An introduction to security and UAC (User Account Control) in Windows Vista
The user account
In Windows Vista, you must log in with your user account before you can accessyour
Windows Vista uses your user account to determine your personal settings, such as
what background to display and where your e-mail is stored. But more importantly,
your user account determines what access you have to the "securable objects" (stuff)
on your computer.
You can think of it as the computer assigning you a special key that you will use
to access everything on your computer.
While each person has their own individual key that uniquely identifies them, there
are two basic kinds of keys: administrator keys and standard keys.
What are securable objects
Securable objects are another name for the "stuff" that is on your computer. This
includes files, folders, and settings.
Every securable object contains a list of people who can access it and what those
people are allowed to do to it.
You can think of a securable object as having a padlock that protects it. When you
try to do something to a securable object (open, delete, etc.), you use your key
to try and unlock it. If the key does not fit for the type of action you are attempting
to perform, it won't unlock and you will not be allowed access.
What is an administrator
Administrators are the "masters" of the computer. They can use their key to gain
full access to almost every securable object on the computer. They can also choose
what kind of key other users have by using the control panel.
Users that are not administrators can only use their key to access their personal
stuff or the public areas of the computer (such as the Public folder). They are
not allowed to change other people's stuff, install programs for other people, change
computer settings, or change other people's settings.
The problems with this kind of security
Before Windows Vista, every program that was running while you were logged on also
used your key to access the computer.
This caused two major problems:
- Programs that you did not actually start could use your key without you knowing
- Programs always have access to everything that you do, even if they
do not need such access
This created a very dangerous and insecure environment while you were logged in
as an administrator.
In Windows Vista, this "key-based" security design is taken a step further by allowing
you to control what type of key the programs that run on your computer can use.