Microsoft Windows Vista: A review of UAC

A discussion of Windows Vista is almost impossible without some mention of the major changes to its user-level security. Microsoft collectively refers to these changes as User Account Control (UAC), and they've attracted as much controversy as they have praise.

UAC is hardly a magic bullet for security issues in Windows, but Microsoft didn't design it that way. It's intended to be one of several layers of protection around a system, working in tandem with other mechanisms, such as the Windows Firewall (or a third-party firewall system), Windows Defender (or another malware detector) and others. In this article I'll talk about the basics of UAC -- how it works, what the user experience is like and what the common consequences of its existence are.

Stop for the prompt

UAC allows a user to perform administrative actions without forcing him to run with administrative privileges all the time.

In order for this to happen, the following actions are required:

The dialog box is the one part of User Account Control that people will work most directly with. When a box appears, it'll show the name of the application, process or activity that the user is attempting to run. If you're logged in as an admin, you'll see the following Continue | Cancel dialog box:

[IMAGE]

If you're logged in as a regular, non-admin user, you'll be prompted to type in the username and password for an administrator account before you can complete the action.

[IMAGE]

When the UAC pop-ups appear, a couple of things happen behind the scenes. For one, the rest of the screen is rendered inactive and the computer will only respond to the user's direct instructions to either confirm or deny the User Account Control request. In other words, you can't script a UAC confirmation, which would in itself be a security issue.

The only things that can run on the secure desktop

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows Vista security issues, updates and alerts Ten ways to sell security to management Improve Windows security with our top 10 tips Windows Vista management tutorial Minasi says Vista SP1 solves problems, adds new ones Does Vista's strong security make it better than XP? Are Windows Vista's features silencing critics? Managing single sign-on security burdens in Windows Top 10 ways to improve Windows Vista security A Windows security checklist for IT managers Unauthenticated vs. authenticated security testing Windows desktop security tips How Windows 7 stands up to security tests Securing sensitive data on Windows-based laptops Gathering and documenting your Windows desktop security policies Windows desktop security standards documentation best practices Desktop security preparation for a new wave of Windows apps Four Internet Explorer 8 group policy security settings The state of enterprise security and emerging threats in 2009 Why should Windows shops use Microsoft Baseline Security Analyzer? A first look at Windows 7 security enhancements Using Sysinternals tools in security management scenarios

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary drive-by download  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

are processes that are explicitly trusted to run under the system account. That makes it extremely difficult for a program to trick you into running it as administrator. In Microsoft's User Account Control team weblog, there's a post that describes how it might be possible to spoof the look of the UAC screen, but not its behavior.

Know the signs

The more you work with User Account Control, the more familiar it becomes, and the more of a sense you get as to when the UAC prompts come up. UAC confirmations generally appear when you try to do any of the following:

Software installs and system configuration changes most commonly trigger UAC when Vista is first set up. This is something people have complained about -- especially during the beta 1 and beta 2 test phases for Vista -- and Microsoft did its best to roll back both the number of interruptions and the inconvenience involved.

Another thing Microsoft did was place visual cues in Vista to alert you when a given action might cause a UAC prompt. If you see an application icon or a command button that's branded with the four-color "security shield" logo, that means activating that item will require a UAC confirmation. Keep an eye out for them and you'll rarely be caught by surprise.

[IMAGE]

[IMAGE]

For the most part, day-to-day activities -- for instance, launching a program that runs properly as a limited user -- should not generate a UAC prompt. If they do, there's a chance the application itself was not written correctly or was installed in such a way that it is being run from a directory that requires privilege elevation in order to work correctly. (In my own work, I typically go whole days without once encountering a UAC prompt.)

UAC unplugged

Is it possible to disable User Account Control? In a word, yes. UAC can be disabled and just as easily re-enabled from the User Accounts window in the Control Panel. Each time you enable or disable it, you'll need to reboot, as the mechanisms that control UAC can't just be stopped or restarted on the fly.

Some people have taken to shutting off UAC while setting up their systems or installing software and then re-enabling it when they're done. On the surface of it, this isn't a bad idea, since you're sparing yourself the hassle (however minor) of dealing with the UAC prompt. But it's not always a good idea to disable UAC, even if only as an interim measure, for these reasons:

The second reason of those two is, in my opinion, the more important. I had an experience involving a UAC warning like that once, and while the program in question turned out to be relatively benign, it was nice to know that UAC was doing its job and not letting something run administratively without my say-so.

The specific kind of security protection that UAC provides in Vista is, I think, what has confused a lot of people. It's meant to address how privilege elevation is managed in Windows and to provide a mechanism by which people can elevate privileges to the admin level, but only when they're needed. It isn't a catch-all security system and isn't intended to be one -- and so it should be approached in the spirit it was intended. User Account Control is a way to allow administrative actions to be performed without forcing a user to run as admin all the time, which leads to the according security risks.

About the author: Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.