Presentation is loading. Please wait.

Presentation is loading. Please wait.

Raiders of the Elevated Token: Understanding User Account Control and Session Isolation Raymond P.L. Comvalius Independent IT Infrastructure Architect.

Published byDoris Mosley Modified over 9 years ago

Similar presentations

Presentation on theme: "Raiders of the Elevated Token: Understanding User Account Control and Session Isolation Raymond P.L. Comvalius Independent IT Infrastructure Architect."— Presentation transcript:

1 Raiders of the Elevated Token: Understanding User Account Control and Session Isolation Raymond P.L. Comvalius Independent IT Infrastructure Architect NEXTXPERT WCL325

2 @nextxpert

3

4

5 The Administrator The account named ‘administrator’ An Administrator Your name with administrator privileges Protected Administrator AKA: ‘Administrator in Admin Approval Mode’ Standard User Your name without administrator privileges

6 Administrators Backup Operators Power Users Network Configuration Operators Cryptographic Operators Domain Admins Schema Admins Enterprise Admins Group Policy Creator Owners Domain Controllers Enterprise Read-Only Domain Controllers Account Operators Print Operators Server Operators RAS Servers Pre-Windows 2000 Compatible Access Remove all except: Bypass traverse checking Shutdown the System Remove computer from Docking station Increase a process working set Change the Time zone

7 With or without administrative privileges Analyzing the User Token Demo

8

9

10

11 Configuring UAC Demo

12

13

14 SystemHigh Medium (Default) Low Services AdministratorsStandard Users IE Protected Mode

15 Integrity Level: Medium (Restricted Token) Integrity Level: High (Elevated Token)

16 Internet Explorer 8 Internet Explorer 9/10

17 iexplore.exe (management process) iexplore.exe (content process) Protected-mode Broker Object UI Frame Favorites Bar Command Bar Browser Helper Objects ActiveX Controls Toolbar Extensions Browser Helper Objects ActiveX Controls Toolbar Extensions

18 Integrity Levels Demo

19

20

21 File & Registry Virtualization Demo

22

23

24

25

26 File Names & Manifests Demo

27

28 Compatibility Settings Demo

29

30

31 Session 0 Isolation Demo

32

33 DD D Kernel Drivers D D User-mode Drivers D DD Service 1 Service 2 Service 3 Service … Service … Service A Service B

34

35

36 Concluding

37

38 WCL301: Case of the Unexplained 2012 www.microsoft.com/springboard www.nextxpert.com Find Me Later At the Technical Learning Center WCL402: App Compat for Nerds

39 Resources for Developers http://msdn.microsoft.com/en-us/windows/apps http://msdn.microsoft.com/en-us/windows/apps Windows 8 is ready for Business http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/windows-8/default.aspx http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/windows-8/default.aspx Microsoft Desktop Optimization Pack: www.microsoft.com/MDOP www.microsoft.com/MDOP Microsoft Desktop Virtualization: www.microsoft.com/dv www.microsoft.com/dv

40

41 Download http://windows.microsoft.com/en-US/windows-8/release-preview Download the Windows 8 Release Preview Today

42 Connect. Share. Discuss. http://northamerica.msteched.com Learning Microsoft Certification & Training Resources www.microsoft.com/learning TechNet Resources for IT Professionals http://microsoft.com/technet Resources for Developers http://microsoft.com/msdn

43 Required Slide Complete an evaluation on CommNet and enter to win!

44

45

46

Download ppt "Raiders of the Elevated Token: Understanding User Account Control and Session Isolation Raymond P.L. Comvalius Independent IT Infrastructure Architect."

Similar presentations

IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.

IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.
Bring Your Own Device Demo Maak een Windows to Go stick.

Bring Your Own Device Demo Maak een Windows to Go stick.
Faith Allington Program Manager Microsoft Corporation WSV322.

