DOCSLIB.ORG

Inside Windows Vista User Account Control

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Inside Windows Vista User Account Control Windows administration At a glance: Running as a standard user File and registry virtualisation Elevating account status Inside Windows Vista User Account Control Mark Russinovich User Account Control next issue, I discuss the problems UAC solves and describe the architecture and implemen- (UAC) is an often tation of its component technologies. These technologies include the refactoring of op- misunderstood feature erations that previously required adminis- trative rights, lightweight virtualisation to in Windows Vista. In my help programs run correctly without admin- istrative rights, the ability for programs to previous TechNet articles explicitly request administrative rights, and isolation of administrative processes from on Windows Vista non-administrative processes running on the same user desktop. kernel changes, available UAC’s goal at www.microsoft.com/uk/ UAC is meant to enable users to run with standard user rights, as opposed to adminis- technetmagazine, I didn’t trative rights. Administrative rights give us- ers the ability to read and modify any part cover UAC because I of the operating system, including the code and data of other users – and even Windows felt it merited its own itself. Without administrative rights users cannot accidentally (or deliberately) modify article. In a two-part system settings, malware can’t alter system security settings or disable antivirus soft- series, concluding ware, and users can’t compromise the sen- 32 To get your FREE copy of TechNet Magazine subscribe at: www.microsoft.com/uk/technetmagazine 32_36_Vista.desfin1.indd 32 9/8/07 15:23:19 sitive information of other users on shared ing the system time. A laptop user who wants computers. Running with standard user to configure the local time zone so that their Prior to rights can therefore reduce urgent help desk appointments show correctly in their calen- calls in corporate environments, mitigate the dar when they travel must have the ‘Change Windows impact of malware, keep home computers the system time’ privilege (internally called running more smoothly and protect sensi- SeSystemTimePrivilege), which by default is Vista, the tive data on shared computers. only granted to administrators. UAC had to address several problems to Time is commonly used in security pro- Windows make it practical to run with a standard user tocols like Kerberos, but the time zone only account. First, prior to Windows Vista, the affects the way that time is displayed, so usage model Windows usage model had been one of as- Windows Vista adds a new privilege, ‘Change sumed administrative rights. Software devel- the time zone’ (SeTimeZonePrivilege), and had been one opers assumed their programs could access assigns it to the Users group, as seen in Figure and modify any file, registry key or operat- 1. This makes it possible for many corpora- of assumed ing system setting. Even when Windows tions to have their laptop users run under NT introduced security and differentiat- standard user accounts. administrative ed between accesses granted to administra- Windows Vista also lets standard users tive and standard user accounts, users were configure WEP settings when they connect rights guided through a setup process that encour- to wireless networks, create VPN connec- aged them to use the built-in Administrator tions, change power management settings account or one that was a member of the and install critical Windows updates. In ad- Administrators group. dition, it introduces Group Policy settings The second problem UAC had to address that enable standard users to install printer was that users sometimes need administra- and other device drivers approved by IT ad- tive rights to perform such operations as in- ministrators and to install ActiveX® controls stalling software, changing the system time from administrator-approved sites. and opening ports in the firewall. What about consumer and line of busi- The UAC solution to these problems is ness (LOB) applications that do not run cor- to run most applications with standard user rectly in standard user accounts? While some rights, obviate the need for administrator software legitimately requires administrative rights all the time and encourage software rights, many programs needlessly store user developers to create applications that run data in system-global locations. Microsoft with standard user rights. UAC accomplish- recommends that global application installers es these by requiring administrative rights that expect to run with administrative rights less frequently, enabling legacy applications create a directory under the %ProgramFiles% to run with standard user rights, making it directory to store their application’s exe- convenient for standard users to access