Elevation and the Secure Desktop

The process of getting a user's approval prior to running an application in administrator mode and prior to performing actions that change system-wide settings is known as elevation. Elevation enhances security by reducing the exposure and attack surfaces of the operating system. It does this by providing notification when you are about to perform an action that could affect system settings, such as installing an application, and eliminating the ability for malicious programs to invoke administrator privileges without your knowledge and consent.

Prior to elevation and display of the UAC prompt, Windows 7 does several things in the background. The key thing you should know is that by default Windows 7 switches to a secure, isolated desktop prior to displaying the prompt. The purpose of switching to the secure desktop is to prevent other processes or applications from providing the required permissions or consent. All other running programs and processes continue

Figure 3-4. Providing the required credentials to run on the interactive user desktop—only the prompt itself runs on the secure desktop.

Elevation, permission/consent prompts, and the secure desktop are the key aspects of UAC that affect you the most. As you can see, they have a measurable impact on the way Windows 7 works. Due to these UAC features:

• User accounts are not used in the same way as they are in Windows XP.

• Applications do not run in the same way as they do in Windows XP.

• Most configuration tasks are not performed in the same way as they are in Windows XP.

Understanding User Account Control and Its Impact on Performance | 73

L J Prog1

Verrfi

Program name: Windows PoweiSh el I Verified publisher: Microsoft Windows

L J Prog1

Verrfi

Program name: Windows PoweiSh el I Verified publisher: Microsoft Windows v Show details

Was this article helpful?

0 0

Post a comment