Page 1
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Security Technologies
• Many more or less visible security related features
• Encrypting File System (EFS)
• BitLocker
• Services Hardening
• Address Space Layout Randomization (ASLR)
• Integrity Level
• File System Virtualization
• Registry Virtualization
• User Interface Privilege Isolation (UIPI)
• IE Protected Mode
• Protected Processes
• User Account Control
Page 2
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Introduction
• UAC remains a misunderstood feature
• UAC is not an user access control system
• UAC is an new user account control framework
• UAC has several goals
• force (administrators) users to work with less rights
• control legacy applications
• enable actions without administrative credentials
• protect the system from malware and from administrators
Page 3
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Motivation
• Reduce the exposure surface of the operating system
• Mitigate the impact of malware
• Make computers (and networks) less vulnerable
Page 4
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Token Types
• Applications run in one of the following security contexts• Standard user
• Administrator user
Page 5
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Visible Identification
• In the past users could not easily tell what actions required administrative credentials
• Vista removes this uncertainty by showing a shield to identify actions that require administrative privileges
Page 6
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
User Interaction
• When working using an administrative account, a user must (by default) conscent an action requesting elevated rights.
Page 7
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
User Interaction
• When working using a standard account, a user must provide adequate credentials in oder to perform an action requesting administrative privileges.
Page 8
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Consent Prompt Types
• Built-in Windows program
Page 9
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
• Digital signed third-party applications
Consent Prompt Types
Page 10
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Consent Prompt Types
• Unsigned third-party applications
Page 11
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Configuration
• Switching User Account Control on or off
Page 12
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Configuration
• Disabling User Account Control is tagged as unsecured
Page 13
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Configuration
• Security Policy enables a very granular and flexible configuration of the UAC behaviors
• Localy/Globaly
Page 14
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Configuration
• The built-in Administrator account can be configured to run in one of the following modes:
• Admin Approval Mode
• XP Compatible Mode (default)
Page 15
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Framework
• UAC is built on different new technologies
• Windows file system virtualization
• Windows Registry virtualization
• Windows Integrity level
• …
Page 16
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Framework - Service
• User Account Control mechanism is built on the Application Information service
Page 17
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
• The process name consent.exe is responsible to show the UAC dialogs
Framework - Consent
Page 18
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Framework - Desktop
• Elevation prompts are displayed on a secure desktop by default.
Page 19
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Framework – Application Marking
• UAC ready applications contain an XML manifest which documents the desired security Run Level credential
Page 20
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Framework – Resources Virtualization
• UAC Virtualization redirects the following locations
• \Program Files
• \Windows
• \Windows\System32
• \HKLM\Software
• Applications accesses are virtualized when accessing secure locations. These locations are then serialized in the corresponding user profile.
• \Users\AppData\Local\Virtual Store
• \HKCU\Software\Classes\VirtualStore
• Virtualization is intended as a bride technology to enable applications that are not UAC compatible to work properly
• Virtualization is not supported on 64bit systems
Page 21
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Workflow
• The workfow of UAC depends several factors
• The account a user is logged as
• The Security Policy
Page 22
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Running Programs Elevated
• One-time basis
• Always
Page 23
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Running Programs Elevated
• Application running in elevated mode
Page 24
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Running Programs Elevated
• Application running in normal mode
Page 25
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
History
• Some components have kept their names
LUA UAP UAC
Page 26
Windows User Account Control (UAC)
www.winitor.com – Nov.2009
Links
• Windows Vista TechNet, www.microsoft.com/technet/windowsvista
• User Account Control Overview, www.microsoft.com/technet/windowsvista/security/uacppr.mspx
• User Account Control, www.microsoft.com/technet/windowsvista/security/uac.mspx