Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Microsoft

Microsoft

Admin Approval Mode in Windows Vista

A feature of the UAC

By Marius Oiaga, Technology News Editor

24th of January 2007, 15:55 GMT

Adjust text size:


The admin approval mode in Windows Vista illustrates how the security features of the operating system have evolved beyond Windows XP. The administrator approval mode is active by
default for all the users that are members of the local administrator group.

With the introduction of the User Account Control in Windows Vista, Microsoft has labored to deliver a balance between security via privilege limitations and functionality. In Windows XP, a standard user found that the actions they were able to perform were confined to the point of lost functionality.

This is also one of the reasons why in Windows XP, standard user accounts are less than popular. In this aspect, the security delivered by limiting the administrator privileges was traded off for complete functionality. In Windows Vista, Microsoft has integrated a common denominator in the UAC settings: the admin approval mode.

"In this mode (which is on by default for all members of the local administrators group), every user with administrator privileges runs normally as a standard user; but when an application or the system needs to do something that requires administrator permissions, the user is prompted to approve the task explicitly. Unlike the "super user on" function from UNIX that leaves the process elevated until the user explicitly turns it off, admin approval mode enables administrator privileges for just the task that was approved, automatically returning the user to standard user when the task is completed," explained Jim Allchin, Microsoft Co-President, Platform and Services Division.

Allchin went on to explain that the functionality is simply a convenience feature designed for administrators. The admin approval mode does not create a security boundary between processes. In this context, in the absence of process isolation, interference is possible.

"If an administrator performs multiple tasks on the same desktop, then malware may potentially be able to inject or interfere with an elevated process from a non-elevated process. Thus, the most secure configuration for Windows Vista is to run processes in two separate accounts, with only administrator tasks performed using an administrator account and all other tasks performed under the standard user account," added Allchin.
Read by 8,425 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
Fair (2.8/5) 7 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Symantec Wants Control Over Vista's UAC

Will Microsoft Permit Symantec to Take Over Vista's UAC?

38% of Malware Is Vista Compatible

The Windows Vista Panel

Vista Enterprise - Pirated and Available for Download

Norton Will Be Ready in Time for Windows Vista

Trojan Horse Builds Peer-to-Peer Botnets

Introducing Windows Vista's UniveRSS

User opinions:


Comment #1 by: Steve, the evil supervillain on 26 Apr 2009, 04:21 GMT reply to this comment

Excellent article! This was very informative!

Just FYI: While Admin Approval mode for Windows Vista/2008 seems to be advantageously distinguished from UNIX super user abilities, it may be worth noting that many UNIX/LINUX operating systems also have this as-needed, just-once elevation functionality with a command called sudo. In fact, sudo has been around for quite some time now--long before the new privilege implementation for Windows.

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive