Why there is UAC ?
I will be talking today about User Account Control UAC as most IT professionals don’t know the direct benefit of UAC.
The most basic element and direct benefit of UAC’s technology is to make users run as standard users instead of administrator users, simply making Windows more standard-user friendly. UAC is not a malware protection mechanism like most people think it is.
before UAC, in Windows XP, changing the time zone –actually even looking a the time zone with the time/date control panel applet- requires administrative rights.That is because Windows XP doesn’t differentiate between changing the time, which is a security sensitive operation,from changing the time zone, which merely affects the way that time is displayed.
In Windows 7,changing the time zone isn’t an administrative operation and the time/date control panel applet separates administrative operation from the standard user operations.Windows 7 goes further , making things like refreshing the system’s IP address, using Windows Update to install optional updates and driver, changing the display DPI, and viewing the current firewall settings accessible to standard users.
When UAC is enabled, all user accounts-including the administrative accounts- run with standard user rights. When you log to your machine using an administrative account, you will be given two access tokens ( standard token, and admin token). You will be using the standard token until you need to perform an action that requires administrative privilege. This is when elevation happens and you start using your admin token.
This also means that application developers must consider the fact that their software wont have administrative rights by default.This should remind them to design their application to work with standard user rights.If the application or parts of its functionality require administrative rights,it can leverage the elevation mechanism to enable the user to unlock that functionality.
Finally, elevation prompts also provide the benefit that they “notify” the user when software wants to make changes to the system and it gives the user an opportunity to prevent it.Many people believe that this elevation prompts or consent prompts look and smell like a security feature and that they can prevent malware from gaining administrative rights. This is not true.
Why Secure Desktop ? As we have stated,the primary purpose of elevation is not security, it is convenience. If users had to switch accounts to perform administrative operations, either by logging into or Fast User Switching to an administrative account, most users would switch once and not switch back.
The main reason for the switch to different secure desktop for the prompt is that standard user software cannot spoof the elevation prompt.The alternate desktop is called a “secure desktop”, because it is owned by the system rather than the user.
What’s different in Windows 7
Users (mainly IT people) can now execute more tasks with less number of prompts ! This is done by introducing two new UAC operating modes that are selectable in a new UAC configuration dialog.
The default level will prompt the user only when a non-Windows executable asks for elevation.This means you can do most of your management tasks with elevation prompts !
The next slider position down is the second new settings and has the same label except (d not dim my desktop) appended to it. The only difference between that and the default mode is that prompts happen on the user’s desktop rather than on the secure desktop.
The bottom slider position turns off UAC technologies altogether and the last setting (Always Notify) whish is the selection at the top of the slider, is identical to the Vista UAC mode, which will always prompt for elevation.