Home / My Disclaimer / Who am I? / Search... / Sign in

// Windows

Windows Live and Windows 8

by Steve Syfuhs / September 12, 2011 04:00 PM

So. I guess I wasn't the only one with this idea: http://www.syfuhs.net/post/2011/02/28/making-the-internet-single-sign-on-capable.aspx

Sweet. Smile

Announced earlier today at the Build conference, Microsoft is creating a tighter integration between Windows 8 and Windows Live.  More details to come when I download the bits later tonight.

Making the Internet Single Sign On Capable

by Steve Syfuhs / February 28, 2011 04:00 PM

Every couple of weeks I start up Autoruns to see what new stuff has added itself to Windows startup and what not (screw you Adobe – you as a software company make me want to swear endlessly).  Anyway, a few months ago around the time the latest version of Windows Live Messenger and it’s suite RTM’ed I poked around to see if anything new was added.  Turns out there was:

image

A new credential provider was added!

image

Interesting.

Not only that, it turns out a couple Winsock providers were added too:

image

I started poking around the DLL’s and noticed that they don’t do much.  Apparently you can use smart cards for WLID authentication.  I suspect that’s what the credential provider and associated Winsock Provider is for, as well as part of WLID’s sign-on helper so credentials can be managed via the Credential Manager:

image

Ah well, nothing too exciting here.

Skip a few months and something occurred to me.  Microsoft was able to solve part of the Claims puzzle.  How do you bridge the gap between desktop application identities and web application identities?  They did part of what CardSpace was unable to do because CardSpace as a whole didn’t really solve a problem people were facing.  The problem Windows Live ran into was how do you share credentials between desktop and web applications without constantly asking for the credentials?  I.e. how do you do Single Sign On…

This got me thinking.

What if I wanted to step this up a smidge and instead of logging into Windows Live Messenger with my credentials, why not log into Windows with my Windows Live Credentials?

Yes, Windows.  I want to change this:

97053_windows7loginscreen

Question: What would this solve?

Answer: At present, nothing ground-breakingly new.  For the sake of argument, lets look at how this would be done, and I’ll (hopefully) get to my point.

First off, we need to know how to modify the Windows logon screen.  In older versions of Windows (versions older than 2003 R2) you had to do a lot of heavy lifting to make any changes to the screen.  You had to write your own GINA which involved essentially creating your own UI.  Talk about painful.

With the introduction of Vista, Microsoft changed the game when it came to custom credentials.  Their reasoning was simple: they didn’t want you to muck up the basic look and feel.  You had to follow their guidelines.

As a result we are left with something along the lines of these controls to play with:

image

The logon screen is now controlled by Credential Providers instead of the GINA.  There are two providers built into Windows by default, one for Kerberos or NTLM authentication, and one for Smart Card authentication.

The architecture looks like:

ff404303_ce20dc63-b1a8-42c4-a8a2-955f4de7e5b5(en-us,WS_10)

When the Secure Attention Sequence (CTRL + ALT + DEL / SAS) is called, Winlogon switches to a different desktop and instantiates a new instance of LogonUI.exe.  LogonUI enumerates all the credential provider DLL’s from registry and displays their controls on the desktop.

When I enter in my credentials they are serialized and supposed to be passed to the LSA.

Once the LSA has these credentials it can then do the authentication.

I say “supposed” to be passed to the LSA because there are two frames of thought here.  The first frame is to handle authentication within the Credential Provider itself.  This can cause problems later on down the road.  I’ll explain why in the second frame.

The second frame of thought is when you need to use custom credentials, need to do some funky authentication, and then save save the associated identity token somewhere.  This becomes important when other applications need your identity.

You can accomplish this via what’s called an Authentication Package.

IC200673

When a custom authentication package is created, it has to be designed in such a way that applications cannot access stored credentials directly.  The applications must go through the pre-canned MSV1_0 package to receive a token.

Earlier when I asked about using Windows Live for authentication we would need to develop two things: a Credential Provider, and a custom Authentication Package.

The logon process would work something like this:

  • Select Live ID Credential Provider
  • Type in Live ID and Password and submit
  • Credential Provider passes serialized credential structure to Winlogon
  • Winlogon passes credentials to LSA
  • LSA passes credential to Custom Authentication Package
  • Package connects to Live ID STS and requests a token with given credentials
  • Token is returned
  • Authentication Package validated token and saves it to local cache
  • Package returns authentication result back up call stack to Winlogon
  • Winlogon initializes user’s profile and desktop

I asked before: What would this solve?

This isn’t really a ground-breaking idea.  I’ve just described a domain environment similar to what half a million companies have already done with Active Directory, except the credential store is Live ID.

On it’s own we’ve just simplified the authentication process for every home user out there.  No more disparate accounts across multiple machines.  Passwords are in sync, and identity information is always up to date.

What if Live ID sets up a new service that lets you create access groups for things like home and friends and you can create file shares as appropriate.  Then you can extend the Windows 7 Homegroup sharing based on those access groups.

