6
I'm getting this message when I try to start a Modern UI app after explorer was restarted with admin privileges (by a setup program).
I know how to fix it (just restart explorer without admin privileges), but I'm curious: Why is it forbidden to run a metro app with explorer running with admin privileges? I can't think of any good reason.
Thomas Levesque
Posted 2012-12-19T00:04:55.187
Reputation: 447
5
I faced this error myself some time back and looked into it a bit, and here's what I have understood about the cause. If any Windows programming expert sees any egregious mistakes, kindly edit and improve.
Windows 8 and the introduction of the new Metro/Modern UI and apps necessitated several enhancements to the OS' security model. AppContainer is a new isolation method applied to Metro apps, which by default prevents them from both reading and writing to most of the Operating System, with the exception of the app’s own AppData folder.
Metro applications can make declarations in their application manifest file about which OS capabilities they need to access. You can read a bit more about this in the Delivering reliable and trustworthy Metro style apps article on the Building Windows 8 blog.
AppContainer is implemented through a new integrity level in Windows 8, supported by some additional changes to the OS. The AppContainer integrity level blocks both read and write access to objects marked with a higher integrity level. Now Windows Explorer normally runs in medium integrity mode, and explorer.exe is the parent process from which all other user-initiated processes inherit their access token. If Explorer is running with admin privileges i.e. at high integrity level, then any Metro apps it launches will inherit that administrative access token, which is obviously a strict no-no as it will violate the sandboxed environment provided by the AppContainer integrity level. Hence the error message thrown.
Karan
Posted 2012-12-19T00:04:55.187
Reputation: 51 857
Thanks for your answer. Are you sure that it's explorer.exe that creates the process for Metro apps? It doesn't seem very logical, since they're not started from the explorer... – Thomas Levesque – 2012-12-19T01:35:27.277
Unless, of course, the start screen is part of explorer.exe ... – Thomas Levesque – 2012-12-19T01:37:58.147
I think it is, but I'm not sure. – Karan – 2012-12-20T00:07:12.090
@OliverSalzburg, if you edit my question, please don't change its meaning... – Thomas Levesque – 2012-12-19T00:13:28.410
I guess it is because Apps keep preferences for your users in your Windows 8 PC, and admin is not a proper user for those application since they don't need admin adjustments. Besides, some users might be using their Microsoft accounts and Windows 8 applications are installed for each user. – vhanla – 2012-12-19T00:25:47.523