PaulDotCom mailing list archives
Windows 7 UAC question
From: Michael Salmon <lonestarr13 () gmail com>
Date: Fri, 11 Feb 2011 17:07:58 -0500
I have a question and not finding the answer to be very clear. My company has started testing Windows 7 and they want to disable UAC... which I'm putting together an argument and recommendation on UAC settings to provide the best mix of security and usability. Some users do have admin access on their PC's. I'm unclear on what the impact on UAC and system security is when enabling Elevating Without Prompting for the Group Policy - User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode. I see conflicting answers from Microsoft as well as on forums. This technet article http://technet.microsoft.com/en-us/library/ee679793(WS.10).aspx states towards the beginning: If UAC is disabled to avoid the elevation prompt, all UAC functionality is disabled. Instead, consider configuring UAC to elevate without prompting. In this case, applications that have been marked as administrator applications, as well as setup applications, will automatically run with the full administrator access token. All other applications will automatically run with the standard user token. The additional functionality of UAC is maintained However further in the article it says: The Elevate without prompting setting turns UAC off. This setting should be used only on a domain controller or server for advanced users or server administrators. This setting should not be applied to a client computer. Note Users should not use the Internet when this setting is applied. So which is it, does it turn UAC off and should not be applied to client computers or does generally leave UAC on except for applications marked as administrator apps. I'm also not yet clear on what an Administrator Application is... can malware easily trick Windows into thinking an administrator app and then UAC will let it run without prompting? What has been other's experience with configuring UAC? Thanks, Michael Salmon _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Windows 7 UAC question Michael Salmon (Feb 11)