|
| You are here: Categories » Computers and technology » Windows
|
User Account Control (UAC) is designed to address the need for a solution that is resilient to attack from an ever-growing array of malicious software (also called malware) programs. For those who have installed and used an earlier version of Microsoft Windows, UAC represents a significant change in the way user accounts are used and configured. It does this by reducing the need for administrator privileges and by carefully defining the standard user and administrator user modes.
Reducing the Need for Administrator Privileges
In earlier versions of Windows, most user accounts are configured as members of the local administrator’s group to ensure that users can install, update, and run software applications without conflicts and to perform common system-level tasks. In Windows XP and earlier versions of Windows, some of the most basic tasks, such as clicking the taskbar clock to view a calendar, require administrator privileges, and this is why many user accounts are configured as local administrators. Unfortunately, configuring user accounts as local administrators makes individual computers and networks vulnerable to malicious software and also makes maintaining computers more difficult, as users might be able to make unapproved system changes.
|
Note |
Malicious software programs exploit the system-level privileges provided to the local administrator. Not only does this allow malicious software to install itself, it also allows malicious software to damage files, change the system configuration, and steal your confidential data. Some organizations try to combat malicious software by locking down computers and requiring users to operate in standard user mode. While this can solve some problems with malicious software, it can also seriously affect productivity, as many applications designed for Windows XP will not function properly without local administrative rights. Why? Typically, Windows XP applications use local administrative rights to write to system locations during normal operations. |
Through User Account Control, Windows Vista provides the architecture for running user accounts with standard user privileges while eliminating the need for using administrator privileges to perform common tasks. This fundamental shift in computing serves to better protect computers against malicious software while ensuring that users can perform their day-to-day tasks.
User Account Control is an architecture that includes a set of infrastructure technologies. These technologies require all users to run applications and tasks with a standard user account, limiting administrator-level access to authorized processes. Because of UAC, computers can be locked down to prevent unauthorized applications from installing and to stop standard users from making inadvertent changes to system settings.
Defining the Standard User and Administrator User Modes
In Windows Vista, there are two levels of users:
-
Administrator users Administrator users run applications with an administrator account and are members of the local Administrators group. When an administrator user starts an application, her access token and its associated administrator privileges are applied to the application at run time. This means that an application started by a member of the local Administrators group runs with all the rights and privileges of a local administrator.
-
Standard users Standard users run applications with a user account and are members of the Users group. When a user starts an application, her access token and its associated privileges are applied to the application at run time. This means that an application started by a member of the Users group runs with the rights and privileges of a standard user.
In Windows Vista, many common tasks can be performed with a standard user account, and users should log on using accounts with standard user privileges. Whenever a user attempts to perform a task that requires administrator permissions, the user sees a Windows Security dialog box containing a warning prompt. The way the prompt works depends on whether the user is logged on with an administrator account or a standard user account:
Administrator users run as standard users until an application or system component that requires administrative credentials requests permission to run. Windows Vista determines whether a user needs elevated permissions to run a program by supplying most applications and processes with a security token. Windows Vista uses the token as follows:
-
If an application or process has an “administrator” token, elevated privileges are required to run the application or process, and Windows Vista will prompt the user for permission confirmation prior to running the application.
-
If an application or process has a “standard” token or an application cannot be identified as an administrator application, elevated privileges are not required to run the application or process, and Windows Vista will start it as a standard application by default.
By requiring that all users run in standard user mode and by limiting administrator-level access to authorized processes, UAC reduces the exposure and attack surface of the operating system. The process of getting an administrator or standard user’s approval prior to running an application in administrator mode and prior to performing actions that change system-wide settings is known as elevation, and this feature is known as Admin Approval Mode. Elevation enhances security and reduces the impact of malicious software by:
-
Ensuring that users are notified when they are about to perform an action that could impact system settings, such as installing an application.
-
Eliminating the ability for malicious software to invoke administrator privileges without a user’s knowledge.
-
Preventing users, and the applications they are running, from making unauthorized or accidental system-wide changes to operating system settings.
-
Protecting administrator applications from attacks by standard applications and processes.
Elevation is a new feature and a permanent change to the Windows operating system.
|
Tip |
Elevation affects not only users and administrators, but developers as well. Developers must design their programs so that everyday users can complete basic tasks without requiring administrator privileges. A key part of this is determining which of the two levels of privilege their applications need to complete specific procedures. If an application doesn’t need administrator privileges for a task, it should be written to require only standard user privileges. As an example, a standard user–compliant application should write data files only to a nonsystem location, such as the user profile folder |
|
|
Leave a comment or ask a question
|
|
Total comments: 0
 Disclaimer
- The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
|
|
|
Windows7 Device Stage - Device Stage is a new technology in Windows 7 that helps you interact with any compatible device connected to your computer. Device Stage lets you see device status and run common tasks. This a cur (more...)
Windows7 Action Center - Windows Action Center is an improved version of Vista's Security Center. The action center alerts you to problems with your PC and lets you know how you can resolve them. Notifications are delivere (more...)
Enhance SATA Disk Performance in Windows7 - You can improve the performance of your SATA hard drive by enhancing write caching.
If you are not sure whether or not you have an SATA drive in your computer, please check with your manufa (more...)
Speed up Your External Hard Drives in Windows7 - The default setting in Windows 7 disables write caching for external drives. This is done so that you can remove an external drive at any time without data loss. If you are willing to eject your dr (more...)
Use Windows7 ReadyBoost to Speed up Programs - Using Windows ReadyBoost is a great way to improve the performance of your computer when doing your day-to-day tasks.
What is ReadyBoost?
ReadyBoost uses a USB thu (more...)
Make Windows7 Shut Down Faster - As you install programs on your computer, it slows down-we all know that. However, what you may not know is that the programs install services. Windows is "kind" enough to patiently wait for these (more...)
Activate Hidden Regional Themes in Windows7 - Windows 7 is a worldwide operating system and Microsoft made a really good move by adding regional wallpapers into the operating system. When you choose your region settings, the appropriate theme (more...)
Windows7 :: Save Your Settings as a Theme - When you are satisfied with the appearance of your windows desktop, you can save the settings as a theme. A theme incorporates the following settings:
• Color and appea (more...)
Windows 7 Set Views for all Folders - Windows 7 does a pretty good job at analyzing the content of a folder to determine how it should display the files. 98% of the time I want to see the details of the files and I don't care for thumb (more...)
Customize Folder Icons in Windows 7 - In this tutorial, you'll learn how to customize your folder icons in Windows 7.
To change your folder icons:
1. Right click on the folder you want to customize the i (more...)
|
|
|
