It's used to start applications that don't perform administrative tasks (standard user apps).Contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed.When an administrator logs on, two separate access tokens are created for the user: a standard user access token and an administrator access token. The access token contains information about the level of access that the user is granted, including specific security identifiers (SIDs) and Windows privileges. When a user signs in, the system creates an access token for that user. The following diagram shows how the sign in process for an administrator differs from the sign in process for a standard user.īy default, both standard and administrator users access resources and execute apps in the security context of a standard user. To better understand how this process works, let's take a closer look at the Windows sign in process. When a standard user attempts to run an app that requires an administrator access token, UAC requires that the user provides valid administrator credentials. A low integrity application is one that performs tasks that could potentially compromise the operating system, like as a Web browsĪpplications with lower integrity levels can't modify data in applications with higher integrity levels.A high integrity application is one that performs tasks that modify system data, such as a disk partitioning application.
Integrity levels are measurements of trust: Windows protects processes by marking their integrity levels.
Both the parent and child processes, however, must have the same integrity level.
Child processes inherit the user's access token from the parent process. The only exception is the relationship that exists between parent and child processes. With UAC, each application that requires the administrator access token must prompt the end user for consent. This article describes how UAC works and how it interacts with the end-users. UAC reduces the risk of malware by limiting the ability of malicious code to execute with administrator privileges. User Account Control (UAC) is a key part of Windows security.
0 kommentar(er)