Wait, they already have something like that with Skydrive (sans Homegroup stuff anyway).

Maybe they want to use a different token service.

Imagine if the user was able to select the “Federated User” credential provider that would give you a drop down box listing a few Security Token Services.  Azure ACS can hook you up.

Imagine if one of these STS’s was something everyone used *cough* Facebook *cough*.

Imagine the STS was one that a lot of sites on the internet use *cough* Facebook *cough*.

Imagine if the associated protocol used by the STS and websites were modified slightly to add a custom set of headers sent to the browser.  Maybe it looked like this:

Relying-Party-Accepting-Token-Type: urn:sometokentype:www.somests.com
Relying-Party-Token-Reply-Url: https://login.myawesomesite.com/auth

Finally, imagine if your browser was smart enough to intercept those headers and look up the user’s token, check if they matched the header ”Relying-Party-Accepting-Token-Type” and then POST the token to the given reply URL.

Hmm.  We’ve just made the internet SSO capable.

Now to just move everyone’s cheese to get this done.

Patent Pending. Winking smile

Data as a Service and the Applications that consume it

by Steve Syfuhs / July 30, 2010 04:00 PM

Over the past few months I have seen quite a few really cool technologies released or announced, and I believe they have a very real potential in many markets.  A lot of companies that exist outside the realm of Software Development, rarely have the opportunity to use such technologies.

Take for instance the company I work for: Woodbine Entertainment Group.  We have a few different businesses, but as a whole our market is Horse Racing.  Our business is not software development.  We don’t always get the chance to play with or use some of the new technologies released to the market.  I thought this would be a perfect opportunity to see what it will take to develop a new product using only new technologies.

Our core customer pretty much wants Race information.  We have proof of this by the mere fact that on our two websites, HorsePlayer Interactive and our main site, we have dedicated applications for viewing Races.  So lets build a third race browser.  Since we already have a way of viewing races from your computer, lets build it on the new Windows Phone 7.

The Phone – The application

This seems fairly straightforward.  We will essentially be building a Silverlight application.  Let’s take a look at what we need to do (in no particular order):

  1. Design the interface – Microsoft has loads of guidance on following with the Metro design.  In future posts I will talk about possible designs.
  2. Build the interface – XAML and C#.  Gotta love it.
  3. Build the Business Logic that drives the views – I would prefer to stay away from this, suffice to say I’m not entirely sure how proprietary this information is
  4. Build the Data Layer – Ah, the fun part.  How do you get the data from our internal servers onto the phone?  Easy, OData!

The Data

We have a massive database of all the Races on all the tracks that you can wager on through our systems.  The data updates every few seconds relative to changes from the tracks for things like cancellations or runner odds.  How do we push this data to the outside world for the phone to consume?  We create a WCF Data Service:

  1. Create an Entities Model of the Database
  2. Create Data Service
  3. Add Entity reference to Data Service (See code below)
 
    public class RaceBrowserData : DataService
{ public static void InitializeService(DataServiceConfiguration config) { if (config
== null) throw new ArgumentNullException("config"); config.UseVerboseErrors
= true; config.SetEntitySetAccessRule("*", EntitySetRights.AllRead); //config.SetEntitySetPageSize("*",
25); config.DataServiceBehavior.MaxProtocolVersion = DataServiceProtocolVersion.V2;
} } 

That’s actually all there is to it for the data.

The Authentication

The what?  Chances are the business will want to limit application access to only those who have accounts with us.  Especially so if we did something like add in the ability to place a wager on that race.  There are lots of ways to lock this down, but the simplest approach in this instance is to use a Secure Token Service.  I say this because we already have a user store and STS, and duplication of effort is wasted effort.  We create a STS Relying Party (The application that connects to the STS):

  1. Go to STS and get Federation Metadata.  It’s an XML document that tells relying parties what you can do with it.  In this case, we want to authenticate and get available Roles.  This is referred to as a Claim.  The role returned is a claim as defined by the STS.  Somewhat inaccurately, we would do this:
    1. App: Hello! I want these Claims for this user: “User Roles”.  I am now going to redirect to you.
    2. STS: I see you want these claims, very well.  Give me your username and password.
    3. STS: Okay, the user passed.  Here are the claims requested.  I am going to POST them back to you.
    4. App: Okay, back to our own processes.
  2. Once we have the Metadata, we add the STS as a reference to the Application, and call a web service to pass the credentials.
  3. If the credentials are accepted, we get returned the claims we want, which in this case would be available roles.
  4. If the user has the role to view races, we go into the Race view.  (All users would have this role, but adding Roles is a good thing if we needed to distinguish between wagering and non-wagering accounts)

One thing I didn’t mention is how we lock down the Data Service.  That’s a bit more tricky, and more suited for another post on the actual Data Layer itself.

So far we have laid the ground work for the development of a Race Browser application for the Windows Phone 7 using the Entity Framework and WCF Data Services, as well as discussed the use of the Windows Identity Foundation for authentication against an STS.

With any luck (and permission), more to follow.