ad- cutable files and auxiliary data and create ministrative rights when they need them and a key under HKEY_LOCAL_MACHINE\ enabling even administrative users to run as Software for their application settings. if they were standard users. When an application executes, it can be run- ning in different user accounts and it should Running as a standard user therefore store user-specific data in the per- A full audit of all administrative operations user %AppData% directory and save per-user during the development of Windows Vista identified many that could be enabled for standard users without compromising the security of the system. For example, even corporations that adopted standard user ac- counts for their Windows XP desktop sys- tems were unable to remove their travelling users from the Administrators group for the sole reason that Windows XP does not differ- entiate changing the time zone from chang- Figure 1 The ‘Change the time zone’ privilege TechNet Magazine September 2007 33 32_36_Vista.desfin1.indd 33 9/8/07 15:23:22 Windows administration settings in the user’s registry pro- file under HKEY_CURRENT_USER\ Software. Standard user accounts don’t have write-access to the %Program- Files% directory or HKEY_LOCAL_ MACHINE\Software, but because most Windows systems are single-user and most users have been administra- tors up until Windows Vista, apps that incorrectly save user data and settings to these locations work anyway. Windows Vista enables these legacy applications to run in standard user ac- counts through the help of file system and registry namespace virtualisation. When an application modifies a sys- tem-global location in the file system or registry and that operation fails be- Figure 2 Task Manager shows virtualisation status cause access is denied, Windows redi- rects the operation to a per-user area; when the application reads from a sys- tem-global location, Windows first The effects of virtualisation checks for data in the per-user area and, if none is present, permits the read at- You can change the virtualisation status of a process by selecting Virtualization tempt from the global location. from the context menu that appears when you right-click it in Task Manager. For the purposes of this virtualisa- Figure A shows the behaviour of a command prompt when its virtualisation tion, Windows Vista treats a process status changes. It starts out with virtualisation disabled because it has a as legacy if it’s 32-bit (versus 64-bit), Windows Vista manifest. Because it’s running with standard user rights, it is unable to create a file in the \Windows directory, but after it becomes virtualised with Task Manager it appears to create the file successfully. When Vista enables its virtualisation returns to its disabled state it can’t find the file, which is actually in the user’s virtual store. legacy apps to run in standard user Virtualization Disabled Virtualization Enabled accounts through virtualisation is not running with administrative Virtualization Disabled rights and does not have a manifest file indicating that it was written for Windows Vista. Any operations not originating from a process classified as legacy according to this definition, in- cluding network file sharing accesses, are not virtualised. A process’s virtual- isation status is stored as a flag in its token, which is the kernel data struc- Figure A Virtualisation status change ture that tracks the security context of a process, including its user account, group memberships and privileges. 34 To get your FREE copy of TechNet Magazine subscribe at: www.microsoft.com/uk/technetmagazine 32_36_Vista.desfin1.indd 34 9/8/07 15:23:32 You can see the virtualisation status of a process by adding the Virtualisation column to Task Manager’s Processes page. Figure 2 shows that most Win- dows Vista components, including Desktop Window Manager (Dwm .exe), Client Server Runtime Subsystem (Csrss.exe) and Explorer, either have virtualisation disabled because they have a Windows Vista manifest or are running with administrative rights and hence do not allow virtualisation. Internet Explorer (iexplore.exe) has vir- tualisation enabled because it can host multiple ActiveX controls and scripts and must assume that they were not Figure 3 Compatibility Files button indicates virtualised files nearby written to operate correctly with stan- dard user rights. The file system locations that are of the profile when the account has a virtualised for legacy processes are roaming profile. %ProgramFiles%, %ProgramData% If you navigate in Explorer to a di- and %SystemRoot%, excluding some rectory containing virtualised files, specific subdirectories. However, any Explorer displays a button labelled file with an executable extension, Compatibility Files in its toolbar, as including .exe,
Load more

Recommended publications
  • Security Assessment Security Policy Assessment
