resources to restrict users from performing certain operations. These issues come up most often when writing data to the file system or registry. Security is enforced by the operating system at a low level and typically cannot be circumvented by applications.

The bottom line is that an administrator can restrict access to files, folders, and the registry using Access Control Lists (ACLs), and your application needs to be written with this in mind. The following sections contain a few simple guidelines that will enable your application to work properly in a secure environment. The most important things to remember are:

• Classify and store data correctly. It is vital in any managed system that applications store their data correctly. You should ensure that your program writes its data (such as user preferences, program state, temp files etc.) to the appropriate location.
• Open files and registry keys with minimum access required. Windows 2000 introduces new security settings that make it possible for system administrators to restrict access to most of a machine. You can avoid unnecessary errors in your application by only opening registry keys and files with the minimum access you need to get the job done.
• Handle access-denied errors and degrade gracefully. “Out of memory or disk space” messages are misleading and frustrating to users that know they have lots of both. Many times the application mistakenly assumed it had sufficient access to the registry or file system without actually checking beforehand. Other times, the level of error handling is simply deficient to report and handle the event that actually occurred.
• Support Encrypted Files. Windows 2000 introduces the Encrypted File System (EFS) as a way to protect the privacy of user data. Users or administrators can selectively encrypt files and folders on NTFS 5 file systems. The encryption/decryption is totally transparent to the user, which means that your program needs to be smart in dealing with files.

Desktop security is an all-pervasive aspect of the Windows 2000 platform. At some time your application will encounter Windows security, it’s just a fact of life. Code defensively, anticipate any security implications and devise solutions.