ADFS 2.0 Windows Service Not Starting on Server 2008

by Steve Syfuhs / July 22, 2010 04:00 PM

I’ve been working on getting a testable ADFS environment setup for evaluation and development.  Basically, because of laziness (and timeliness), I’m using Windows Virtual PC to host Server 2008 guests for testing.  I didn’t have the time to setup a fully working x64 environment, so I couldn’t go to R2.

One of the issues I’ve been running into is that the Windows Service won’t start properly.  Or rather, at all.  It’s running into a timing issue when running as Network Service, as its timing out while waiting for a network connection.  More Googling with Bing returned the fix for me from here.

In the file [C:\Program Files\Active Directory Federation Services 2.0\Microsoft.IdentityServer.Servicehost.exe.config] add this entry to it:

<runtime>
    <generatePublisherEvidence enabled="false"/> 
</runtime>

Other places have noted that this isn’t a problem on R2.  I haven’t tested this yet, so I don’t know if it’s true.

Putting the I Back into Infrastructure

by Steve Syfuhs / February 07, 2010 04:00 PM

Tonight at the IT Pro Toronto we did a pre-launch of the Infrastructure 2010 project.  Have you ever been in a position where you just don’t have a clear grasp of a concept or design?  It’s not fun.  As a result, CIPS Toronto, IT Pro Toronto, and TorontoSQL banded together to create a massive event to help make things a little more clear.  To give you a clearer understanding of how corporate networks work.  Perhaps to explain why some decisions are made, and why in retrospect, some are bad decisions.

Infrastructure 2010 is about teaching you everything there is to know about a state-of-the-art, best practices compliant, corporate intranet.  We will build, from the ground up, an entire infrastructure.  We will teach you how to build, from the ground up, an entire infrastructure.

Sessions are minimum 300 level, and content-rich.  Therefore:

i2010Proud[1]

Well, maybe.  (P.S. if you work for Microsoft, pretend you didn’t see that picture)

A Thought on Windows Mobile 7

by Steve Syfuhs / January 03, 2010 04:00 PM

The other day while I was sitting in the airport in Washington, D.C., I had a random thought.  When the ZuneHD first hit the shelves people were talking about how Mobile 7 might borrow the look and feel.  It’s sleek, easy to use/easy to understand, and is very simple.  So I started thinking about what such an interface might look like.  This is something I did quickly.  Nothing was provided by Microsoft.  Nobody has said anything about Mobile 7 design (at least, not at that point, but nobody cared anyway).  This is simply something I thought the interface might look like.

homeScreen

Some things to notice are the list-like menu’s, and the bing search at the bottom.  Blah-blah-blah anti-trust, the point is search is easily accessible, not necessarily just to Microsoft’s own search engine.  It could be Google’s search too.  Also, there is the location-specific information at the top showing the current weather.  Also mimicking the Windows 7 interface is the idea of pinning things to the home screen such as the Internet Explorer application.

There are some things that should probably change.  It feels a little cluttered at the bottom showing current messages and the appointments color is iffy.  There may not be any need for the middle separation either.

Just a thought…

A Trip to the Microsoft Store

by Steve Syfuhs / January 03, 2010 04:00 PM

While I was in California last week I decided to visit the new Microsoft Store in Mission Viejo.  While there, the managers graciously allowed me to take pictures of the store.  Frankly, they probably thought it was a little creepy.  But nevertheless, they said go for it, and I did.

Now, Microsoft did one hell of a job making it known that the store existed while I was at the mall.  While I was grabbing coffee in the food court, these stickers were on each table:

DSC00403

Following that, as you head towards the store you see two large LCD screens in the centre of the walkway.  On one side you have a Rock Band - Beatles installation running XBox 360 over HD.

DSC00401

On the other side was a promotional video.

DSC00400

Microsoft designed their store quite well.  Large floor to ceiling windows for the storefront, with an inviting light wood flooring to create a very warm atmosphere.  While there were hundreds of people in the store, it was very welcoming.

DSC00394

Along the three walls (because the 4th is glass) is a breathtaking video panorama.  I’m not quite sure how to really describe it.  It’s as if the entire wall was a single display, running in full HD.

DSC00420

DSC00415

DSC00412

In the center of the store is a collection of laptops and assorted electronics like the Zune’s.  There’s probably a logical layout, perhaps by price, or performance.  I wasn’t paying too much attention to that unfortunately.

DSC00395

At the center-back of the store is Microsoft’s Answers desk.  Much like the Apple Genius Bar, except not so arrogant.  Yes, I said it.  Ironically, the display for customer names looked very iPod-ish here, and in the Apple Store, the equivalent display looked like XP Media Center.  Go figure.

DSC00411

One of the things I couldn’t quite believe was the XBox 360 being displayed overlay the video panorama video.  The video engine for that must have been extremely powerful.  That had to be a 1080P display for the XBox.  As a developer, I was astonished (and wondered where I could get that app!)  A few of the employee’s mentioned that it was driven by Windows 7.  Pretty freakin’ sweet.