    Security Assessment Security Policy Assessment Prepared for: Jonathan Doe Prepared by: Austin Archer 3/23/2018 CONFIDENTIALITY NOTE: The information contained in this report is for the exclusive use of the client specified above and may contain confidential, privileged and non-disclosable information. If the recipient of this report is not the client or addressee, such recipient is strictly prohibited from reading, photocopying, distributing or otherwise using this report or its contents in any way. Scan Date: 4/1/2014 Security Policy Assessment SECURITY ASSESSMENT Table of Contents 1 - Summary 1.1 - Sampled Systems 2 - Local Security Settings (Sampled Systems) 2.1 - Account Policies 2.1.1 - Password Policy 2.1.2 - Account Lockout Policy 2.2 - Local Policies 2.2.1 - Audit Policy 2.2.2 - User Rights Assignment 2.2.3 - Security Options PROPRIETARY & CONFIDENTIAL Page 2 of 14 Security Policy Assessment SECURITY ASSESSMENT 1 - Summary 1.1 - Sampled Systems IP Addresses Computer Name Operating System 10.0.7.28 tandem Windows 7 Enterprise 172.20.1.3, 10.0.1.3 DC01 Windows Server 2012 Standard PROPRIETARY & CONFIDENTIAL Page 3 of 14 Security Policy Assessment SECURITY ASSESSMENT 2 - Local Security Settings (Sampled Systems) 2.1 - Account Policies 2.1.1 - Password Policy Policy Setting Computers Enforce password history 0 passwords remembered TANDEM 24 passwords remembered DC01 Maximum password age 42 days All Sampled Minimum password age 1 days All Sampled Minimum password length 7 characters All Sampled Password must meet complexity requirements
    [Show full text]
  • Run-Commands-Windows-10.Pdf
    Run Commands Windows 10 by Bettertechtips.com Command Action Command Action documents Open Documents Folder devicepairingwizard Device Pairing Wizard videos Open Videos Folder msdt Diagnostics Troubleshooting Wizard downloads Open Downloads Folder tabcal Digitizer Calibration Tool favorites Open Favorites Folder dxdiag DirectX Diagnostic Tool recent Open Recent Folder cleanmgr Disk Cleanup pictures Open Pictures Folder dfrgui Optimie Drive devicepairingwizard Add a new Device diskmgmt.msc Disk Management winver About Windows dialog dpiscaling Display Setting hdwwiz Add Hardware Wizard dccw Display Color Calibration netplwiz User Accounts verifier Driver Verifier Manager azman.msc Authorization Manager utilman Ease of Access Center sdclt Backup and Restore rekeywiz Encryption File System Wizard fsquirt fsquirt eventvwr.msc Event Viewer calc Calculator fxscover Fax Cover Page Editor certmgr.msc Certificates sigverif File Signature Verification systempropertiesperformance Performance Options joy.cpl Game Controllers printui Printer User Interface iexpress IExpress Wizard charmap Character Map iexplore Internet Explorer cttune ClearType text Tuner inetcpl.cpl Internet Properties colorcpl Color Management iscsicpl iSCSI Initiator Configuration Tool cmd Command Prompt lpksetup Language Pack Installer comexp.msc Component Services gpedit.msc Local Group Policy Editor compmgmt.msc Computer Management secpol.msc Local Security Policy: displayswitch Connect to a Projector lusrmgr.msc Local Users and Groups control Control Panel magnify Magnifier
    [Show full text]
  • Copyrighted Material
    11_783269 bindex.qxp 11/10/06 11:15 AM Page 209 Index applications (defined), 205. See also programs Numerics arranging windows, 43–44 100% button (Internet Explorer 7), 99–100 assigning sounds to program events, 24 audio visualizations, 186 A Windows Media Player 11, 183, 185–186 accessibility options, 156 audio CDs. See CDs accessories, 205 Audio Description feature, 157 account types, 169 AutoComplete feature (Internet Explorer 7), 101 accounts (administrative), 169 automatic updates with Windows Update, 161–162, 167 accounts (e-mail), 124 AutoPlay, 13, 148, 151 accounts (user) Autosearching feature (Internet Explorer 7), 113 account types, 169 adding, 169 creating, 169 B deleting, 170 backgrounds for desktop, 24 managing, 168, 170 Backup and Restore Center, 140–143, 146 names, 169 Backup Files dialog box, 141 Parental Controls, 170 backups passwords, 169 CompletePC Backup utility, 140–142 pictures, 169–170 DVD discs, 142 switching, 74 File and Folder Backup utility, 140–142 User Account Control (UAC), 170 Send To shortcut menu command, 64–65 activity reporting, 165 stopping, 141 activity reports, 166 BitLocker drive encryption, 163–164 Add Printer Wizard, 149–151 blocking Add to Library dialog box, 187 computer use, 165 adding Web sites, 165 bookmarks to Favorites Center, 102 blog, 208 gadgets, 31–32 bookmarks (Internet Explorer 7) icons, 35 adding to Favorites Center, 102 languages, 155–156 deleting, 104 music, 187 importing, 101 printers, 149–151 moving, 103–105 user accounts, 169 organizing, 103–105 address bar, 15–16 renaming, 104 address book, 128–130 selecting, 103 Address toolbar, 41 browser (defined), 208. See also Internet Explorer 7 adjusting volume, 152 browsing offline.
