When an administrator logs on to a computer things are a little different and this is where Windows Vista differs dramatically from previous versions. This effectively limits what the user can do since Windows Explorer can only run those applications and access those resources that the user’s logon session permits based on the permissions and privileges specified by the token. When a standard user logs on to a computer a new logon session is created and they are presented with a shell application such as Windows Explorer that was created by the system and associated with the user’s newly created logon session by means of a token. The logon sessions created for standard users and administrators are equally capable of protecting from such threats. Unlike previous versions of Windows, you don’t have to logon as a standard user to protect yourself from malicious code that may find its way to your computer. ![]() Administrator accounts are for those users who also enjoy complete control over the computer. Standard user accounts are for those people who you do not trust with complete control over the computer. The first user account that you can create will be an administrator at least initially and any subsequent user accounts will be standard users by default. On Windows Vista there are two predominant types of user accounts, standard users and administrators. This is really the key to how UAC works or at least a big part of it. These tokens can offer different sets of permissions and privileges based on a subset of those provided by the logon session. Any number of tokens can be created that refer to the same logon session. Programmers interact with logon sessions by means of tokens. As its name suggests, a logon session represents a specific session on a single computer for a given user. A security context on Windows is defined in terms of a logon session and these are manipulated via tokens. Security context refers to those things that define and constrain what a process or thread can do in terms of permissions and privileges. In this part 4 of the Windows Vista for Developers series, we are taking a practical look at UAC and specifically what can be done programmatically with respect to elevation and integrity control. As developers we have a responsibility to embrace it so that the applications we develop don’t annoy and desensitize our users with needless prompts. ![]() Whatever your initial reaction, User Account Control (UAC) is here to stay and really isn’t as bad as critics make it out to be. ![]() Windows XP introduced further improvements but it has simply not been pervasive enough to make any real difference for the average user. Windows 2000 introduced techniques for creating restricted tokens that can effectively limit the permissions and privileges afforded to an application. Since the release of Windows 2000, the developers working on Windows have been trying to create an environment where users can work safely and securely.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |