Windows 7 User Access Control From Internet Sources Page 1 of 9
Inside Windows 7 User Account Control Mark Russinovich
Standard user accounts provide for better security and lower total cost of ownership in both
home and corporate environments. When users run with standard user rights instead of
administrative rights, the security configuration of the system, including antivirus and firewall, is
protected. This provides users a secure area that can protect their account and the rest of the
system. For enterprise deployments, the policies set by desktop IT managers cannot be
overridden, and on a shared family computer, different user accounts are protected from changes
made by other accounts.
However, Windows has had a long history of users running with administrative rights. As a
result, software has often been developed to run in administrative accounts and take
dependencies, often unintentionally, on administrative rights. To both enable more software to
run with standard user rights and to help developers write applications that run correctly with
standard user rights, Windows Vista introduced User Account Control (UAC). UAC is a
collection of technologies that include file system and registry virtualization, the Protected
Administrator (PA) account, UAC elevation prompts, and Windows Integrity levels that support
these goals. I've talked about these in detail in my conference presentations
and TechNet
MagazineUAC internals
article.
Windows 7 carries forward UAC's goals with the underlying technologies relatively unchanged.
However, it does introduce two new modes that UAC's PA account can operate with and an auto-
elevation mechanism for some built-in Windows components. In this post, I'll cover the
motivations behind UAC's technologies, revisit the relationship between UAC and security
,
describe the two new modes, and explain how exactly auto-elevation works. Note that the
information in this post reflects the behavior of the Windows 7 release candidate, which is
different in several ways from the beta.
UAC Technologies
The most basic element and direct benefit of UAC's technology is simply making Windows more
standard-user friendly. The showcase example is the difference between the privilege
requirements of setting the time zone on Windows XP and Windows Vista. On Windows XP,
changing the time zone—actually, even looking at the time zone with the time/date control panel
applet—requires administrative rights.
That's because Windows XP doesn't differentiate between changing the time, which is a security-
sensitive system operation, from changing the time zone, which merely affects the way that time
is displayed. In Windows Vista (and Windows 7), changing the time zone isn't an administrative
operation and the time/date control panel applet separates administrative operations from the
standard user operations. This change alone enables many enterprises to configure traveling
users with standard user accounts, because users can adjust the time zone to reflect their current
location. Windows 7 goes further, making things like refreshing the system's IP address, using
Windows Update to install optional updates and drivers, changing the display DPI, and viewing
the current firewall settings accessible to standard users.
File system and registry virtualization work behind the scenes to help many applications that
inadvertently use administrative rights to run correctly without them. The most common
unnecessary uses of administrative rights are the storage of application settings or user data in