3.2 User Account Control
User Account Control is a new feature in Vista.
It lets you know each time an administrative task or a task that
requires elevated privileges is performed on a computer. Part of the
reason for UAC is that when people run with administrative privileges,
it is possible for malicious code to execute with high privileges
without your knowledge. When you run with UAC, you always know when any
event requires elevated privileges because UAC always requests
acceptance for the operation. In fact, UAC can display two different
types of prompts, as shown in Figures 4 and 5. The prompt in Figure 4
appears when you are already logged on as an administrator. In this
case, you only need to approve or decline the operation. The prompt in Figure 5
appears when you are logged on as a standard user. In this case, you
must provide both an administrative user name and the corresponding
password to allow the operation. A third prompt, shown in Figure 6,
appears when a program wants to access administrative rights on your
behalf. Here you decide to approve or decline the operation. This third
prompt is similar to the one you would see when malicious code tries to
infect your system.
As you can see, UAC has its uses and should be
part of any Vista security strategy. In fact, your administrators should
always run with a standard user account and access their administrative
account only when they need to perform a task that requires elevation.
To do this, they need to work with the Run As Administrator command,
which is available through the context menu of any shortcut.
Because of its ability to protect your systems,
you should not deactivate UAC. You should, however, configure it
properly to avoid UAC prompts for your normal users. UAC is configured
through Group Policy under Security Settings => Local Policies => Security Options as can be seen in Figure 7.
The best way to configure this is to set the User Account Control:
Behavior of the elevation prompt for standard users: Automatically deny
elevation requests to on so that end users will not see any UAC prompts.
UAC also disables the default administrator
account. Leave this account as is and provide different administrative
accounts for your technicians. Taking this step gives you the best
opportunity to lock down your computer systems and therefore reduce the
number of support calls related to modifications to the base settings
you configure for your Vista systems. In some cases, locked down
environments have seen a 500 percent reduction in calls related to
system configurations. This reduction rate makes a good case for keeping
your systems locked as tight as you can. In addition, Vista now lets
standard users perform many tasks they could not in previous versions of
Windows. They can install signed software, signed software updates,
printers, and change clock settings, to name a few. There is no reason
to run an unlocked environment when you run Windows Vista.