DSC00399

Also in the store were a couple Surfaces!  This was the first time I actually had the opportunity to play with one.  They are pretty cool.

DSC00414

DSC00397

And that in a few pictures was my trip to the Microsoft store.  There was also a couple pamphlets in store describing training sessions and schedules for quick how-to’s in Windows 7 that I walked away with.

Microsoft did well.

Deleting Temporary Internet Files from the Command Line

by Steve Syfuhs / November 22, 2009 04:00 PM

A quicky but a goody.  Sometimes you just need a quick way to delete temp files from IE.  In most cases for me its when I’m writing a webapp, so I’ve stuck this in the build properties:

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 2
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 1
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 16
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 32
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 255
RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 4351

It doesn’t require elevated permissions, and has been tested on Vista and Windows 7.  Each command deletes the different types of data: temp files, stored form info, cookies etc.  Enjoy.

Ultimate Windows 7 Keyboard Shortcuts List

by Steve Syfuhs / October 20, 2009 04:00 PM

Got this list in an email earlier today.  Not sure the original source, as it was a copy/paste job, but holy crap what a list.  If someone can point out where it originated I will attribute it as necessary.

Ease of Access keyboard shortcuts

  • Right Shift for eight seconds: Turn Filter Keys on and off
  • Left Alt + Left Shift + PrtScn (or PrtScn): Turn High Contrast on or off
  • Left Alt + Left Shift + Num Lock: Turn Mouse Keys on or off
  • Shift five times: Turn Sticky Keys on or off
  • Num Lock for five seconds: Turn Toggle Keys on or off
  • Windows logo key + U: Open the Ease of Access Center

General keyboard shortcuts

  • F1: Display Help
  • Ctrl + C (or Ctrl + Insert): Copy the selected item
  • Ctrl + X: Cut the selected item
  • Ctrl + V (or Shift + Insert): Paste the selected item
  • Ctrl + Z: Undo an action
  • Ctrl + Y: Redo an action
  • Delete (or Ctrl + D): Delete the selected item and move it to the Recycle Bin
  • Shift + Delete: Delete the selected item without moving it to the Recycle Bin first
  • F2: Rename the selected item
  • Ctrl + Right Arrow: Move the cursor to the beginning of the next word
  • Ctrl + Left Arrow: Move the cursor to the beginning of the previous word
  • Ctrl + Down Arrow: Move the cursor to the beginning of the next paragraph
  • Ctrl + Up Arrow: Move the cursor to the beginning of the previous paragraph
  • Ctrl + Shift with an arrow key: Select a block of text
  • Shift + any arrow key: Select more than one item in a window or on the desktop, or select text within a document
  • Ctrl + any arrow key + Spacebar: Select multiple individual items in a window or on the desktop
  • Ctrl + A: Select all items in a document or window
  • F3: Search for a file or folder
  • Alt + Enter: Display properties for the selected item
  • Alt + F4: Close the active item, or exit the active program
  • Alt + Spacebar: Open the shortcut menu for the active window
  • Ctrl + F4: Close the active document (in programs that allow you to have multiple documents open simultaneously)
  • Alt + Tab: Switch between open items
  • Ctrl + Alt + Tab: Use the arrow keys to switch between open items
  • Ctrl + Mouse scroll wheel: Change the size of icons on the desktop
  • Windows logo key + Tab: Cycle through programs on the taskbar by using Aero Flip 3-D
  • Ctrl+ Windows logo key + Tab: Use the arrow keys to cycle through programs on the taskbar by using Aero Flip 3-D
  • Alt + Esc: Cycle through items in the order in which they were opened
  • F6: Cycle through screen elements in a window or on the desktop
  • F4: Display the address bar list in Windows Explorer
  • Shift + F10: Display the shortcut menu for the selected item
  • Ctrl + Esc: Open the Start menu
  • Alt + underlined letter: Display the corresponding menu
  • Alt + underlined letter: Perform the menu command (or other underlined command)
  • F10: Activate the menu bar in the active program
  • Right Arrow: Open the next menu to the right, or open a submenu
  • Left Arrow: Open the next menu to the left, or close a submenu
  • F5 (or Ctrl + R): Refresh the active window
  • Alt + Up Arrow: View the folder one level up in Windows Explorer
  • Esc: Cancel the current task
  • Ctrl + Shift + Esc: Open Task Manager
  • Shift when you insert a CD: Prevent the CD from automatically playing
  • Left Alt + Shift: Switch the input language when multiple input languages are enabled
  • Ctrl + ShiftL: Switch the keyboard layout when multiple keyboard layouts are enabled
  • Right or Left Ctrl + Shift: Change the reading direction of text in right-to-left reading languages

Dialog box keyboard shortcuts

  • Ctrl + Tab: Move forward through tabs
  • Ctrl + Shift + Tab: Move back through tabs
  • Tab: Move forward through options
  • Shift + Tab: Move back through options
  • Alt + underlined letter: Perform the command (or select the option) that goes with that letter
  • Enter: Replaces clicking the mouse for many selected commands
  • Spacebar: Select or clear the check box if the active option is a check box
  • Arrow keys: Select a button if the active option is a group of option buttons
  • F1: Display Help
  • F4: Display the items in the active list
  • Backspace: Open a folder one level up if a folder is selected in the Save As or Open dialog box