    [Show full text]
  • How to Get Started with Third Wall
    How to get started with Third Wall So now you have Third Wall, and you're trying to figure out the best way to use all of that power at your fingertips. Not a bad problem to have! We have a good suggestion on how to get started. You'll notice that, with 56 different policies to apply, some will impact end-users more than others. The ones that impact end users the least (while still providing great protection, of course!) are what we call "no-brainers." That is, you should be deploying many of these across ALL of your managed computers - right now. And, using our Profile feature, we make that easy for you to do. How do you do that? Simply create a Profile in Third Wall with the following no-brainer policies that are appropriate for you. Once you have done that, apply the Profile and select the "All Clients" option, which will then turn these policies on at ALL of your managed Locations - just like that. Pretty slick. Then, you can customize each of your clients by setting up a separate Profile for each of them, then deploy those Profiles by single client on top of your original deployment of the no-brainers. Since Profiles are additive, this will allow you to layer your Profile deployments like this for maximum protection in minimum time. So here is our suggested list of no-brainer policies: 1. Rename Local Administrator Account Why would you ever leave the name of this as default (Administrator)? Hide the name – make it harder for malware to find.
    [Show full text]
  • Nine Ways to Restrict End-Users Who Have Windows Admin Privileges
    WHITE PAPER: Nine Ways to Restrict End-Users Who Have Windows Admin Privileges Nine Ways to Restrict End-Users Who Have Windows Admin Privileges WHITE PAPER WHITE PAPER: Nine Ways to Restrict End-Users Who Have Windows Admin Privileges Contents Introduction ................................................................................................................................3 Restriction 1 – Prevent Users from Changing the UAC Setting ...............................................3 Restriction 2 – Prevent Users from Running the MMC with Admin Privileges.........................4 Restriction 3 – Prevent Users from Running Commands or Scripts with Admin Privileges ....5 Restriction 4 – Prevent Users from Uninstalling Third-party Software Protecting Your System ...................................................................................................................................................6 Restriction 5 – Prevent Users from Being Able to Edit System Settings in the Registry .........7 Restriction 6 – Prevent Users from Disabling or Changing Endpoint Firewall Settings ..........7 Restriction 7 – Prevent Users from Changing the Date and Time ...........................................8 Restriction 8 – Prevent Users from Terminating Processes ....................................................9 Restriction 9 – Prevent Users from Elevating Applications that Could Introduce Malware .....9 What Next? ............................................................................................................................
    [Show full text]
  • Disabling UAC for Wonderware® Product Support on Windows 2008 Server R2 – 64 Bit
    Disabling UAC for Wonderware® Product Support on Windows 2008 Server R2 – 64 bit Tech Note 772 Disabling UAC for Wonderware® Product Support on Windows 2008 Server R2 – 64 bit All Tech Notes, Tech Alerts and KBCD documents and software are provided "as is" without warranty of any kind. See the Terms of Use for more information. Topic#: 002552 Created: April 2011 Updated: September 2011 Introduction User Account Control (UAC) is a new security component for Windows Server 2008. UAC enables users to perform common tasks as Non-Administrators, who were called Standard Users in Windows 2000. Non- Administrators can also perform common tasks as Administrators without having to switch users, log off, or use Run As. A Standard User account in Windows 2000 is synonymous with a User Account in Windows XP. User accounts who are members of the local Administrators group will run most applications as a Standard User. This Tech Note applies ONLY to Windows Server 2008 R2 (64 bit). The following information describes disabling the Windows 2008 R2 User Account Control (UAC) in order to allow Wonderware® Products to operate correctly. Note: Disabling UAC for Windows 2008 SP2 is covered in Tech Note 733 Disable UAC on Windows Server 2008 SP2. Application Versions All Wonderware Products Windows Server 2008 R2 (64 bit) Windows 7 Issues There are many problems associated with running Wonderware Products in Windows 2008 R2 with the User Account Control (UAC) enabled. The problems include but are not limited to Deployment failure to a remote node. Unable to see the remote node in the SMC.
