Most administrators have had to wrestle with the
balance between security and enabling applications to run correctly. In
the past, some applications simply would not run correctly under Windows
unless the user running the application was a local administrator.
Unfortunately, granting
local administrator permissions to a user also allows the user to
install software and hardware, change configuration settings, modify
local user accounts, and delete critical files. Even more troubling is
the fact that malware that infects a computer while an administrator is
logged in is also able to perform those same functions.
Limited user accounts in
Windows XP were supposed to allow applications to run correctly and
allow users to perform necessary tasks. However, in practical
application, it did not work as advertised. Many applications require
that users have permissions to write to protected folders and to the
Registry, and limited user accounts did not allow users to do so.
Windows 7's answer to the
problem is User Account Control (UAC). UAC enables non-administrator
users to perform standard tasks, such as install a printer, configure a
VPN or wireless connection, and install updates, while preventing them
from performing tasks that require administrative privileges, such as
installing applications.
1. Managing Privilege Elevation
UAC protects
computers by requiring privilege elevation for all users, even users who
are members of the local Administrators group. As you have no doubt
seen by now, UAC will prompt you for permission when performing a task
that requires privilege elevation. This prevents malware from silently
launching processes without your knowledge.
Privilege elevation is
required for any feature that contains the four-color security shield.
For example, the small shield shown on the Change Date And Time button
in the Date And Time dialog box in Figure 6.17 indicates an action that requires privilege elevation.
Now let's take a look at how to elevate privileges for users.
1.1. Elevated Privileges for Users
By default, local
administrators are logged on as standard users. When administrators
attempt to perform a task that requires privilege escalation, they are
prompted for confirmation by default. This can require administrators to
authenticate when performing a task that requires privilege escalation
by changing the User Account Control: Behavior Of The Elevation Prompt
For Administrators In Admin Approval Mode policy setting to Prompt For
Credentials. On the other hand, if you don't want UAC to prompt
administrators for confirmation when elevating privileges, you can
change the policy setting to Elevate Without Prompting.
Non-administrator
accounts are called standard users. When standard users attempt to
perform a task that requires privilege elevation, they are prompted for a
password of a user account that has administrative privileges. You
cannot configure UAC to automatically allow standard users to perform
administrative tasks, nor can you configure UAC to prompt a standard
user for confirmation before performing administrative tasks. If you do
not want standard users to be prompted for credentials when attempting
to perform administrative tasks, you can automatically deny elevation
requests by changing the User Account Control: Behavior Of The Elevarion
Prompt For Standard Users policy setting to Automatically Deny
Elevation Requests.
The built-in Administrator
account, though disabled by default, is not affected by UAC. UAC will
not prompt the Administrator account for elevation of privileges. Thus,
it is important to use a normal user account whenever possible and use
the built-in Administrator account only when absolutely necessary.
Complete the following exercise to see how UAC affects administrator and non-administrator accounts differently.
Log on to Windows 7 as a non-administrator account. Select Start => Control Panel => Large Icons View => Windows Firewall. Click
the Turn Windows Firewall On Or Off link on the left side. The UAC box
should prompt you for permission to continue. Click Yes. You should not
be allowed access to the Windows Firewall Settings dialog box.
Log off and log on as the Administrator account. Select Start => Control Panel => Large Icons View => Windows Firewall. Click the Turn Windows Firewall On Or Off link. You should automatically go to the Windows Firewall screen. Close the Windows Firewall screen.
|
Let's now take a look at elevating privileges for executable applications.
1.2. Elevated Privileges for Executables
You can also enable an
executable file to run with elevated privileges. To do so, on a onetime
basis, you can right-click a shortcut or executable and select Run As
Administrator.
But what if you need to
configure an application to always run with elevated privileges for a
user? To do so, log in as an administrator, right-click a shortcut or
executable, and select Properties. On the Compatibility tab, check the
Run This Program As An Administrator check box. If the Run This Program
As An Administrator check box is unavailable, the program is blocked
from permanently running as an administrator, the program doesn't need
administrative privileges, or you are not logged on as an administrator.
Many applications that are
installed on a Windows 7 machine need to have access to the Registry.
Windows 7 protects the Registry from non-administrator accounts. Let's
take a look at how this works.
2. Registry and File Virtualization
Windows 7 uses a feature
called Registry and File Virtualization to enable non-administrator
users to run applications that previously required administrative
privileges to run correctly. As discussed earlier, some applications
write to the Registry and to protected folders, such as C:\Windows and
C:\Program Files. For non-administrator users, Windows 7 redirects any
attempts to write to protected locations to a per-user location. By
doing so, Windows 7 enables users to use the application successfully
while it protects critical areas of the system.
Next we will look at other areas of security.
