Windows7 I mentioned earlier, Windows7 some operations can now be a standard user to perform, but as the E7 blog article about UAC As stated, we also recognize that we can make the Windows experience smoother without affecting the UAC's goals. Many users complain that Windows Vista itself frequently requests administrative privileges when they perform common system management operations. It is in our best for us to be able to work properly for a standard user environment, as this will benefit our customers. However, the elevated permission prompt does not warn or encourage us to do so, but rather forces the user to click again in a dialog that most users do not understand. As a result, Windows 7 begins to minimize these prompts from the default Windows experience and enables users running as administrators to control their prompting experience.
this end, we further reconstruction of the system, so that users who have standard user privileges will be able to perform more tasks, and we reduced the number of multi-prompt program (for example, install the ActiveX control in IE) The number of prompts in . Windows 7 also introduces two new UAC modes of operation that can be selected in the new UAC configuration dialog (see Figure 3). You can open this dialog by going to Control Panel, clicking User Accounts, clicking User Accounts, and then clicking Change User Account Control Settings. (You can also "change display these notices" link to access the dialog box or by visiting the "operations center." By clicking on the elevation prompt)
Figure 3 is one of the default settings displayed A new level. Unlike the "always notify" at the top of the slider and equivalent to the default mode in Windows Vista, Windows 7 will prompt the user by default only when a non-Windows executable request is promoted; the behavior for non-Windows promotion is the same as Windows Vista.
next slide position following the second new set, it has the same label, but by appending a "(without lowering the desktop brightness)." The only difference between this mode and the default mode is that the prompt will appear on the user's desktop (not the secure desktop). This has the advantage that the user can interact with the desktop while the prompt is active, but as I mentioned earlier, there is a risk that third-party accessibility software may not work properly on the prompt dialog.
Finally, if you select the bottom of the slider position, will completely disable UAC technology, so the use of all software will run PA accounts with full administrative privileges to run, the file system and registry virtualization will be Disabled, and protected mode IE will be disabled. Although there is no prompt when using this setting, the loss of protected mode IE is a big drawback of this mode.
automatically raise
when using the middle two settings, the reason why (most) to enhance the Windows executable file will not prompt, the reason is that the system "auto enhance" may be a Windows executable file. First, in this context, what is the definition of Windows executables in Windows? The answer depends on several factors, but there are two conditions that must be met: the executable must be digitally signed by WindowsPublisher, and WindowsPublisher is used for Windows. A certificate with all the code attached (signed by Microsoft only is not enough, so Microsoft software not included with Windows is not included); and the executable must be in one of the few "safe" directories. A secure directory is a directory that cannot be modified by standard users, and they include %SystemRoot%/System32 (for example, /Windows/System32) and most of its subdirectories, %SystemRoot%/Ehome, and a few directories under %ProgramFiles% (where Includes WindowsDefender and Windows Journal.)
the same time, depending on the executable file is an ordinary .exe, Mmc.exe, or a COM object may be, there are some additional rules to automatically upgrade. If the .exe type of Windows executable (as defined above) specifies the autoElevate attribute in its manifest, these executables will be automatically promoted. The application will also indicate to the UAC in the list that they need administrative rights. The SysinternalsSigcheck utility here dumps the list of task managers (Taskmgr.exe) with the command "sigcheck–m%systemroot%/system32/taskmgr.exe", which shows that the task manager has been added to the automatic promotion, as shown in Figure 4. Shown.
look in the directory tree automatically upgrade executable file A simple method is to use SysinternalsStrings utility from the command shown below:
strings-s * .exe |
findstr /iautoelevate
there is a hard-coded list that includes obtaining an automatic upgrade process for Windows executable files. These Windows executables are not internal files that ship with Windows 7, so they must be able to run on older systems where the autoexecute attribute causes errors. The list includes Migwiz.exe (migration wizard), Pkgmgr.exe (package manager), and Spinstall.exe (service pack installer). Microsoft Management Console will
Mmc.exe special treatment because it carries a plurality of management systems managing unit implemented in the form of DLL. Mmc.exe is launched from the command line, which specifies an .MSC file listing the snap-ins MMC to be loaded. Mmc.exe will request administrative privileges when launched through the PA account. When Windows discovers this, it will verify that Mmc.exe is a Windows executable and then check for .MSC. In order to qualify for automatic promotion, the .MSC file must satisfy the Windows executable condition (signed by Windows in a secure location) and must be listed in the internal list of the Auto-Promoting .MSC. This list actually includes all .MSC files shipped with Windows.
