6 User Account Control Windows Vista Policies

This weeks BLOG will examine the 6 User Account Control (UAC) security policies that will be exposed in Windows Vista Beta2. For each policy a brief summary of the configuration options and expected defaults for the home and enterprise desktops are provided.

User type Taxonomy:
1) Standard User: member of the “users” group
2) Consent Admin: member of the “local administrators” group, who logs on with a “filtered” standard user but has the potential to elevate privilege to administrator.
-- Note: There are 14 different types of “Consent Admins” ranging from local administrator to restore operator.

The following is a screen shot of the Windows Vista Beta 2 UAC policies which are located in the Local Security Settings Microsoft Management Console (secpol.msc):

1) User Account Control: Behavior of the elevation prompt for administrators
2) User Account Control: Behavior of the elevation prompt for standard users
3) User Account Control: Elevate on application installs
4) User Account Control: Run all users, including administrators, as standard users
5) User Account Control: Validate signatures of executables that require elevation
6) User Account Control: Virtualize file and registry write failures to per-user locations

1) User Account Control: Behavior of the elevation prompt for administrators

Configuration options:

 

Prompt for consent: Default (home and enterprise): An operation that requires elevation of privilege will prompt the Consent Admin to select either “Permit” or “Deny”. If the Consent admin selects Permit the operation will continue with their highest available privilege. “Prompt for consent” removes the inconvenience of requiring that users enter their name and password to perform a privilege task.

Prompt for credentials: An operation that requires elevation of privilege will prompt the Consent Admin to enter their user name and password. If the user enters valid credentials the operation will continue with the applicable privilege.

No Prompt: This option allows the Consent Admin to perform an operation that requires elevation without consent or credentials. Note: this scenario should only be used in the most constrained environments -we will be blogging on this in the future.

 

2) User Account Control: Behavior of the elevation prompt for standard user

Configuration options:

Prompt for credentials: Default (home): An operation that requires elevation of privilege will prompt the user to enter an administrative user name and password. If the user enters valid credentials the operation will continue with the applicable privilege.

No Prompt (Default for enterprise): This option results in an “access denied” error message being returned to the standard user when they try to perform an operation that requires elevation of privilege. Most enterprises running desktops as standard user will configure the “No prompt” policy to reduce help desk calls.

3) User Account Control: Elevate on application installs

Configuration options:

Enabled: Default (home): Application installation packages that require an elevation of privilege to install will be heuristically detected and trigger the configured elevation prompt UX.

Disabled: (Default for enterprise): Enterprises running standard users desktops that leverage delegated installation technologies like Group Policy Software Install (GPSI) or SMS will disable this feature. In this case, installer detection is unnecessary and thus not required.

 

4) User Account Control: Run all users, including administrators, as standard users

Configuration options:

Enabled: Default (home and enterprise): This policy enables the “Consent Admin” user type while also enabling all other UAC policies. Changing this setting requires a system reboot.

Disabled: Disabling this policy disables the “Consent Admin” user type. Note: The security center will also notify that the overall security of the operating system has been reduced and gives the user the ability to self enable.

5) User Account Control: Validate signatures of executables that require elevation

Configuration options:

      

Disabled: Default (home and enterprise): This policy is disabled by default. Note: we will be blogging on this in the future.

Enabled: This policy will enforce PKI signature checks on any interactive application that requests elevation of privilege. Enterprise administrators can control the admin application allowed list thru the population of certificates in the local computers Trusted Publisher Store.

 

6) User Account Control: Virtualize file and registry write failures to per-user locations

Configuration options:

      

Enabled: Default (home and enterprise): This policy enables the redirection of legacy application write failures to defined locations in both the registry and file system. This feature mitigates those applications that historically ran as administrator and wrote runtime application data back to either %ProgramFiles%, %Windir%; %Windir%\system32 or HKLM\Software\....

Disabled: Virtualization facilitates the running of pre-Vista (legacy) applications that historically failed to run as Standard User. An administrator running only Windows Vista compliant applications may choose to disable this feature as it is unnecessary.