Windows Vista User Account Control
User Account Control(UAC) is a Windows security module introduced first by Microsoft's Windows Vista. Lately come with Windows 7, Windows Server 2008, and Windows Server 2008 R2 operating systems. Its goal is to improve the security of Microsoft Windows by restraining applications access to standard user. So applications only trusted by the user may receive administrative rights, operating system can easily be protected from malware. User Interface Privilege Isolation is used in combination with User Account Control to isolate lower-privilege applications communicating from higher-privilege processes.
An outstanding example is Internet Explorer 7's "Protected Mode" uses UAC to run with a low integrity level. UAC has a number of manageable settings. It is possible to require administrators to re-enter their password for improved security. Administrators are able to disable Admin Approval Mode (UAC prompts for administrators) entirely. It also possible to demand the user to press Ctrl+Alt+Del as a part of the authentication process for enhanced security.
Developers today countenance a daunting job of enforcing desktop consistency. This challenge is intensified since most of the users run as local administrators on their PC. As a local administrator, they can install & uninstall programs and regulate system setting and security settings. As a result, developers cannot measure the holistic fitness and security of their surroundings. Also the application that these users launch can be able for accessing to write to system files and the registry and to change system-wide data. Regular tasks like browsing and checking e-mail can become unsafe in this state of affairs. In addition, all of these fundamentals increase an organization’s total cost of ownership (TCO).
For this reason, Microsoft began researching how to form running as a standard user easier for everyone. The Windows Vista development team decides to change and redesign the way that the Windows core security communications and applications interact. User Account Control (UAC) was the outcome of this redesign process which enhances the security of Windows greatly. The Windows Vista development team work with Microsoft software developers and third-party software developers and took a dual approach:
- To get rid of needless requests for too much administrative-level access to Windows resources.
- Primarily changes the method applications run by standard users cooperate with the operating system by enabling way into control security rule.
UAC is thus a very important hub of Windows Vista and an essential component of Microsoft’s overall security state. Lists of the tasks which UAC carry out and require administrator privileges to access are listed here.
- Running an Application as an Administrator
- Change system settings
- Modify files in ‘System Root’ or ‘Program Files’
- Install and uninstall applications as well as device drivers.
- Install ActiveX controls
- Change Firewall & UAC settings
- Configure Windows Update & Parental Controls.
- Add or remove user accounts
- Change a user’s account type
- View & change another user’s folders and files
- Run Task Scheduler, Disk Defragmenter, and System Restore
Note: Windows Vista protects ‘systemroot’ files and folders and Administrators can read system files and folders but cannot write on them.