Faith Allington Program Manager Microsoft Corporation WSV322.
Turning PowerShell Commands into Reusable CLI and GUI Tools Don Jones Senior Partner and Principal Technologist Concentrated Technology, LLC WCL404.

Turning PowerShell Commands into Reusable CLI and GUI Tools Don Jones Senior Partner and Principal Technologist Concentrated Technology, LLC WCL404.
Getting the Most Out of the Power of Group Policy Jeremy Moskowitz Chief Propeller-Head GPanswers.com & PolicyPak Software.

Getting the Most Out of the Power of Group Policy Jeremy Moskowitz Chief Propeller-Head GPanswers.com & PolicyPak Software.
Client management scenarios in the Windows 8 timeframe Bryan Keller – Lead Program Manager Craig Morris – Senior Program Manager WCL388.

Client management scenarios in the Windows 8 timeframe Bryan Keller – Lead Program Manager Craig Morris – Senior Program Manager WCL388.
Upgrading SSIS Packages to SQL Server 2012 Sven Aelterman Lecturer in Information Systems & Web/Technology Specialist Troy University, Sorrell College.

Upgrading SSIS Packages to SQL Server 2012 Sven Aelterman Lecturer in Information Systems & Web/Technology Specialist Troy University, Sorrell College.
What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.

What's New in Microsoft Deployment Toolkit 2012 Michael Niehaus Senior Program Manager Microsoft Corporation.
Windows Intune: Cloud Based PC Management (Technical Overview) Elias Mereb Erdal Ozkaya MVP – Windows Expert-IT Pro WideTech Consulting FastLane – AP.

Windows Intune: Cloud Based PC Management (Technical Overview) Elias Mereb Erdal Ozkaya MVP – Windows Expert-IT Pro WideTech Consulting FastLane – AP.
Five Infrastructure Changes That Will Boost Performance for the Windows Client Andreas Stenhall Senior Executive Consultant Knowledge Factory.

Five Infrastructure Changes That Will Boost Performance for the Windows Client Andreas Stenhall Senior Executive Consultant Knowledge Factory.
Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.

Customizing the User State Migration Tool Michael Niehaus Senior Program Manager Microsoft Corporation WCL322.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Best Practices for Designing and Consolidating Group Policy for Performance and Security Darren Mar-Elia Group Policy MVP, CTO & Founder SDM Software,

Best Practices for Designing and Consolidating Group Policy for Performance and Security Darren Mar-Elia Group Policy MVP, CTO & Founder SDM Software,
Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd

Internet Explorer 7 Security Features Steve Lamb Technical Security Microsoft Ltd
Operating and Optimizing Multi-Tenant SaaS Applications in Windows Azure: An IT Pro Perspective Rainer Stropek CEO, Co-Founder software architects gmbh.

Operating and Optimizing Multi-Tenant SaaS Applications in Windows Azure: An IT Pro Perspective Rainer Stropek CEO, Co-Founder software architects gmbh.
How Many Coffees Can You Drink While Your PC Boots? Stephen Rose, Vadim Arakelov, Pieter Wigleven, Matthew Reynolds Microsoft Corporation WCL305.

How Many Coffees Can You Drink While Your PC Boots? Stephen Rose, Vadim Arakelov, Pieter Wigleven, Matthew Reynolds Microsoft Corporation WCL305.
Getting Exchange and SharePoint to Play Together J. Peter Bruzzese Exchange MVP, MCSE, MCT Exchange/SharePoint Administration Instructor for TrainSignal.

Getting Exchange and SharePoint to Play Together J. Peter Bruzzese Exchange MVP, MCSE, MCT Exchange/SharePoint Administration Instructor for TrainSignal.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Building Windows 8 Apps for the Enterprise Robert Green Technical Evangelist Microsoft Corporation.

Building Windows 8 Apps for the Enterprise Robert Green Technical Evangelist Microsoft Corporation.

Similar presentations

Ads by Google