User Account Control Requirements. Agenda Introducing UAC The shield icon UAC manifests Least User Access (LUA) predictor tool Partitioning an application.

Slides:



Advertisements
Similar presentations
IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.
Advertisements

Where Developers Matter Vista Enable Your Applications Fredrik Haglund, Regional Developer Evangelist
Chapter 7 – Managing Windows XP. Control Panel The main tool for configuring your system. Most of the tools to configure the system come with the normal.
Microsoft Dynamics® SL
Lesson 17: Configuring Security Policies
Windows Vista Security model and vulnerabilities.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
CSCD 303 Essential Computer Security Fall 2010 Lecture 4 - Desktop Security Reading:
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Installing Windows XP Professional Using Attended Installation Slide 1 of 41Session 2 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
Installation Requirements. Agenda Installation requirements Installation options Installing to correct folder locations Installing Windows resources Creating.
Using Least Privilege to reduce your security exposure Steve Lamb IT Pro Evangelist Blog:
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Ch 11 Managing System Reliability and Availability 1.
Working with Workgroups and Domains
© Copyright 2009 Microsoft Corporation. Alle Rechte vorbehalten. MSDN Webcasts:
DB2 (Express C Edition) Installation and Using a Database
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 6 Today’s Windows Windows Vista and Windows 7 McGraw-Hill.
1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.
Understanding Code Compilation and Deployment Lesson 4.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.
Week #7 Objectives: Secure Windows 7 Desktop
Windows Vista User Account Control (UAC) and Delphi Fredrik Haglund Developer Evangelist.
CIM6400 CTNW (04/05) 1 CIM6400 CTNW Lesson 6 – More on Windows 2000.
Installation Overview of ArcGIS Pro. The ArcGIS Pro Setup: some basics ArcGIS Pro is independent of ArcGIS for Desktop. The ArcGIS Pro setup is supported.
Module 14: Configuring Server Security Compliance
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Tutorial 121 Creating a New Web Forms Page You will find that creating Web Forms is similar to creating traditional Windows applications in Visual Basic.
Testing Applications on Windows Vista TM Edited By Michael Shaw.
Gorman, Stubbs, & CEP Inc. 1 Introduction to Operating Systems Lesson 4 Microsoft Windows XP.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
CSAS 2009 Running Windows as a Non- Administrator or how I learned to love “User” By: Kasey Dennler.
Scalable Game Development William Roberts Senior Game Engineer
DIT314 ~ Client Operating System & Administration CHAPTER 5 MANAGING USER ACCOUNTS AND GROUPS Prepared By : Suraya Alias.
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
VistA Imaging Capture via Scanning. October VistA Imaging Capture via Scanning The information in this documentation includes only new and updated.
Few Changes: Most software that runs on Windows Vista will run on Windows 7 - exceptions will be low level code (AV, Firewall, Imaging, etc). Hardware.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Module 6: Configuring User Environments Using Group Policy.
11 SUPPORTING APPLICATIONS IN WINDOWS XP PROFESSIONAL Chapter 9.
Compatibility and Interoperability Requirements
SQL Server Windows Vista TM & Windows Server Longhorn Brad Sarsfield Test Lead, SQL Server.
Getting Ready for Windows Vista ® Chuck Walbourn SDE, Game Technology Group.
VistA Imaging Workstation Configuration. October The information in this documentation includes functionality of the software after the installation.
Module 3 Configuring File Access and Printers on Windows 7 Clients.
Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.
1 Getting Started with C++. 2 Objective You will be able to create, compile, and run a very simple C++ program on Windows, using Visual Studio 2008.
Ch 17 Securing the File System. Three Ways to Protect Files NTFS Permissions Encrypting File Service BitLocker full-disk encryption – BitLocker ToGo.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Security Summit West 2004 Redmond, WA Darren Canavor Longhorn Security.
VISTA Brief. What you see first The new Start Menu Note the search dialog at the bottom left Note at the bottom right how to enter sleep mode, lock the.
Windows Vista: User Account Protection Securing Your Application with Least Privilege User Account Steve Hiskey FUN 406 Lead Program Manager, SBTU - Security.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
> > >> < <
Pat Altimore Sr. Consultant Microsoft Corporation SESSION CODE: WCL321.
Module 6: Configuring User Environments Using Group Policies.
Windows Vista Platform for the next generation of software.
Unit 9 ITT TECHNICAL INSTITUTE NT1330 Client-Server Networking II Date: 2/17/2016 Instructor: Williams Obinkyereh.
Windows Vista Configuration MCTS : User Account Security.
Unit 9 NT1330 Client-Server Networking II Date: 8/9/2016
Bethesda Cybersecurity Club
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
User Account Control in Windows Vista
Presentation transcript:

