User Account Control is designed to make it easier to protect computers while ensuring that users can perform the tasks they need to perform. As part of the restructuring for UAC, many changes have been made to user accounts and privileges. These changes are designed to ensure that there is true separation of user and administrator tasks, and that any tasks that have minimal system impact and potential for risk can be performed using standard user accounts. Administrators also have the ability to restrict privileges if they prefer.
In Windows Vista, standard user accounts can be used to perform some tasks that previously required administrator privileges. New permissions for standard user accounts in Windows Vista include:
Viewing the system clock and calendar and changing the time zone.
Changing the display settings and installing fonts.
Changing power management settings.
Adding printers and other devices (where the required drivers are installed on the computer or are provided by an IT administrator).
Downloading and installing updates using User Account Control–compatible installers.
Creating and configuring virtual private network (VPN) connections. A VPN connection helps you establish a secure connection to a private network over the public Internet.
Installing Wired Equivalent Privacy (WEP) to connect to secure wireless networks. WEP is a security protocol that provides a wireless network with the same level of security as a wired local area network (LAN).
Additionally, some maintenance tasks are now automatically scheduled processes, so users will not have to initiate these processes manually. Processes that are scheduled to run automatically include:
CareTaker Performs automated maintenance of the computer.
Consolidator Performs automated consolidation of the computer’s event logs.
AutomaticDefrag Performs automatic defragmentation of the computer’s hard disks.
AutomaticBackup Performs automatic backup of the computer (once configured).
In earlier versions of Windows, nonadministrators couldn’t easily tell whether they were allowed to perform an action. To make it easier for users to determine whether they can perform a task, Windows Vista uses a shield icon to identify tasks that require administrator privileges.
In Figure 9-1, two tasks are preceded by a shield icon: Change Settings and Change Product Key. These tasks require administrator privileges.
Windows Vista uses application security tokens to determine whether elevated privileges are required to run applications or processes. With applications written for Vista, applications either have an “administrator” token or a “standard” token. If an application has an “ administrator” token, it requires elevated privileges. If an application has a “standard” token, it doesn’t require elevated privileges.
The token is a reflection of the required level of privileges. A standard user mode–compliant application should write data files only to nonsystem locations. If the application requires administrator privileges to perform a specific task, the application should request elevated privileges to perform that task. For all other tasks, the application should not run using elevated privileges.
Applications not written for the Windows Vista new user account architecture are considered legacy applications. Windows Vista starts these applications as standard user applications by default and uses file and registry virtualization to give legacy applications their own “virtualized” views of resources they are attempting to change. When a legacy application attempts to write a system location, Windows Vista gives the application its own private copy of the file or registry value so that the application will function properly. All attempts to write to protected areas are logged by default as well.
Virtualization is not meant to be a long-term solution. As applications are revised to support Windows Vista’s new user account architecture, the revised versions should be deployed to ensure compliance with User Account Control and to safeguard the security of the computer.