Chapter 9: Protecting User Accounts and Using Parental Controls 131
■ Standard users Standard users run applications with a user account and are members
of the Users group. When a user starts an application, her access token and its
associated privileges are applied to the application at run time. This means that an
application started by a member of the Users group runs with the rights and privileges
of a standard user.
In Windows Vista, many common tasks can be performed with a standard user account, and
users should log on using accounts with standard user privileges. Whenever a user attempts
to perform a task that requires administrator permissions, the user sees a Windows Security
dialog box containing a warning prompt. The way the prompt works depends on whether
the user is logged on with an administrator account or a standard user account:
■ Users with administrator permissions are asked for confirmation.
■ Users with standard accounts are asked to provide a password for an administrator
account.
Administrator users run as standard users until an application or system component that
requires administrative credentials requests permission to run. Windows Vista determines
whether a user needs elevated permissions to run a program by supplying most applications
and processes with a security token. Windows Vista uses the token as follows:
■ If an application or process has an “administrator” token, elevated privileges are
required to run the application or process, and Windows Vista will prompt the user for
permission confirmation prior to running the application.
■ If an application or process has a “standard” token or an application cannot be
identified as an administrator application, elevated privileges are not required to run the
application or process, and Windows Vista will start it as a standard application by default.
By requiring that all users run in standard user mode and by limiting administrator-level
access to authorized processes, UAC reduces the exposure and attack surface of the
operating system. The process of getting an administrator or standard user’s approval
prior to running an application in administrator mode and prior to performing actions that
change system-wide settings is known as elevation, and this feature is known as Admin
Approval Mode. Elevation enhances security and reduces the impact of malicious software by:
■ Ensuring that users are notified when they are about to perform an action that could
impact system settings, such as installing an application.
■ Eliminating the ability for malicious software to invoke administrator privileges without
a user’s knowledge.
■ Preventing users, and the applications they are running, from making unauthorized or
accidental system-wide changes to operating system settings.
■ Protecting administrator applications from attacks by standard applications and
processes.
C09622841.fm Page 131 Wednesday, May 17, 2006 9:26 AM
To Next Page
Loading...