Windows logo key keyboard shortcuts

  • Windows logo key: Open or close the Start menu.
  • Windows logo key + Pause: Display the System Properties dialog box.
  • Windows logo key + D: Display the desktop.
  • Windows logo key + M: Minimize all windows.
  • Windows logo key + Shift + M: Restore minimized windows to the desktop.
  • Windows logo key + E: Open Computer.
  • Windows logo key + F: Search for a file or folder.
  • Ctrl + Windows logo key + F: Search for computers (if you’re on a network).
  • Windows logo key + L: Lock your computer or switch users.
  • Windows logo key + R: Open the Run dialog box.
  • Windows logo key + T: Cycle through programs on the taskbar.
  • Windows logo key + number: Start the program pinned to the taskbar in the position indicated by the number. If the program is already running, switch to that program.
  • Shift + Windows logo key + number: Start a new instance of the program pinned to the taskbar in the position indicated by the number.
  • Ctrl + Windows logo key + number: Switch to the last active window of the program pinned to the taskbar in the position indicated by the number.
  • Alt + Windows logo key + number: Open the Jump List for the program pinned to the taskbar in the position indicated by the number.
  • Windows logo key + Tab: Cycle through programs on the taskbar by using Aero Flip 3-D.
  • Ctrl+Windows logo key + Tab: Use the arrow keys to cycle through programs on the taskbar by using Aero Flip 3-D.
  • Ctrl+Windows logo key + B: Switch to the program that displayed a message in the notification area.
  • Windows logo key + Spacebar: Preview the desktop.
  • Windows logo key + Up Arrow: Maximize the window.
  • Windows logo key + Left Arrow: Maximize the window to the left side of the screen.
  • Windows logo key + Right Arrow: Maximize the window to the right side of the screen.
  • Windows logo key + Down Arrow: Minimize the window.
  • Windows logo key + Home: Minimize all but the active window.
  • Windows logo key + Shift + Up Arrow: Stretch the window to the top and bottom of the screen.
  • Windows logo key + Shift+ Left Arrow or Right Arrow: Move a window from one monitor to another.
  • Windows logo key + P: Choose a presentation display mode.
  • Windows logo key + G: Cycle through gadgets.
  • Windows logo key + U: Open Ease of Access Center.
  • Windows logo key + X: Open Windows Mobility Center.

Windows Explorer keyboard shortcuts

  • Ctrl + N: Open a new window
  • Ctrl + W: Close the current window
  • Ctrl + Shift + N: Create a new folder
  • End: Display the bottom of the active window
  • Home: Display the top of the active window
  • F11: Maximize or minimize the active window
  • Ctrl + Period (.): Rotate a picture clockwise
  • Ctrl + Comma (,): Rotate a picture counter-clockwise
  • Num Lock + Asterisk (*) on numeric keypad: Display all subfolders under the selected folder
  • Num Lock + Plus Sign (+) on numeric keypad: Display the contents of the selected folder
  • Num Lock + Minus Sign (-) on numeric keypad: Collapse the selected folder
  • Left Arrow: Collapse the current selection (if it’s expanded), or select the parent folder
  • Alt + Enter: Open the Properties dialog box for the selected item
  • Alt + P: Display the preview pane
  • Alt + Left Arrow: View the previous folder
  • Backspace: View the previous folder
  • Right Arrow: Display the current selection (if it’s collapsed), or select the first subfolder
  • Alt + Right Arrow: View the next folder
  • Alt + Up Arrow: View the parent folder
  • Ctrl + Shift + E: Display all folders above the selected folder
  • Ctrl + Mouse scroll wheel: Change the size and appearance of file and folder icons
  • Alt + D: Select the address bar
  • Ctrl + E: Select the search box
  • Ctrl + F: Select the search box

Taskbar keyboard shortcuts

  • Shift + Click on a taskbar button: Open a program or quickly open another instance of a program
  • Ctrl + Shift + Click on a taskbar button: Open a program as an administrator
  • Shift + Right-click on a taskbar button: Show the window menu for the program
  • Shift + Right-click on a grouped taskbar button: Show the window menu for the group
  • Ctrl + Click on a grouped taskbar button: Cycle through the windows of the group

Magnifier keyboard shortcuts

  • Windows logo key + Plus Sign or Minus Sign: Zoom in or out
  • Ctrl + Alt + Spacebar: Preview the desktop in full-screen mode
  • Ctrl + Alt + F: Switch to full-screen mode
  • Ctrl + Alt + L: Switch to lens mode
  • Ctrl + Alt + D: Switch to docked mode
  • Ctrl + Alt + I: Invert colors
  • Ctrl + Alt + arrow keys: Pan in the direction of the arrow keys
  • Ctrl + Alt + R: Resize the lens
  • Windows logo key + Esc: Exit Magnifier

