Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Security Technologies
• Many more or less visible security related features
• Encrypting File System (EFS)
• BitLocker
• Services Hardening
• Address Space Layout Randomization (ASLR)
• Integrity Level
• File System Virtualization
• Registry Virtualization
• User Interface Privilege Isolation (UIPI)
• IE Protected Mode
• Protected Processes
• User Account Control
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Introduction
• UAC remains a misunderstood feature
• UAC is not an user access control system
• UAC is an new user account control framework
• UAC has several goals
• force (administrators) users to work with less rights
• control legacy applications
• enable actions without administrative credentials
• protect the system from malware and from administrators
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Motivation
• Reduce the exposure surface of the operating system
• Mitigate the impact of malware
• Make computers (and networks) less vulnerable
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Token Types
• Applications run in one of the following security contexts• Standard user
• Administrator user
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Visible Identification
• In the past users could not easily tell what actions required administrative credentials
• Vista removes this uncertainty by showing a shield to identify actions that require administrative privileges
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
User Interaction
• When working using an administrative account, a user must (by default) conscent an action requesting elevated rights.
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
User Interaction
• When working using a standard account, a user must provide adequate credentials in oder to perform an action requesting administrative privileges.
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Consent Prompt Types
• Built-in Windows program
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
• Digital signed third-party applications
Consent Prompt Types
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Consent Prompt Types
• Unsigned third-party applications
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Configuration
• Switching User Account Control on or off
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Configuration
• Disabling User Account Control is tagged as unsecured
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Configuration
• Security Policy enables a very granular and flexible configuration of the UAC behaviors
• Localy/Globaly
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Configuration
• The built-in Administrator account can be configured to run in one of the following modes:
• Admin Approval Mode
• XP Compatible Mode (default)
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Framework
• UAC is built on different new technologies
• Windows file system virtualization
• Windows Registry virtualization
• Windows Integrity level
• …
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Framework - Service
• User Account Control mechanism is built on the Application Information service
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
• The process name consent.exe is responsible to show the UAC dialogs
Framework - Consent
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Framework - Desktop
• Elevation prompts are displayed on a secure desktop by default.
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Framework – Application Marking
• UAC ready applications contain an XML manifest which documents the desired security Run Level credential
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Framework – Resources Virtualization
• UAC Virtualization redirects the following locations
• \Program Files
• \Windows
• \Windows\System32
• \HKLM\Software
• Applications accesses are virtualized when accessing secure locations. These locations are then serialized in the corresponding user profile.
• \Users\AppData\Local\Virtual Store
• \HKCU\Software\Classes\VirtualStore
• Virtualization is intended as a bride technology to enable applications that are not UAC compatible to work properly
• Virtualization is not supported on 64bit systems
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Workflow
• The workfow of UAC depends several factors
• The account a user is logged as
• The Security Policy
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Running Programs Elevated
• One-time basis
• Always
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Running Programs Elevated
• Application running in elevated mode
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Running Programs Elevated
• Application running in normal mode
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
History
• Some components have kept their names
LUA UAP UAC
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Links
• Windows Vista TechNet, www.microsoft.com/technet/windowsvista
• User Account Control Overview, www.microsoft.com/technet/windowsvista/security/uacppr.mspx
• User Account Control, www.microsoft.com/technet/windowsvista/security/uac.mspx