User Account Control Requirements

Agenda Introducing UAC The shield icon UAC manifests Least User Access (LUA) predictor tool Partitioning an application UAC test cases

Introducing UAC Silent installation of malicious software Compromised machine = lost productivity Some line of business (LOB) applications require elevated privileges Common configuration tasks require elevated privileges Reduced total cost of ownership (TOC) with standard user desktop UAC facilitates use of standard user

UAC Features By default, applications run as standard user Reduction of attack surface No need for dual accounts for administrative users Process separation Seamless transition –Eliminate unnecessary elevation –Be predictable –Require minimal effort –Revert to least privileges

UAC Architecture Standard User Rights Administrator Rights Administrator logon “Standard User” Token Administrator Token User Process Change Time ZoneChange Time Zone Run IT-Approved ApplicationsRun IT-Approved Applications Install FontsInstall Fonts Install PrintersInstall Printers Run MSN MessengerRun MSN Messenger Admin Process Install Application Admin Process Configure IIS Admin Process Change Time Standard User Mode Split Token Administrator Privileges Administrator Privilege Standard User Privilege Administrator Privilege Abby Token

Agenda Introducing UAC The shield icon UAC manifests LUA predictor tool Partitioning an application UAC test cases

The Shield Icon Make applications run without elevation –Ensure standard users can be fully productive –After installation administrative intervention NOT required Clearly identify administrative tasks –Consistently use shield icon –Allow users to predict elevation requirement –Displayed if UAC disabled –Only one state –Does not retain state

UAC in Action

Agenda Introducing UAC The shield icon UAC manifests LUA predictor tool Partitioning an application UAC test cases

UAC Manifest Allows operating system to identify application context Embeds in application manifest Legacy code still runs –Nonmanifested code can run with administrator privileges An extension to existing manifest schema

Manifest Requirement To meet the UAC requirement, every executable (with an.exe extension) included with an application must have an embedded manifest. <requestedExecutionLevel level="asInvoker| highestAvailable| requireAdministrator" />

Creating an Embedded Manifest with Visual Studio 7 Automatically embed manifest in PE Create manifest in text editor Same name as target.exe With.manifest extension Set requestedExecutionLevel

Building Manifests Within C/C++ Code Attach manifest to executable –Add to resource file –Put manifest in source code directory –Rebuild application

Building Manifests for Applications Built on the.NET Framework Post-build step MT tool Add contents of manifest file into PE

Embedding Manifests with Command-Line Compilation Include manifest in PE image from command line Command-line switches –/win32res (VB/C#/J#) C# –Post-build step –Call mt.exe –Point to manifest file

Creating and Embedding UAC Manifests

Agenda Introducing UAC The shield icon UAC manifests LUA predictor tool Partitioning an application UAC test cases

Using the LUA Privilege Predictor Tool Run application as nonadministrator Bug-fixing labor-intensive Least User Access (LUA) Predict privilege problems Diagnose privilege problems

Agenda Introducing UAC The shield icon UAC manifests LUA predictor tool Partitioning an application UAC test cases

Separation of Administrator Code Elevated privileges for certain tasks Launch separate process ShellExecute or Create an administrator COM object to perform elevated task –Use the COM elevation moniker

Agenda Introducing UAC The shield icon UAC manifests LUA predictor tool Partitioning an application UAC test cases

UAC Test Cases Verify that all of the application’s executables contain an embedded manifest that define its execution level Verify that least-privilege users cannot modify other users’ documents or files Verify that least-privilege user is not able to save files to the Windows System directory

Summary Introducing UAC The shield icon UAC manifests LUA predictor tool Partitioning an application UAC test cases

Professional Developers Conference 2005: /content/downloads.aspx (search for FUN406) /content/downloads.aspx Windows Vista security: /security/ /security/ Getting Started with User Account Control on Windows Vista Beta 1: /windowsvista/evaluate/feat/uaprot.mspx /windowsvista/evaluate/feat/uaprot.mspx Developer Best Practices and Guidelines for Applications in a Least Privileged Environment: /default.asp?url=/library /en-us/dnlong/html/AccProtVista.asp /default.asp?url=/library /en-us/dnlong/html/AccProtVista.asp UACBlog: Additional Resources

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.