Remote Desktop Connection keyboard shortcuts

  • Alt + Page Up: Move between programs from left to right.
  • Alt + Page Down: Move between programs from right to left.
  • Alt + Insert: Cycle through programs in the order that they were started in.
  • Alt + Home: Display the Start menu.
  • Ctrl + Alt + Break: Switch between a window and full screen.
  • Ctrl + Alt + End: Display the Windows Security dialog box.
  • Alt + Delete: Display the system menu.
  • Ctrl + Alt + Minus Sign (-) on the numeric keypad: Place a copy of the active window, within the client, on the Terminal server clipboard (provides the same functionality as pressing Alt + PrtScn on a local computer).
  • Ctrl + Alt + Plus Sign (+) on the numeric keypad: Place a copy of the entire client window area on the Terminal server clipboard (provides the same functionality as pressing PrtScn on a local computer).
  • Ctrl + Alt + Right Arrow: Tab out of the Remote Desktop controls to a control in the host program (for example, a button or a text box). Useful when the Remote Desktop controls are embedded in another (host) program.
  • Ctrl + Alt + Left Arrow: Tab out of the Remote Desktop controls to a control in the host program (for example, a button or a text box). Useful when the Remote Desktop controls are embedded in another (host) program.

Paint keyboard shortcuts

  • Ctrl + N: Create a new picture
  • Ctrl + O: Open an existing picture
  • Ctrl + S: Save changes to a picture
  • F12: Save the picture as a new file
  • Ctrl + P: Print a picture
  • Alt + F4: Close a picture and its Paint window
  • Ctrl + Z: Undo a change
  • Ctrl + Y: Redo a change
  • Ctrl + A: Select the entire picture
  • Ctrl + X: Cut a selection
  • Ctrl + C: Copy a selection to the Clipboard
  • Ctrl + V: Paste a selection from the Clipboard
  • Right Arrow: Move the selection or active shape right by one pixel
  • Left Arrow: Move the selection or active shape left by one pixel
  • Down Arrow: Move the selection or active shape down by one pixel
  • Up Arrow: Move the selection or active shape up by one pixel
  • Esc: Cancel a selection
  • Delete: Delete a selection
  • Ctrl + B: Bold selected text
  • Ctrl + +: Increase the width of a brush, line, or shape outline by one pixel
  • Ctrl + -: Decrease the width of a brush, line, or shape outline by one pixel
  • Ctrl + I: Italicize selected text
  • Ctrl + U: Underline selected text
  • Ctrl + E: Open the Properties dialog box
  • Ctrl + W: Open the Resize and Skew dialog box
  • Ctrl + Page Up: Zoom in
  • Ctrl + Page Down: Zoom out
  • F11: View a picture in full-screen mode
  • Ctrl + R: Show or hide the ruler
  • Ctrl + G: Show or hide gridlines
  • F10 or Alt: Display keytips
  • Shift + F10: Show the current shortcut menu
  • F1: Open Paint Help

WordPad keyboard shortcuts

  • Ctrl + N: Create a new document
  • Ctrl + O: Open an existing document
  • Ctrl + S: Save changes to a document
  • F12: Save the document as a new file
  • Ctrl + P: Print a document
  • Alt + F4: Close WordPad
  • Ctrl + Z: Undo a change
  • Ctrl + Y: Redo a change
  • Ctrl + A: Select the entire document
  • Ctrl + X: Cut a selection
  • Ctrl + C: Copy a selection to the Clipboard
  • Ctrl + V: Paste a selection from the Clipboard
  • Ctrl + B: Make selected text bold
  • Ctrl + I: Italicize selected text
  • Ctrl + U: Underline selected text
  • Ctrl + =: Make selected text subscript
  • Ctrl + Shift + =: Make selected text superscript
  • Ctrl + L: Align text left
  • Ctrl + E Align text center
  • Ctrl + R:: Align text right
  • Ctrl + J: Justify text
  • Ctrl + 1: Set single line spacing
  • Ctrl + 2: Set double line spacing
  • Ctrl + 5: Set line spacing to 1.5
  • Ctrl + Shift + >: Increase the font size
  • Ctrl + Shift + <: Decrease the font size
  • Ctrl + Shift + A: Change characters to all capitals
  • Ctrl + Shift + L: Change the bullet style
  • Ctrl + D: Insert a Microsoft Paint drawing
  • Ctrl + F: Find text in a document
  • F3: Find the next instance of the text in the Find dialog box
  • Ctrl + H: Replace text in a document
  • Ctrl + Left Arrow: Move the cursor one word to the left
  • Ctrl + Right Arrow: Move the cursor one word to the right
  • Ctrl + Up Arrow: Move the cursor to the line above
  • Ctrl + Down Arrow: Move the cursor to the line below
  • Ctrl + Home: Move to the beginning of the document
  • Ctrl + End: Move to the end of the document
  • Ctrl + Page Up: Move up one page
  • Ctrl + Page Down: Move down one page
  • Ctrl + Delete: Delete the next word
  • F10: Display keytips
  • Shift + F10: Show the current shortcut menu
  • F1: Open WordPad Help

