Vista User Account Control – A Deep Dive

User Account Control focusses on using a Low-privilege user account or LUA, so that changes are not accidently made on to the system files.
This feature is enabled by default and allows even the administrator to perform normal tasks with the permissions of a standard user only.
How it actually works is like this:
Lets take a scenario in which a normal standard user say Amit logs on to his local system and wishes to view the system time . So he double clicks on the Date and Time icon in the system tray.
Now, if he was working with Windows Xp , he would’ve got the message that he does not have permissions to view or change the time and date settings.
But now that he is working on Windows Vista, he can easily go ahead and view the system date and time without any prompts! Not only that , even if he wishes to change the time zone of the system, thats an administrative tasks , so when he clicks on Change time zone button , he gets a box asking him for administrative password. He can go and take administrator’s permission to do this change!
Similarly, a normal user is now allowed to do a no. of tasks that only administrators could do earlier, like, changing power settings of the computer, installing printers which already have drivers installed in the system, and many others.
Lets take a look at another scenario, now Amit, logged onto the system with his own standard user account, tries to install some legacy application. Now installing an application is still and admin task. So as sson as he goes and clicks setup.exe , he is prompted to put the admin password of the system. So instead of getting the access denied message in the middle of the installation , as it used to happen in Windows XP, a normal user can go ahead and install an application if he has the admin password without having to log off and log bak again as an administrator.
Now in another scenario, Amit creates a file which contain some of his VB Script code for example, and tries to save it in the Program Files folder. Now Program Files is a system folder, which is meant to be modified with only administrative prvivilages. So when AMit tries to store a file inside this folder , his file gets actually stored in his profile under his Virtual Folders directory, even though it will be visible in the Program Files directory. This feature is actually called Registry or File system Virtuaization or Redirection, whereby any user files stored inside the system folders get redirected to user’s profile.
So now even when Amit uses a dir command from the command prompt to list all the files and directories in the Program Files folder, his file does get listed there. Not only that, even when he uses a delete command from there to delete his file from the program files, the physical file stored in his profile gets deleted as well!
This feature actually prevents users from damaging the system and registry files.
 
Last but not the least, lets see what happens now when the administrator himself logs on to the system. The administraor and go around and work over anything in the system as long as he isnt performing an administrtive task. Now lets say if he needs to install an application on the system, he is prompted for his consent! So even if he is the adminitrator himself, Vista still tries to prompt the administrator that he is trying to change the system settings and ask wether he is sure about doing it.
SO all these features combine give quite a good level of security to the system and prevents it from unwanted changes to a great extent.

6 thoughts on “Vista User Account Control – A Deep Dive”

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s