Windows XP Clock HOS

<html>

<head>

<style>

<!--

 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman";}

a:link, span.MsoHyperlink

        {color:blue;
        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {color:purple;
        text-decoration:underline;}

        {margin-right:0in;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman";}

span.EmailStyle17

        {font-family:Arial;
        color:windowtext;}

@page Section1

        {size:8.5in 11.0in;
        margin:1.0in 1.25in 1.0in 1.25in;}

div.Section1

        {page:Section1;}

-->

</style>

</head>

Hi Keith,

Three

years ago, I took a vow never to use an administrative account except when

really required by a particular task. Soon after the day I surrendered to the life

of a casual user, my wife calls me at the office and guarantees that she can no

longer consult the clock and calendar by double-clicking the time display in

the system shell tray. To test her claim (a rare instance indeed), I tried the

same thing on my machine at work where I also run as a mere user and Great

Scott! <a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;300022">She

was right!</a> The following message popped on my screen:

<span

style='font-size:12.0pt'><img border=0 width=413 height=126

src="clock1.gif">

Now you

could argue whether an analogue clock display is necessary or not, but what

about calendar? Without a full-blown <a

href="http://www.microsoft.com/office/outlook/">Microsoft Outlook</a> or

PIM application, there is no basic calendar display functionality in

Windows. This was one of those rare moments where I wish I had my Windows

3.x diskettes handy to fish out the good old Clock and Calendar

applications. Hey, <a

href="http://search.microsoft.com/gomsuri.asp?n=4&c=rp_Results&siteid=us/dev&target=http://www.microsoft.com/msj/0898/hood0898.aspx">16-bit

applications should still run thanks to WOW</a>, right? Incidentally Clock

used to still ship with Windows NT 4.0, but has been <a

href="http://support.microsoft.com/default.aspx?scid=kb;en-us;227762">dropped

from Windows 2000 onwards</a>. What's more, the <a

href="http://support.microsoft.com/default.aspx?scid=kb;en-us;159852">solution

to get calendaring functionality</a> is to use Microsoft Schedule+. Not cool.

The

lesson here is that security can have all kinds of interesting impacts on the

user interface design. In this particular case, it would have been more

appropriate for the system to display the Date and Time applet from Control

Panel and only show the above message if the user attempted to change anything

by clicking the OK or Apply button. The fact that the user holds the <a

href="http://msdn.microsoft.com/library/en-us/security/security/authorization_constants.asp?frame=true#windows_nt_privilege_constants">SeSystemTimePrivilege</a>

href="http://msdn.microsoft.com/library/en-us/security/security/privileges.asp">privilege</a> should

only be asserted if the user attempts to change the time-related information,

but not when merely wanting to view it (unless the latter is a breach of

security). Unfortunately, right now this problem continues to exist in <a

href="http://www.microsoft.com/windowsxp">Windows XP</a>.

The <font

face="Times New Roman">Network Connections area of Windows,

however, gets it right. That is, a user with a non-administrative can walk up

to Network Connection

in Control Panel,

select a connection such as for the LAN and consult its properties:

<span

style='font-size:12.0pt'><img border=0 width=367 height=450

src="clock2.gif">

Notice

how the three buttons, Install,

Uninstall and <font

face="Times New Roman">Properties, are disabled because the

user does not hold the right privileges to perform those actions. In fact,

prior to the above dialog box appearing, the user is even warned why some parts

of the user interface may appear disabled:

<span

style='font-size:12.0pt'><img border=0 width=629 height=126

src="clock3.gif">

This is

definitely a more fine-grained and preferred approach than the one taken by the

Date and Time

applet. I would even go one step further and say that the above message box is probably

too loud. That is, rather than popping in the user's face each time, it would

even be better to just put a side note somewhere on the dialog box. In fact,

the System applet

in Control Panel

does this (see the note stating “Only Administrators can change the

identification of this computer.”:

<span

style='font-size:12.0pt'><img border=0 width=410 height=468

src="clock4.gif">

So

creating a user interface that takes into consideration the rights of a user in

a non-intrusive way probably requires a fair share of non-trivial code, but it

definitely gives a gentle and fine touch to the overall end-user experience (as

in the last example). Unless the operating system shell gets it right, the user

has less hope for applications. Windows slowly but surely seems to be heading

in the right direction as can be seen from the various examples that I've

demonstrated here. Meanwhile, I don’t know if you agree or now, but I think

that the Date and Time applet definitely

deserves a slot in the Security Hall of Shame. In fact, shame on all the

resolutions presented in the <a

href="http://support.microsoft.com/default.aspx?scid=kb;en-us;300022">MS KB

Article #300022</a>. Who’s trying to change date and time? My wife just

wanted to consult the calendar.

- Atif

</div>

</body>

</html>

	Show Changes
	Print
	Recent Changes
	Subscriptions
	Lost and Found
	Find References
	Rename