Help with User Account Control in Windows 10

Posted on

User Account Control or UAC is the name of the fundamental component of the overall security vision of Microsoft. This one helps mitigate the impact of malware. It applies to a thing called Windows 10.

Every app that needs the administrator access token must prompt for consent. The only exception is the relationship that exists between the parent and the child processes. The child processes inherit the access token of the user from the parent process. Both of them, however, must have the same integrity level.

Apparently, Windows 10 protects processes by marking their integrity levels. The integrity levels are the measurements of trust. The high integrity app is named as one that performs tasks that modify the system data, such as the disk partitioning app, while the low one is one that performs tasks that can potentially compromise the operating system like a web browser.

Please keep in mind that the apps with the lower integrity levels cannot modify data in apps with the higher integrity levels. When the standard user tries to run the app that needs the administrator access token, User Account Control requires that the user provide the valid administrator credentials. If you want to understand how the process happens, it is better for you to look at the Windows logon process.

According to Windows, the standards users and administrators access resources and run the apps in the security context of the standard users. When a certain user logs on to the computer, the system creates the access token from that user. The access token has the information about the level of access that the user is granted, including the specific security identifiers or SIDs and Windows privileges.

When the administrator logs on, there are two separate access tokens crated for the user. The first one is the standard user access token and the second one is the administrator access token. The first one contains the same user specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed. This one is used to start the apps that do not perform the administrative tasks. It is then used to display the desktop (explorer.exe). the thing known as explorer.exe is the parent process from which all other user initiated processes inherit their access token. As the result, every app runs as a standard user unless the user provides consent or credentials to approve the app to use the full administrative access token.

A user can be described as a member of the administrators group that can log on, browse the web, and read email while using the standard user access token. When the administrator has to perform the task that needs the administrator access token, Windows 10 automatically prompts the user for approval. This kind of thing is called the evaluation prompt, and its behavior is able to be configured by using the Local Security Policy snap in or Group Policy. For more information, please visit the website of Microsoft.

Leave a Reply

Your email address will not be published. Required fields are marked *