Calculator keyboard shortcuts

  • Alt + 1: Switch to Standard mode
  • Alt + 2: Switch to Scientific mode
  • Alt + 3: Switch to Programmer mode
  • Alt + 4: Switch to Statistics mode
  • Ctrl + E: Open date calculations
  • Ctrl + H: Turn calculation history on or off
  • Ctrl + U: Open unit conversion
  • Alt + C: Calculate or solve date calculations and worksheets
  • F1: Open Calculator Help
  • Ctrl + Q: Press the M- button
  • Ctrl + P: Press the M+ button
  • Ctrl + M: Press the MS button
  • Ctrl + R: Press the MR button
  • Ctrl + L: Press the MC button
  • %: Press the % button
  • F9: Press the +/’“ button
  • /: Press the / button
  • *: Press the * button
  • +: Press the + button
  • -: Press the ‘“ button
  • R: Press the 1/x— button
  • @: Press the square root button
  • 0-9: Press the number buttons (0-9)
  • =: Press the = button
  • .: Press the . (decimal point) button
  • Backspace: Press the backspace button
  • Esc: Press the C button
  • Del: Press the CE button
  • Ctrl + Shift + D: Clear the calculation history
  • F2: Edit the calculation history
  • Up Arrow key: Navigate up in the calculation history
  • Down Arrow key: Navigate down in the calculation history
  • Esc: Cancel editing the calculation history
  • Enter: Recalculate the calculation history after editing
  • F3: Select Degrees in Scientific mode
  • F4: Select Radians in Scientific mode
  • F5: Select Grads in Scientific mode
  • I: Press the Inv button in Scientific mode
  • D: Press the Mod button in Scientific mode
  • Ctrl + S: Press the sinh button in Scientific mode
  • Ctrl + O: Press the cosh button in Scientific mode
  • Ctrl + T: Press the tanh button in Scientific mode
  • (: Press the ( button in Scientific mode
  • ): Press the ) button in Scientific mode
  • N: Press the ln button in Scientific mode
  • ;: Press the Int button in Scientific mode
  • S: Press the sin button in Scientific mode
  • O: Press the cos button in Scientific mode
  • T: Press the tan button in Scientific mode
  • M: Press the dms button in Scientific mode
  • P: Press the pi button in Scientific mode
  • V: Press the F-E button in Scientific mode
  • X: Press the Exp button in Scientific mode
  • Q: Press the x^2 button in Scientific mode
  • Y: Press the x^y button in Scientific mode
  • #: Press the x^3 button in Scientific mode
  • L: Press the log button in Scientific mode
  • !: Press the n! button in Scientific mode
  • Ctrl + Y: Press the y√x button in Scientific mode
  • Ctrl + B: Press the 3√x button in Scientific mode
  • Ctrl + G: Press the 10x button in Scientific mode
  • F5: Select Hex in Programmer mode
  • F6: Select Dec in Programmer mode
  • F7: Select Oct in Programmer mode
  • F8: Select Bin in Programmer mode
  • F12: Select Qword in Programmer mode
  • F2: Select Dword in Programmer mode
  • F3: Select Word in Programmer mode
  • F4: Select Byte in Programmer mode
  • K: Press the RoR button in Programmer mode
  • J: Press the RoL button in Programmer mode
  • <: Press the Lsh button in Programmer mode
  • >: Press the Rsh button in Programmer mode
  • %: Press the Mod button in Programmer mode
  • (: Press the ( button in Programmer mode
  • ): Press the ) button in Programmer mode
  • |: Press the Or button in Programmer mode
  • ^: Press the Xor button in Programmer mode
  • ~: Press the Not button in Programmer mode
  • &: Press the And button in Programmer mode
  • A-F: Press the A-F buttons in Programmer mode
  • Spacebar: Toggles the bit value in Programmer mode
  • A: Press the Average button in Statistics mode
  • Ctrl + A: Press the Average Sq button in Statistics mode
  • S: Press the Sum button in Statistics mode
  • Ctrl + S: Press the Sum Sq button in Statistics mode
  • T: Press the S.D. button in Statistics mode
  • Ctrl + T: Press the Inv S.D. button in Statistics mode
  • D: Press the CAD button in Statistics mode

Windows Journal keyboard shortcuts

  • Ctrl + N: Start a new note
  • Ctrl + O: Open a recently used note
  • Ctrl + S: Save changes to a note
  • Ctrl + Shift + V: Move a note to a specific folder
  • Ctrl + P: Print a note
  • Alt + F4: Close a note and its Journal window
  • Ctrl + Z: Undo a change
  • Ctrl + Y: Redo a change
  • Ctrl + A: Select all items on a page
  • Ctrl + X: Cut a selection
  • Ctrl + C: Copy a selection to the Clipboard
  • Ctrl + V: Paste a selection from the Clipboard
  • Esc: Cancel a selection
  • Delete: Delete a selection
  • Ctrl + F: Start a basic find
  • Ctrl + G: Go to a page
  • F5: Refresh find results
  • F5: Refresh the note list
  • F6: Toggle between a note list and a note
  • Ctrl + Shift + C: Display a shortcut menu for column headings in a note list
  • F11: View a note in full-screen mode
  • F1: Open Journal Help

