User Account Control

Discuss file security related questions and solutions
Post a reply

User Account Control

Postby admin » Thu Mar 26, 2020 2:00 pm

User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.

UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by double-clicking a shortcut) also run with the standard set of user permissions. Many apps, including those that are included with the operating system itself, are designed to work properly in this way.

Other apps, especially those that were not specifically designed with security settings in mind, often require additional permissions to run successfully. These types of apps are referred to as legacy apps. Additionally, actions such as installing new software and making configuration changes to the Windows Firewall, require more permissions than what is available to a standard user account.

When an app needs to run with more than standard user rights, UAC can restore additional user groups to the token. This enables the user to have explicit control of apps that are making system level changes to their computer or device.

Practical applications
Admin Approval Mode in UAC helps prevent malware from silently installing without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.

In this section
TABLE 1
Topic Description
How User Account Control works User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
User Account Control security policy settings You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy.
User Account Control Group Policy and registry key settings Here's a list of UAC
admin
Site Admin
 
Posts: 164
Joined: Thu Sep 16, 2010 6:03 am
Top
Post a reply

Return to File Security Solutions

Who is online

Users browsing this forum: No registered users and 1 guest

ABOUT US

We specialize in file system filter driver development. We architect, implement and test file system filter drivers for a wide range of functionalities. We can offer several levels of assistance to meet your specific needs.

QUICK LINKS

CONTACT US

Administration Control Panel

cron