One of the most common Windows security problems arises from the fact that many users perform their everyday computing tasks with more system access than they actually need.
Logging on as an Administrator or as a user who is a member of the Administrators group grants the user full access to all areas of the operating system. This degree of system access is not necessary to run many of the applications and perform many of the tasks users require every day; it is needed only for certain administrative functions, such as installing systemwide software and configuring system parameters.
For most users, logging on with administrative privileges all the time is just a matter of convenience. Microsoft recommends logging on as a standard user and using administrative privileges only when you need them. However, many technical specialists who do this frequently find themselves encountering situations in which they need administrative access.
There is a surprisingly large number of common, and even mundane, Windows tasks that require administrative access, and the inability to perform those tasks can negatively affect a user’s productivity.
Microsoft decided to address this problem by keeping all Windows Server 2012 R2 users from accessing the system using administrative privileges unless those privileges are required to perform the task at hand. The mechanism that does this is called User Account Control (UAC).
Performing administrative tasks
When a user logs on to Windows Server 2012 R2, the system issues a token, which indicates the user’s access level. Whenever the system authorizes the user to perform a particular activity, it consults the token to see if the user has the required privileges.
In versions of Windows prior to Windows Server 2008 and Windows Vista, standard users received standard user tokens and members of the Administrators group received administrative tokens. Every activity performed by an administrative user was therefore authorized using the administrative token, resulting in the problems described earlier.
On a computer running Windows Server 2012 R2 with UAC, a standard user still receives a standard user token, but an administrative user receives two tokens: one for standard user access and one for administrative user access. By default, the standard and administrative users both run using the standard user token most of the time.
When a standard user attempts to perform a task that requires administrative privileges, the system displays a credential prompt, as shown in Figure 6-12, requesting that the user supplies the name and password for an account with administrative privileges.
FIGURE 6-12 A UAC credential prompt
When an administrator attempts to perform a task that requires administrative access, the system switches the account from the standard user token to the administrative token. This is known as Admin Approval Mode.
Before the system permits the user to employ the administrative token, it might require the user to confirm that he or she is actually trying to perform an administrative task. To do this, the system generates an elevation prompt, as shown in Figure 6-13. This confirmation prevents unauthorized processes, such as those initiated by malware, from accessing the system using administrative privileges.
FIGURE 6-13 A UAC elevation prompt
Using secure desktop
By default, whenever Windows Server 2012 R2 displays an elevation prompt or a credential prompt, it does so by using the secure desktop.
The secure desktop is an alternative to the interactive user desktop that Windows normally displays. When Windows Server 2012 R2 generates an elevation or credential prompt, it switches to the secure desktop, suppressing the operation of all other desktop controls and permitting only Windows processes to interact with the prompt. The object of this is to prevent malware from automating a response to the elevation or credential prompt and bypassing the human reply.
Windows Server 2012 R2 enables UAC by default, but it is possible to configure its properties and even to disable it completely. In Windows Server 2012 R2, there are four UAC settings available through the Action Center in Control Panel, as shown in Figure 6-14. The four settings are as follows:
– Always Notify Me
– Notify Me Only When Apps Try To Make Changes To My Computer
– Notify Me Only When Apps Try To Make Changes To My Computer (Do Not Dim My Desktop)
– Never Notify Me
FIGURE 6-14 The User Account Control Settings dialog box
Although the Control Panel provides some control over UAC, the most granular control over UAC properties is through the Security Options node in Group Policy and Local Security Policy.
This article is a part of 70-410 Installing and Configuring Windows Server 2012 Prep course, more articles in this course are :
70-410 Installing and Configuring Windows Server 2012 Prep course includes following practice tests: