User accounts are handy things: they let you share a computer with others while providing each of you with privacy and the ability to customise the way Windows works.
In Windows XP, every account created during the initial setup is given administrator status and, as you are encouraged to make an account for each user of the system, that leads to a herd of administrators running rampant.
Under XP, administrators get to do anything they like, a powerful position indeed, and one which hackers are happy to take advantage of. You see, programs run with all the privileges of the currently logged on user, so on a compromised computer with an administrator logged in, malicious code gets to have its way with the system.
Vista doesn’t work like this. When you install Vista, you’re asked to create a single user account. Although this is an administrator account, it does not have the unfettered administrator privileges offered by XP. On Vista, administrators are subject to certain controls and the operating system runs in a special mode called Admin Approval Mode (AAM).
The only other type of account available in Vista is a standard account.
Both users with standard accounts and administrators running in the default AAM are able to perform many everyday tasks without hindrance. You can:
- Run programs
- use Windows Update
- alter time zone, date and power management settings
- install WEP (Wired Equivalency Protocol) security for a wireless network
- add a printer or other device whose driver is already installed on the computer
and several other low-risk tasks.
Credentialing
Other, riskier tasks—installing applications, configuring parental controls or firewall settings, installing a device driver, and so on—require administrator privileges. If you attempt to perform such a task, a User Account Control (UAC) dialog box appears requiring consent before you can proceed. When a UAC dialog appears, it freezes your computer temporarily: you must respond to it before you can proceed.
If you’re logged on as an administrator, the only consent needed is for you to click the Continue button; if you’re logged on as a standard user, a different dialog box appears, requiring you to supply an administrator password before you can continue.
Over-the-shoulder mode provides additional security on standard accounts.
Microsoft calls this OTS (Over The Shoulder) Credentialing. The idea is that when you encounter such a dialog you call your administrator over (whether that’s a member of your family or a system administrator in your organisation), they type in their password and click Submit, and off you go.
Become an Administrator
There are a couple of benefits to this system:
- OTS Credentialling renders standard accounts perfect for children and for organisations which want to lock down their PCs and prevent employees from making changes that could cause problems.
- AAM reduces the need for home users to use a standard account. Even when you’re logged on as an administrator, programs run in what’s known as least privilege mode and you must actively give your consent before a program can run with elevated privileges. So even if you use an administrator account, your computer is well protected. Contrast this with XP where, if you are logged on as an administrator, all programs run with administrator privileges and hence have free run of the system. That’s one of the things that makes XP vulnerable to many attacks.
Chances are you’ve probably been using an administrator account on XP without realising the risks. Now, with Vista you can go ahead and use an administrator account and know that User Account Control will step in to help prevent you from doing something dangerous.
Configure advanced UAC options via the Security Policy editor, secpol.msc. (Click the image to see a full-sized screenshot.)
Of course, UAC can’t entirely stop you from doing something stupid, but the UAC dialogs are jarring enough that they’ll make you think twice, and they will also alert you to malware which attempts to make changes to your system by stealth.
Disabling UAC
During Vista’s development, many beta testers gnashed their teeth over UAC. In its initial incarnation it really was a pain: UAC dialogs popped up endlessly and for seemingly innocuous tasks.
The testers’ howling brought a response: Microsoft dialled back the number of UAC prompts and made the process smoother. It also did something strange: it provided a very easy way to disable UAC altogether:
- Click Start and click your log-on account picture.
- Click Turn User Account Control On Or Off and respond to the UAC dialog.
- Remove the tick beside Use User Account Control To Help Protect Your Computer and click OK.
You can do it, but unless you have a really good reason to do so, it’s a bad idea.
If you’re running Vista on a computer that’s never connected to the Internet, it’s probably pretty safe to switch off UAC; if you’re turning it off just because you hate the prompts, think twice. When you’re first setting up your system, the UAC prompts will seem excessive simply because you have to install many programs and change a bunch of system settings to get your PC configured perfectly. But once you’ve done that, you’ll find UAC fades into the background most of the time. It’s almost always worth keeping it active.
© 2007 Rose Vines
Support geekgirl'sDo you find the tutorials on this site useful? If so, please show your support by kicking in a few bucks to sponsor an orphanage for Afghan refugees. For a small amount, it is possible to make a difference in an area of the world which is hurting badly. |
|
|
| Want to know more? Read this post on my blog. |
| top | home |