    [Show full text]
  • Security and Compliance
    Security and Compliance Robert Nottoli | Principal Technology Specialist | Microsoft Corporation [email protected] DISCLAIMER FOR DOCUMENTATION REGARDING PRE-RELEASED SOFTWARE This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release, including URL and other Internet Web sites referenced, and is the confidential and proprietary information of Microsoft Corporation. The entire risk of the use or the results from the use of this document remains with the user. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Therefore, MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
    [Show full text]
  • User Account Control - Wikipedia
    12/31/2020 User Account Control - Wikipedia User Account Control User Account Control (UAC) is a mandatory access control enforcement facility introduced with Microsoft's Windows Vista[1] and Windows Server 2008 operating systems, with a more relaxed[2] version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012 and Windows 10. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not User Account Control "Windows Security" alerts inherit those privileges unless they are approved in Windows 10 in light mode. From top to bottom: beforehand or the user explicitly authorizes it. blocked app, app with unknown publisher, app with a known/trusted publisher. UAC uses Mandatory Integrity Control to isolate running processes with different privileges. To reduce the possibility of lower-privilege applications communicating with higher-privilege ones, another new technology, User Interface Privilege Isolation, is used in conjunction with User Account Control to isolate these processes from each other.[3] One prominent use of this is Internet Explorer 7's "Protected Mode".[4] Contents History Tasks that trigger a UAC prompt Features Requesting elevation Security Criticism See also References External links History https://en.wikipedia.org/wiki/User_Account_Control#Security 1/9 12/31/2020 User Account Control - Wikipedia Operating systems on mainframes and on servers have differentiated between superusers and userland for decades.
    [Show full text]
  • Installing SAPGUI 1) You MUST NOT Be Logged on to the Computer with an Account Containing the Word 'Administrator'. However
    Installing SAPGUI 1) You MUST NOT be logged on to the computer with an account containing the word ‘administrator’. However, make certain the account with which you’ve logged on to the workstation is a member of either the ‘Power Users’ or the ‘Administrators’ group. If you are unfamiliar with Windows permissions, please consult your TLC or the I&T Service Desk for assistance. 2) You MUST disable User Account Control (UAC) for the installation process BUT REMEMBER TO ENABLE it once you have completed the SAPGUI installation. If you do not have permissions to disable UAC, or do not know how to disable UAC, please consult your TLC or contact the I&T Service Desk for assistance. 3) Please close all SAP applications. Ensure that even the SAP Logon Pad is closed. 4) Microsoft .NET v3.5 must be installed on the workstation. This can be accomplished by using the Control Panel’s “Apps & features” panel. To start, simply click the Windows start button and type ‘apps’ then click on “Apps & features” when it appears. Scroll down, locate, and click on “Programs and Features” (under Related settings). Select the hyperlink “Turn Windows features on or off”. Select ‘.NET Framework 3.5…’ Click OK and finish the installation of .NET Framework 3.5. Select “Let Windows Update download the files for you” if you are prompted. Close the Windows Features dialog box and other control panel screens. 5) Start the SAPGUI installer as follows: Step 1: Click the Windows Start Button Step 2: type cmd Step 3: RIGHT-CLICK ‘Command Prompt’ Step 4: Click ‘Run as administrator’ Type (or paste) the following command into the Command Prompt window as shown in the screen-shot below: Insert a space before \\gui730\remoteinst750\installsapgui.bat power the word power Press <Enter> to begin the installation / upgrade You will see a flash on the screen then: The SAP Front End Installer program will start in a few seconds… The installation is now in progress… This phase may take up to 10 minutes to complete.
