Overview of UAC What's Up with Windows Server 2008's User Account Control By Guy Thomas August 10, 2011 7:00 PM Tags : Servers Windows Administration Security Hardware & Software Domain Computers Dialog Extension Windows System Administration Windows Server How To Microsoft Start Menu Radio Customization Taskbar Policy Design Configuration Display Expand Windows Server 2008 Table Of Contents 1. Disabling User Account Control 2. An Alternative 3. Overview of UAC 4. Evolution of Windows Server 2008 User Account Control 3. Overview of UAC Windows Server 2008s User Account Control (UAC) enables you to wear two 'hats'. Firstly, when you logon as an administrator, you can run applications such as Outlook, but in the context of an ordinary user. Secondly, whenever you need to put on your Administrator's hat, UAC prompts you the necessary rights, all you have to do is click 'Continue' and receive permission to complete that one task. An Example of User Account Control (UAC) Let us consider this situation, you needed to install a driver, Windows Server 2008 presents you with a dialog box. After reading the UAC menu, you click: 'Continue' and thus receive elevated rights for the duration of the task. The key concept is you don't have to logoff and logon as an administrator. Instead Windows Server 2008 just switches tokens, performs the named task, and then returns you to normal user status. As an example of UAC in action, let us assume that you wish to check the new System Restore settings. You launch the System Icon, (Windows Key and Pause / Break) then you click on 'System Protection' and up pops a Windows Security box - even if you are the Administrator. To gain the elevated rights needed to complete your mission, just click the 'Continue' button. See screen shot below. A good habit to cultivate is always to check that the program specified in the central band, is the program you intended; in this case, 'Change Computer Settings'. Beware that if you are connected to the internet, then sites may have rogue programs that mimic this menu and trick you into installing Spyware. Microsoft's New Security Philosophy UAC is a central plank in Microsoft's new security fortress. As with so much of Windows Server 2008, Microsoft have redesigned what an ordinary user, or a base-level user can do. Surprisingly, some security settings have been loosened; if a task does not pose a security threat then Windows Server 2008 lets an ordinary user perform that task. For example, in Windows Server 2008 users can now alter the Keyboard, mouse or adjust the Power Settings. As a consequence, this increases the range of activities for a user, and reduce the number of tasks that require Administrative rights, and consequently the need to display the UAC 'Continue' dialog box. Naturally if you feel that certain users are getting too much power, then you can clip their wings with Group Policies, which are now increased from 1,500 in XP to 3,000 in Windows Server 2008. Incidentally, Microsoft use this User Accounts Control system to underpin the Parental Controls on the Home editions of Windows Server 2008. How User Account Control (UAC) works If you are familiar with concept of Kerberos in Windows Server 2003, you may already know that once a user logs on successfully, the operating system supplies them with a security token. That token has their privileges and group membership. The whole idea is that the user does not have to keep typing in their password every time they need to open a file or print. User Account Control extends this idea by supplying what some call a split token and other call two tokens. What ever the semantics, the idea is that to perform jobs such as checking their email or updating their spreadsheets, the Administrator relies on the lesser token, the one with minimal rights. Suppose that same user account now needs to carry out a higher level administrative task, for example, changing a DNS record or amending a DHCP scope option; at this point they need to switch to the other full token, known as Administrator Approval Mode. Thanks to User Account Control, a menu appears with a shield symbol and the clicks 'Continue', job done, no need to logoff as a user and the logon as the administrator. User Account Control - Under the Covers Imagine a user launching a snap-in from the MMC. The Windows Windows Server 2008 shell calls CreateProcess, which then queries the application to see whether it requires elevated privilegesIf the application does not require elevated privilege the process is created through NtCreateProcess - end of story. However, let us assume that the snap-in requires elevated privilege, in this instance CreateProcess, returns an error to ShellExecute. Next, ShellExecute calls Application Information Service (AIS) and now initiates an elevated launch. AIS then prompts the user for a password through the Consent User Interface. ShellExecute now tries again, but this time uses the full token to launch the application on the client's Windows Server 2008 machine. Previous Next 3. Overview of UAC1. Disabling User Account Control2. An Alternative3. Overview of UAC4. Evolution of Windows Server 2008 User Account Control Comment on this article ... Comment(s)| Comments