March 09, 2007
New Thing Five for Vista: User Account Control

One of the ways that we enhance security for ISUE computers is to have all computers be part of the IASTATE domain so that users have to log in (using Net-IDs). In addition, user accounts are set so that we are generally running as users rather than as administrators. This means that it's more difficult for malware to infect your computer or for your computer to be compromised by hackers.

It also means that it's somewhat more difficult for you to install software and perform neccessary administrator-level tasks. On Windows 2000 and Windows XP, you have to close out of everything you're working on, log off, and log back in as 'Administrator.'

Windows Vista has significantly improved this aspect with User Account Control. With User Account Control, you can do your regular tasks with limited privilege (meaning you don't have administrative privileges when you're doing your regular work), but you can elevate your privileges when needed to install software, etc. In general, when something requires administrator-level privileges, the system will ask you to provide administrative credentials (username and password for your administrator account) and then proceed with the administrative task without requiring you to log out and in again.

In addition, Windows Vista grants more privileges to regular (non-administrator) accounts in some cases than Windows 2000 or XP. First and foremost (the one I think people will notice first) is the ability to add printers without having to either log in as administrator or provide an administrator password. You can also now change power management settings, create and configure VPN connections, and install critical Windows updates from your regular account without invoking administrator privileges.

security_shield.jpg

Many of the instances where elevated privileges are required will appear with a shield.


Logged in as yourself, you can start the process and the system will request your administrator password when required:


Vista-UAC.jpg

Type in your password and continue.

Sometimes a program running in the background (an update program, for example) will put up a similar window, which says 'An unidentified program needs your permission to continue.' At that point you can either type in your password or cancel (if, for example, the program that wants to run is malware that you don't want on your computer).

Posted by dcoates at March 09, 2007 04:28 PM
Comments
Post a comment
Name:


Email Address:


URL:


Comments:


Remember info?