Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Vista

User Account Control (UAC)

- Windows 10 Product Activation Keys Free 2019 (All Versions)
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
3/13/2011 10:31:26 PM
A new feature in Windows Vista is User Account Control, or UAC. This secures the computer by running the desktop and other applications with the privilege level (rights and permissions) of a standard user, whether you are logged on as a standard user or as an administrator. When an administrator logs in, with Admin Mode enabled in UAC, as it is by default, the user is issued a split token. One half is a standard user token that is used to launch nonadministrative tasks, like standard applications. The second half is an administrator token, which can be used to feed the administrator credentials to the UAC process as needed.

This feature is all new, it is security related, and you can bet it is test worthy. You’ll need to know several different configuration settings on this new technology.

User Account Control is enabled by default in Windows Vista and recognizes when more privilege is required to complete a task. When UAC detects that elevated privilege is needed, UAC first locks the desktop so no malicious activity can occur. This is called the Secure Desktop and is shown in Figure 1. Then UAC prompts the user for the credentials of an Administrator account.

Figure 1. Whether you’re logged on as a standard user or an administrator, when you launch a task requiring elevated privilege, UAC implements the Secure Desktop.


Alert

If you are not being prompted for credentials when launching an administrative task, it is possible that UAC has been turned off. If you want to be prompted for administrator credentials when running elevated privilege tasks, you can re-enable UAC in the Windows Security Center, as shown in Figure 2.

Figure 2. If UAC gets turned off, you can turn it back on in the Windows Security Center or the Local Computer Policy. You must then reboot the computer to make your change effective.


There are several settings in the Local Computer Policy (LCP) for the local Vista computer. Figure 3 shows the LCP UAC settings.

Figure 3. The LCP can be used to fine-tune the UAC configuration.

When a user is logged on as a standard user, all tasks requiring elevation of privilege trigger UAC. Because the standard user has not provided administrator logon credentials, administrator credentials are required for every elevation of privilege by default. If this gets turned off and you want to be sure UAC triggers, you can force a user who is logged on as a standard user to provide credentials with every elevation of privilege. You must configure the Behavior of the Elevation Prompt for Standard Users back to the default setting of prompt for credentials.

You can also use this Behavior of the Elevation Prompt for Standard Users setting to disallow a standard user from ever being able to run administrative tasks, even if he knows the administrator username and password. You can configure the setting to Prompt for Credentials. These two settings are shown in Figure 4.

Figure 4. The Behavior of the Elevation Prompt for Standard Users can be set to Prompt for Credentials or set to Automatically Deny Elevation Prompts.

Even when a user is logged on as an administrator, UAC confirms the elevation of privilege required to perform a task. By default, the Behavior of the Elevation Prompt for Administrators in Admin Approval Mode setting in Windows Vista is configured to the Prompt for Consent setting. Because the administrator has already provided his logon credentials, no additional credentials are required, only a confirmation that the administrator wants to proceed.

To force a user who is logged on as an administrator to provide credentials with every elevation of privilege, you must configure the Behavior of the Elevation Prompt for Administrators in Admin Approval Mode to the setting of Prompt for credentials.

To have Vista elevate the privilege level without prompting a user who is logged on as an administrator, you must configure the Behavior of the Elevation Prompt for Administrators in Admin Approval Mode to the setting of Elevate Without Prompting.

These three settings are shown in Figure 5.

Figure 5. The Behavior of the Elevation Prompt for Administrators in Admin Approval Mode can be set to Elevate Without Prompting, Prompt for Credentials, or Prompt for Consent.

To disable UAC for administrators but leave UAC running for users, you must disable the Run All Administrators in Admin Approval Mode setting.

These settings are all configurable in the LCP, as well as in a Group Policy Object, if you are working in an Active Directory environment.

To summarize, UAC can be configured to do the following:

  • Elevate without prompting

  • Prompt for credentials

  • Prompt for consent

  • Be disabled for administrators

  • Be disabled for all users (Standard and Administrators)

Other -----------------
- Troubleshoot Authentication Issues - SmartCards
- Configure and Troubleshoot Access to Resources (part 4) - Securing Network Traffic for Remote Desktop Protocol (RDP) Access
- Configure and Troubleshoot Access to Resources (part 3) - IPSec for Securing Network Traffic on the Local LAN
- Configure and Troubleshoot Access to Resources (part 2) - Printer Sharing
- Configure and Troubleshoot Access to Resources (part 1) - Permissions
- Windows Update (part 4) - Troubleshooting Updates
- Windows Update (part 3) - Windows Server Update Services Server (WSUS)
- Windows Update (part 2) - Automatic Updates
- Windows Update (part 1) - Manual Updates
- Windows Defender and Other Defenses Against Malware
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
Celebrity Style, Fashion Trends, Beauty and Makeup Tips.
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server