"Using a Limited account during your everyday work gives better protection against malicious software infection and accidental misconfiguration. But installing software or changing some system settings can be difficult in a low privileged environment. The sudoWn project can execute individual programs (or even a whole Windows shell) with temporary Administrator privileges under your user profile. This means you can use a low privileged environment and elevate your rights transitionally for software installation or systemwide configuration comfortably."
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-11-10
Right but in the beta all you have to do is click yes to get admin rights for the application in question. No password or other security measure.
All most everything in Windows can be managed by a local or group policy. But how many people are going to know how to do that. I am an admin and I still find it to be a pain and still find that it doesn't work all the time. (At least in 2000 and XP)
And I don't know how the desktop can be secure if you are the admin and you can run apps with just a click. I am sure there are simple ways around that (There are ways around Sudo systems that require passwords like in Linux and Mac OS)
Member since:2005-07-06
Right but in the beta all you have to do is click yes to get admin rights for the application in question. No password or other security measure.
This accomplishes the same thing as entering a password. If you are logged in as the local admin, it doesn't matter whether you need to enter a password for elevation or not (more on this below).
All most everything in Windows can be managed by a local or group policy. But how many people are going to know how to do that. I am an admin and I still find it to be a pain and still find that it doesn't work all the time. (At least in 2000 and XP)
It's not a setting most users would bother changing. Power users of NT really should familliarize themselves with NT's MMC and gpedit. The behavior of many settings is controlled via policy.
And I don't know how the desktop can be secure if you are the admin and you can run apps with just a click. I am sure there are simple ways around that (There are ways around Sudo systems that require passwords like in Linux and Mac OS)
The apps you are running are running on a different desktop than the UAC UI. When you get a UAC popup, what you see in the background is just a screenshot of your normal desktop (to keep the user in a familiar context). On the secure desktop (the Welcome Screen also uses this), only trusted processes running as SYSTEM are allowed to run. This behavior can also be controlled via policy though I wouldn't recommend changing it as you potentially increase your attack surface. Also, even when not on a secure desktop, only applications of similar permissions levels can send or receive window messages with each other (i.e., only same or higher level apps can interact with same or lower level apps), so applications couldn't interact with the elevation dialog even if secure desktop for elevation was disabled unless they were first elevated to the same level as the elevation UI by the user.
Edited 2006-06-14 18:07
Member since:
2005-07-06
I do hope that Windows Vista is better then the current beta because it still makes the default user a full admin. You get pop up boxes that tell you that you are about to do an admin task but yet they don't ask for password (And actually you don't HAVE to make a password for your account when you first make it)
Though the default account in Vista is an admin account, applications do not inherit the rights of that account, and are instead executed as standard user unless they implement the necessary items to be an admin app and are elevated by the user in either case.
The behavior of the popups you get are configurable via group policy options. It can be set to ask for a password if you choose. The UAC popups are on a secure desktop so they can't be accessed by other applications or programmatically confirmed. Also, accounts with blank passwords (even on XP) can't be used for remote access.