Finally, COM objects can create a subkey named Elevation of (set its value named Enabled to 1), the use of the registry value of its registry key to specify the required administrative privileges. Figure 5 shows the registry keys for the "copy" /"move" /"rename" /"delete" /"link" objects of the shell, when the user performs file system operations at a location where the user does not have access to their account, resource management This object will be used by the device.
enable COM objects to automatically upgrade, it must be a Windows executable file, and Windows executable files must have been instantiated. (However, there is no need to mark the instantiated executable as an auto-promotion.) For example, when you use the resource manager to create a directory in the %ProgramFiles% directory via a PA account, the operation is automatically promoted because the COM object requests elevation, The object's DLL is a Windows executable and the resource manager is a Windows executable.
automatically raise the UAC goal
so, the principle behind all special automatic promotion rules of what is to choose which program you want to automatically raise and which programs do not automatically raise is determined by the following questions?: "Can application developers be able to rely on automatic promotion to inadvertently or effortlessly rely on administrative privileges?" Because Cmd.exe can be used to execute batch scripts via command line arguments, and normal users do not need to run the command prompt in elevated mode ( Most users don't even know what the command prompt is), so Cmd.exe is not listed in the auto-upload list. Similarly, the executable file Rundll32.exe that hosts the Control Panel plugin is not automatically promoted in the final version of Windows 7, because it does not need to be promoted for any common administrative tasks, and if Rundll32.exe is automatically Ascension, its ability to host arbitrary DLLs via the command line will cause developers to require administrator privileges without realizing it.
since WindowsVista beta release, end users have been asking Windows to provide a method of adding any application to automatically upgrade list. The reason often mentioned is that a third-party application they use often forces them to constantly click on elevated permission prompts, which has become part of their daily work. Just like Windows Vista, Windows 7 does not provide this functionality. We understand that this kind of operation is very tedious, and there may be legitimate reasons why these applications can't run without administrative privileges, but developers will avoid revising their code to use standard user rights, which is too risky. Even if the list of which applications are automatically promoted can only be accessed by an administrator, developers can add their applications to the list simply by changing their application installer that requires a one-time upgrade. Instead, we choose to invest in training and work closely with application developers to ensure that their programs work as standard users.
Many people find the use of PA accounts by third-party software to run with standard user rights can be used to automatically upgrade to gain administrative rights. For example, the software can use the WriteProcessMemory API to inject code into the resource manager and execute the code using the CreateRemoteThreadAPI, a technique called DLL injection. Since the code is executed in a resource manager (a Windows executable), it can take advantage of automatically promoted COM objects (such as "copy" /"move" /"rename" /"delete" /"link" objects) To modify system registry keys or directories and grant administrative rights to the software. If so, these steps will need to be deliberately planned, and it doesn't matter, so we don't believe that legitimate developers will choose to do these steps than to modify their software to run with standard user rights. In fact, we recommend that any application developer not rely on elevated behavior in the system and recommend that application developers test how their software is running in standard user mode.
next discovery was that malware can use the same technique to obtain administrative privileges. Again, this is the case, but as I pointed out earlier, malware can also compromise the system with hints. From a malware perspective, the default mode of Windows 7 is no more secure than the "always notify" mode ("Vista mode"), and malware with administrative privileges will still crash when running in Windows 7's default mode.
conclusion
All in all, UAC is a set of technologies has an overall goal: enabling users to run as standard users. This was achieved because of changes to Windows that enabled standard users to perform more operations that previously required administrative privileges, combined with file and registry virtualization and prompts. The final standard is: The default Windows 7 UAC mode makes the PA user's experience smoother by reducing the prompts, allowing the user to control the legitimate software that can modify their system, and still achieve the UAC goal, that is, to allow more software to be in the absence of administrative rights. Run down and continue to transform the software ecosystem into writing software that works with standard user rights.