|
User Account Control (UAC) is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed〔(Windows 7 Feature Focus: User Account Control ), An overview of UAC in Windows 7 by Paul Thurott〕 version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012 and Windows 10. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorizes it. UAC uses Mandatory Integrity Control to isolate running processes with different priviledges. To reduce the possibility of lower-privilege applications communicating with higher-privilege ones, another new technology, User Interface Privilege Isolation, is used in conjunction with User Account Control to isolate these processes from each other. One prominent use of this is Internet Explorer 7's "Protected Mode". ==History== Operating systems on mainframes and on servers have differentiated between superusers and userland for decades. This had an obvious security component, but also an administrative component, in that it prevented users from accidentally changing system settings. Early Microsoft home operating-systems (such as MS-DOS, Windows 95, Windows 98 and Windows Me) did not have a concept of different user-accounts on the same machine, and all applications enjoyed system-wide privileges rivaling (Windows 95, Windows 98, and Windows Me) or equal to (MS-DOS, Windows versions 1.0-3.11) the operating system itself. Windows NT introduced multiple user-accounts, but in practice most users continued to function as an administrator for their normal operations. Further, some applications would require the user be an administrator for some or all of their functions to work. Subsequent versions of Windows and Microsoft applications encouraged the use of non-administrator user-logons, yet some applications continued to require it. To be certified Windows-compliant by Microsoft, and be able to use the Windows-compliant logo with their packaging, applications must not have required administrator privileges. Microsoft developed Vista security firstly from the ''Limited User Account'' (LUA), then renamed the concept to ''User Account Protection'' (UAP) before finally shipping User Account Control (UAC).〔 〕 Introduced in Windows Vista, User Account Control (UAC) offers an integrated, balanced approach to encourage "super-user when necessary". The key to UAC lies in its ability to elevate privileges without changing the user context (user "Bob" is still user "Bob"). As always, it is difficult to introduce new security features without breaking compatibility with existing applications. When someone logs into Vista as a standard user, the system sets up a logon session and assigns a token containing only the most basic privileges. In this way, the new logon session cannot make changes that would affect the entire system. When logging in as a user in the Administrators group, two separate tokens are assigned. The first token contains all privileges typically awarded to an administrator, and the second is a restricted token similar to what a standard user would receive. User applications, including the Windows Shell, then start with the restricted token, resulting in a reduced-privilege environment - even under an Administrator account. When an application requests higher privileges or when a user clicks a "Run as administrator" option, UAC will prompt standard users to enter the credentials of an Administrator account and prompt Administrators for confirmation and, if consent is given, continue or start the process using an unrestricted token. In Windows 7, Microsoft included a user interface to change User Account Control settings, and introduced one new notification mode, the ''default'' setting. By default, UAC does not prompt for consent when users make changes to Windows settings that require elevated permission through programs stored in %SystemRoot% and digitally signed by Microsoft. Programs that require permission to run still trigger a prompt. Other User Account Control settings that can be changed through the new UI could have been accessed through the registry in Windows Vista.〔 http://www.askvg.com/how-to-tweak-user-account-control-uac-options-in-windows-vista-home-basic-home-premium/〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「User Account Control」の詳細全文を読む スポンサード リンク
|