On GameSpot: TGS 2008: Halo 3: Recon details

What's new in Vista Group Policy?

by Debra Shinder | 05-16-07

Tags: screenshots, windows vista, USB Port, Floppy Disk, Software, Desktop, Security, Group Policy, Hard Drive, Power Management, Administrator, Console, Microsoft Access, Memory Card, Removable Storage, Network, CD, Microsoft Windows XP, Media, Intel X86, Optical Drive, PKI, Battery, Disc, Microsoft Windows Vista, Malware, XML, Group Policy Object, Microsoft Corp., USB Flash Drive, Web Site, Epoxy, Photograph, Flash Memory, Spreadsheet, Tool, Virus, Action, Computer, DVD, /^hWhat, Button Settings Folder, Notification Settings Folder, Microsoft Windows Vista (Longhorn), Operating Systems, Adobe PDF

0 comment(s)
  • Save
  • 0

UAC policies

« Previous Image |
UAC policies
« Previous Image |
Here are the UAC-related policies you can configure in Vista:

  • Admin Approval Mode for the built-in Administrator account: If you enable this policy, the built-in Administrator account will log on in Admin Approval Mode, which means you'll be prompted to consent before elevation of privileges occurs. By default, this policy is disabled so that the built-in Administrator account (unlike other administrative accounts in Vista) logs on in XP-compatible mode; all applications can run by default with full administrative privileges. Enabling this policy increases security.


  • Behavior of the elevation prompt for administrators in Admin Approval Mode: By default, all administrators (except the built-in Administrator account) are prompted for consent before an elevation of privileges occurs. If you enable this policy, you can choose to increase security by requiring that administrators enter their credentials to elevate privileges or you can lower security by allowing elevation without prompting for credentials or consent. The choices are shown in the photo above.


  • Behavior of the elevation prompt for standard users: By default, those logged on with standard user accounts are prompted to enter administrative credentials to elevate privileges. If you enable this policy, you can choose to increase security by returning an access denied message when a standard user tries to perform an operation that requires elevated privileges.


  • Detect application installations and prompt for elevation: If you enable this policy, application installation packages that require elevation of privileges will be detected through a heuristic algorithm,and the configured elevation prompt will be triggered.


  • Only elevate executables that are signed and validated: This policy allows you to increase security by enforcing PKI signature checks on interactive applications that request elevation of privileges. By default, PKI certificate chain validation is not enforced.


  • Only elevate UIAccess applications that are installed in secure locations: If you enable this policy,UIAccess applications will not launch unless they're stored in a secure location. Secure locations include the Program Files directory and the Windows\System32\r-_\Program Files (x86) directory. This policy is enabled by default, but you can disable it if you want UIAccess applications stored in other locations to be able to run.


  • Run all users, including administrators, as standard users: This policy is enabled by default and is the heart of Vista's UAC protection. If you disable this policy, all UAC policies will be disabled and security is decreased. You must reboot for a change in this policy to take effect.


  • Switch to secure desktop when prompting for elevation: This policy is enabled by default; when elevation is requested, the desktop locks down and no applications can interact with it. You can disable this policy to cause elevation requests to display on the normal interactive desktop, but this reduces security.
               

What do you think?

See more TR Photo Galleries TR Gallery Newsletter signup

advertisement
Click Here