Saturday, July 6, 2013

Solving Windows 8 Drag n' Drop issue

I came across an with Drag n' Drop (DnD) lately on Windows 8 and Firefox that really annoyed me, so I hope this post will help others out there who face the same issue.

Drag n' Drop onto Firefox
Beginning of the "story"
Few weeks ago, I accidentally changed Firefox launch properties to 'Run As Administrator' which caused any drag and drop of a file from Windows File Explorer onto Firefox to stop working. I was able to drag from File Explorer, but once the mouse was hovering Firefox, a "wrong way"cursor appeared signaling that dropping a file or a picture onto the browser was not possible.

'Run as administrator' option
Since it was not an intentional decision to make Firefox to always run as admin, I didn't think of linking the issue to that when I tried a DnD a file weeks later.

In addition, DnD on Google Chrome or Internet Explorer was working, so I thought it was a Firefox specific issue. I researched Mozilla forums, disabled all add-ons in Firefox, created a  fresh Firefox profile, created a Windows profile, installed older versions of Firefox. Nothing! I broadened my research to DnD in Windows, not specifically for Firefox, that's when I found pointers to settings in process privileges being the cause of the DnD issues.

So what happened?
With Windows Vista, Microsoft introduced User Account Control (UAC) and other security elements in its OS to enhance security by preventing malware from getting administrator privileges by inheriting

My understanding from all of this (take it with a grain of salt and research further of you want) is that DnD problem I faced is related to differences of process privileges level between Firefox 'Running as Administrator', a higher privilege than Windows File Explorer level.

So basically I was stuck with one application with lower privileges (File Explorer) trying to drop a file into a higher privilege application (Firefox running as admin). The tricky part is that Windows File Explorer process privileges level cannot be set or changed. At least, I didn't find an easy way to do it, or do I think it's the right thing to do from security perspective.

There are at least two options in Windows 8 to solve similar DnD issue related to process privileges:

Solution A: Run your application at normal privileges level (recommended)

  • To do so, right-click on the icon of your application (e.g. Firefox) then select Properties
  • In the Properties window, uncheck the option 'Run this program as an administrator'

Disable 'Run As Administrator'

Solution B: Change group policy to disable UAC (not recommended)

  • Open Windows 'Run' command window. You can do that by searching in Windows 8 search for 'Run'
  • Type and enter gpedit.msc in the 'Run' window to open Local Group Policy Editor
  • Go to 'Local Computer Policy > Windows Settings > Security Settings > Local Policies > Security Options'
  • Change the setting User Account Control: Run all administrators in Admin Approval Mode to Disabled

For security considerations and because you will disable any Windows 8 Modern application from running, I do not recommend this option. Click on screenshots below to view the different steps:





Windows 8 UAC disabled, this app can't open


If you want to learn more about UAC and related User Interface Privilege Isolation (UIPI), here's a interesting page to read on MSDN blog:
http://blogs.msdn.com/b/patricka/archive/2010/01/28/q-why-doesn-t-drag-and-drop-work-when-my-application-is-running-elevated-a-mandatory-integrity-control-and-uipi.aspx