Windows Help viewer keyboard shortcuts

  • Alt + C: Display the Table of Contents
  • Alt + N: Display the Connection Settings menu
  • F10: Display the Options menu
  • Alt + Left Arrow: Move back to the previously viewed topic
  • Alt + Right Arrow: Move forward to the next (previously viewed) topic
  • Alt + A: Display the customer support page
  • Alt + Home: Display the Help and Support home page
  • Home: Move to the beginning of a topic
  • End: Move to the end of a topic
  • Ctrl + F: Search the current topic
  • Ctrl + P: Print a topic
  • F3: Move the cursor to the search box

How UAC Actually Works

by Steve Syfuhs / October 20, 2009 04:00 PM

This post has had a few false starts.  It’s a tough topic to cover, as it’s a very controversial subject for most people still.  Hopefully we can enlighten some people along the way.

From a high level perspective, the UAC was developed to protect the user without necessarily removing administrative privileges.  Any change to the system required a second validation.  On older versions of Windows, an application running with administrative credentials could change any setting on the box.  Viruses and malware became rampant because of this openness, given that the average user had administrative credentials.  Most average users balked at the idea of having a limited user account, so Microsoft came up with an alternative for the new OS, Vista – a second form of validation.  You told the computer you wanted to make a change, it asked “are you sure?” 

Logically it makes sense.  Consider an instance where a devious application wanted to change some setting, and because Windows wanted to verify it’s ok to make this change it asked “are you sure?”  If you responded no, the change didn’t happen.  Simple enough.  However, here we start running into issues.  There are three perspectives to look at. 

First, the end user.  Simple changes to basic settings required validation.  This annoyed most of them, if not all of them.  They didn’t care why it was asking, they just wanted to delete shortcuts from their start menu.  Their reaction: turn off UAC.  Bad idea, but security loses when it comes to usability in the case of the end user.

Second, the irate IT Pro/Developer.  Most people working in IT make changes to system settings constantly.  Given that, the UAC would be seen many times in a day and it would, for lack of a better word, piss that person off.  They didn’t care what security it provided, it was a “stupid-useless-design” that shouldn’t have been created.  Their reaction: turn off UAC.  Once again security loses when it comes to usability.

Third, the knowledgeable IT Pro/Developer.  Not a lot of people fell into this category.  However, these tended to be the same type of people who fit into the Lazy Admin category as well.  When managed properly UAC wasn’t all that annoying because it wasn’t seen all that often.  Set-it-and-forget-it and you don’t ever see the prompt.  If you created the system image properly, you don’t have to constantly keep changing settings.  It’s a simple enough idea.

But…

Application compatibility is a pain.  Most applications didn’t understand the UAC, so they weren’t running with a validation and generally broke when they tried to do things they really shouldn’t be doing in the first place.  These are things like manipulating registry keys that don’t belong to them, writing to system folders, reading data from low-level system API’s etc.  This was reason #1 for disabling UAC.

And now…

With the general availability of Windows 7 in about 2.5 hours from now, it seems like a good time to discuss certain changes to UAC in the latest version of Windows.  The biggest of course being when Windows decides to check for validation.

Windows 7 introduces two new levels of the UAC.  In Vista there was Validate Everything or Off.  Windows 7 added “Do Not Notify Me When I Make Changes to Windows Settings”.  This comes into effect when the user makes a change to a Windows setting like display resolution.  Windows is smart enough to realize it’s the user making the change, and allows it.  It’s second additional level is the same as the first, except it doesn’t hide the desktop.

Now we get into some fun questions. 

  • How does Window’s know to not show the prompt?  It’s fairly straightforward.  All Window’s executables that were released as part of the OS are signed with a certificate.  All executables signed with this certificate are allowed to run if user started.  This is only true for Window’s settings though.  You cannot implement this with 3rd party applications.  There is no auto-allow list.
  • How does Window’s know it’s a user starting the application?  Lots of applications can mimic mouse movements or keyboard commands, but they occur at a higher application level than an actual mouse move.  Input devices like mice and keyboards have an extremely low level driver, and only commands coming from these drivers are interpreted as user input.  You cannot spoof these commands.
  • Can you spoof mouse/keyboard input to accept the UAC request?  No.  The UAC prompt is created in a separate Windows desktop.  Other well known desktops include the Locked screen, login screen, and the Cardspace admin application.  No application can cross these desktops, so an application running in your personal desktop cannot push commands into the UAC desktop.

Mark Russinovich has an excellent article in TechNet Magazine that goes into more detail about changes to the UAC.  Hopefully this post at least covered all sides of the UAC debate.

// About

Steve is a renaissance kid when it comes to technology. He spends his time in the security stack.