Microsoft’s advertising has stressed the new security features found in Windows Vista. From the user perspective, one such feature, User Access Control, is arguably the most noticeable enhancement. User access control is a mechanism by which users — even administrators — perform common Windows tasks with non-administrative rights, or as a standard user. Before administrative tasks can be performed, users must actively approve actions that could be potentially dangerous to the computer.
In this article, I’ll give you a complete look at User Access Control’s inner workings and show you some ways you can change the behavior of this new feature.
How does User Access Control work?
The Inner workings of User Access Control reveal a lot about how this feature protects your computer. First, let’s talk about why User Access Control was developed.
The problem: Windows XP and silent installations
In pre-Vista versions of Windows, upon login, a user was assigned an access token. A non-administrative user was assigned a token that granted him access to resources that did not require administrative rights. Users that were members of an administrative group were assigned a single token that granted them full rights to all of the resources on the local computer.
From an ease-of-use perspective, this level of authority was great. However, from a security perspective, it’s not so great; even for IT pros. Consider the potential for “drive-by” spyware installation. A drive-by installation happens when you visit, either accidentally or intentionally, a site containing malicious code that you don’t know about. While spyware scanners have significantly improved over the past couple of years, there’s not a single solution on the market that will protect against every known threat. Even if there was such a product, there would still be the issue of unknown threats. New spyware pops up every day and it takes vendors time to discover these new nuisances and update their products.
If you’re logged in to Windows XP as a user with administrative privileges at the time the drive-by takes place, spyware may get installed to your computer with absolutely no notice to you. This spyware could be anything from a fairly innocuous tool to a key logger that keeps track of everything you type and sends the results to a predetermined location. You might end up with the installation of a back door that allows a hacker to make his way into your system at some point in the future to achieve his nefarious goals. Worse, the deeper spyware is embedded into your system, the more difficult it is to remove, short of a complete system rebuild, which can take hours.
[eminimall]
Note: When you install Windows XP, the Setup Wizard assigns administrative rights to all local accounts.
Now, you might tell yourself you already knowall of this; but, in your organization, you’re forced to allow users to run as a local administrator for any number of reasons. For example, many users (with the backing of management) feel it is vital that they have the ability to install new applications on their desktop. Unfortunately, they’re often right. Doing business on the Web often means having to install a new ActiveX control or other type of application. While not the safest behavior, allowing people to do their jobs is preferable to paying people to sit in a chair doing nothing under the unyielding thumb of IT.
The solution: Windows Vista and User Access Control
Windows Vista’s introduction of User Access Control aims to tame this beast and bring some order back to chaos. Under Vista, when an administrative user logs in to the system, he is granted not one, but two access tokens: an administrative access token and a standard user access token. The standard access token is used to start the user’s desktop. The end result is that the administrator is running a system with more limited rights than he would have received upon login under Windows XP. Until there is a need, the second token — the one with administrative rights — is not used.
This situation takes place, for example, when the administrative user starts a control panel applet and tries to change a setting, Windows Vista’s User Access Control feature pops up a window indicating that permission is necessary to continue. When you choose to allow an administrative action to take place using the administrative token, you are allowing that application to run with elevated privileges. Figure A gives you a look at a typical User Access Control dialog box. If you want to allow the action, press the Continue button.
Figure A