Join Lisa Bock for an in-depth discussion in this video Exploring User Account Control (UAC), part of IT Security Foundations: Network Security.
- User account control is a feature in Windows that protects the security of the operating system. It prompts when a program requires administrator level permission or a password to make a change. A dialog box will open with one of four different icons. This can help prevent the installation of malicious software. Let's take a look at the different icons and what they mean. I'm at this website on Microsoft.com which talks about the different icons.
Prompting the user makes you take a second and think about what it is you're doing and maybe will stop you from installing something that isn't safe. Let's take a look at this first icon up here this right here is just saying it's a setting or feature, it's part of Windows it just needs your permission to start. It has a valid digital signature, verifying that Microsoft is a publisher of that and that item should be trusted. If you get this dialog box it's pretty much safe to continue but if you're not sure, check the name of the program and decide if it's really something you want to run.
This question mark here, this is saying it's a program that is not part of the Windows, needs your permission to start. This program has a valid digital signature, which helps to reassure you that that program is what it claims to be. It also ensures the identity of the publisher. However, make sure the program is one you want to run and that you do trust the publisher. Now, when you see the yellow with the exclamation point, this is a program with an unknown publisher, needs your permission to start.
This program doesn't have a valid digital signature from it's publisher. That doesn't necessarily mean that there's a problem or there's danger as sometimes older and legitimate programs do not have digital signatures. However, you should use some caution and only allow a program to run if you obtained it from a trusted source, such as the original CD or possibly the publishers website. If you're not sure, look up the name of the program to determine if it's a known program or possibly malicious software.
Now you see that red X there? It is that you really have been blocked by your system administrator from running this program. The program has been blocked, it's known by reputation to be untrusted and you'll need to contact your system administrator if it is something that you would like to run. Now, I'm just going to give you an example. I'm going to go into a little program that I've downloaded. I'm going to right click and say "Run as Administrator". As you see, user account control came up and said, "Do you want to allow the following program from an "unknown publisher to make changes at this computer?" I'm going to say no.
Now I'm going to switch back to Windows 8 and we're going to show you the user account control settings, which are going to be the same. (keys clicking) Now let me maximize this and now let's take a look at this. Alright, now, if you can see, when we're taking a look at that kind of a little bit darker line there this is kind of the default. Let's take a look at the most restrictive and always notify.
This will allow me to choose how I'll be notified about changes made to my computer. If I say always notify me, you'll be notified before any apps make changes to the PC that require any administrator permissions. When you are notified, when this happens your screen is going to be dimmed slightly. At that point you must either approve or deny the request in that dialog box before you can do anything else on your PC. As you can imagine, this is the most secure setting and when you're notified you should really look at the contents of the dialog box before allowing any changes made to the PC.
Let's take a look at the next one where it says notify me only when apps try to make changes to my computer. As you can see, it has a little darker line it is the default. You'll be notified before apps make changes to your PC that require administrator permissions and also, if an app tries to make changes to Windows settings. You won't be notified if you try to make changes to Windows settings that require administrator permissions. At this point it's usually safe to make changes made to Windows settings without you being notified however sometimes apps come with Windows that have commands and data passed to them and malicious software might take advantage of this by using these apps to install files or change settings on your PC and you really should be careful about which ones you want to allow on your PC.
Now here we're going to a little less security, notify me only when apps try to make changes to my computer. One thing, in this case, that you won't see or your desktop dim at all, but you'll be notified before apps make changes to your PC that require administrator permissions or if it tries to make changes to a Windows setting. You won't be notified if you try to make changes to Windows settings that require administrator permissions. It's pretty much the same as notify me only when the apps try to make changes to my computer.
This is where you will not see the desktop getting dimmed. That's the difference here, it won't dim. Be careful though, because when you choose this option other apps will be able to interfere with the visual appearance of that dialog box. There is a slight security risk so be careful, especially since malware might try to take advantage of this. Again, the lower part of this is never notify me. This is really not recommended. It is the least secure, you're not going to be notified before we make any changes to your PC.
And, if you're signed in as an administrator your apps can make changes to your PC without your knowledge. Keep that in mind, as well. If you're signed in with a standard user account which even though you have an administrator account you should always just simply use you user account because you don't need administrator privileges all the time. If you're signed in with a standard user account any changes that require that administrator permissions will automatically be denied. Keep in mind, this is the least secure setting. When you say "Don't notify me." you're pretty much turning off any user account controls.
It's not recommended. This opens up your computer to a lot of security risks you should always be careful about what you run because they'll have the same access as you do. That includes reading and making changes to any of the areas that are protected, any personal data, saved files and anything else stored on the PCs. Again, this is one that you should not use. It is not recommended. We're going to bump this right back up here and we're going to just keep it at the default, notify me only when apps try to make changes to my computer.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Implementing secure content management (SCM)
- Implementing unified threat management (UTM)
- Introducing VLANs
- NAT addressing
- Network sniffing
- Understanding common attack methods, such as password attacks
- Protecting clients with antivirus software
- Implementing physical security