    [Show full text]
  • Windows Authentication
    Windows Authentication August 3, 2021 Verity Confidential Copyright 2011-2021 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks are the property of their respective owners. Qualys, Inc. 919 E Hillsdale Blvd 4th Floor Foster City, CA 94404 1 (650) 801 6100 Table of Contents Get Started .........................................................................................................4 Windows Domain Account Setup.................................................................6 Create an Administrator Account ......................................................................................... 6 Group Policy Settings .............................................................................................................. 6 Verify Functionality of the New Account (recommended) ................................................. 7 WMI Service Configuration ............................................................................ 8 How to increase WMI authentication level .......................................................................... 8 What happens when high level authentication is not provided? ...................................... 8 Manage Authentication Records...................................................................9 Create one or more Windows Records .................................................................................. 9 Windows Authentication Settings ......................................................................................
    [Show full text]
  • How to Turn Off the User Account Control in Windows Vista
    The UAC is a security feature in Windows Vista, Windows 7, Windows 8 and Windows 10 which helps prevent unauthorized changes to your computer. When the UAC is on you will get a prompt to authorize the changes. This prompt does not work for background processes therefore the changes are automatically denied by the UAC. In order for Sage Pastel and Pervasive to register correctly and apply the database licenses you will need to ensure that the Windows User Account Control or UAC has been turned off. The reason the UAC needs to be turned off is that during registration the licenses for the Pervasive database are applied in the background. 1. How to turn off the User Account Control in Windows Vista 2. How to turn off the User Account Control in Windows 7 3. How to turn off the User Account Control in Windows 8 and Windows 10 Go to Start| Control Panel In the search type in UAC and press ‘Enter’ on your keyboard Click on the option ‘Turn user Account Control (UAC) on or off’ The ‘Turn on User Account Control (UAC) to make your computer more secure’ screen will display Ensure the option Use User Account Control (UAC) to help protect your computer is not ticked Go to Start| Control Panel In the search type in UAC and press ‘Enter’ on your keyboard Click on the option ‘Change User Account Control Settings’ The ‘User Account Control Settings’ screen will display Ensure the slider is at the bottom on Never notify Click the Start button Search for UAC Select the option Change User Account Control settings The ‘User Account Control Settings’ screen will display Ensure the slider is at the bottom on Never notify .
    [Show full text]
  • Mastering Windows Media Player 11
    11_0789735865_ch08.qxd 7/27/07 10:09 AM Page 175 Chapter Eight Mastering Windows Media Player 11 IN THIS CHAPTER How Microsoft’s New Media Player Is the ܋ How Microsoft’s New Media Player Is the Master of Its Domain Master of Its Domain ܋ WMP 11’s Play Controls ܋ Configuring WMP 11’s Options ܋ Working with Audio in WMP 11 ܋ Playing Video in WMP 11 ܋ Media Sharing and Your Home Network ܋ Windows Media Player Tips and Tricks t wouldn’t seem like a new version of Windows if Microsoft didn’t pony up a new version of Windows Media Player I(WMP) to go with it. Vista is no exception—it includes ver- sion 11 of Windows Media Player as its dice-slice-rip-play multimedia powerhouse. With version 11, WMP offers big improvements in usability, support for portable media players, the Xbox 360 game console, CD and DVD burning, Internet access, network support, and file synchronization. 11_0789735865_ch08.qxd 7/27/07 10:09 AM Page 176 MAXIMUM PC MICROSOFT WINDOWS VISTA EXPOSED NOTE WMP 11’s Play Controls When you start Windows Media Player, the Library view is dis- After you configure WMP, played by default. The newly uncluttered Explorer-style interface you can start it directly uses a menu along the left side of the WMP display for selecting from the QuickLaunch tool- different views of your digital library (see Figure 8.1). The play bar, next to the Start but- controls are centered along the bottom center of the display, for ton, or from the Start easier access when running WMP 11 in a windowed mode.
    [Show full text]