History
Operating systems on mainframes and on servers have differentiated between superusers and userland for decades. This had an obvious security component, but also an administrative component, in that it prevented users from accidentally changing system settings.
Early Microsoft home operating systems (such as MS-DOS, Windows 95, Windows 98 and Windows Me) did not have a concept of different user accounts on the same machine, and all actions were performed as super user / an administrator. Windows NT introduced multiple user accounts, but in practice most users continued to operate as an administrator for their normal operations. Further, some applications would require the user be an administrator for some or all of their functions to work. Subsequent versions of Windows and Microsoft applications encouraged the use of non-administrator user logons, yet some applications continued to require it. To be certified Windows compliant by Microsoft, and be able to use the Windows compliant logo with their packaging, applications had to not require administrator privileges.
Introduced in Windows Vista, User Account Control (UAC) is an integrated, more balanced approach to encourage "super-user when necessary". Linux and Unix users will be familiar with this, as UAC's functionality is very similar to the "sudo" command. The key to UAC lies in its ability to elevate privileges without changing the user context (user "Bob" is still user "Bob"). As always, it is difficult to introduce new security features without breaking compatibility with existing applications.
When logging into Vista as a standard user, a logon session is created and a token containing only the most basic privileges is assigned. In this way, the new logon session is incapable of making changes that would affect the entire system. When logging in as a user in the Administrators group, two separate tokens are assigned. The first token contains all privileges typically awarded to an administrator, and the second is a restricted token similar to what a standard user would receive. User applications, including the Windows Shell, are then started with the restricted token, resulting in a reduced privilege environment even under an Administrator account. When an application requests higher privileges or "Run as administrator" is clicked, UAC will prompt for confirmation and, if consent is given, start the process using the unrestricted token.
In Windows 7, Microsoft included a user interface to change User Account Control settings, and introduced one new notification mode, the default setting. By default, UAC does not prompt for consent when users make changes to Windows settings that require elevated permission. Programs that require permission to run still trigger a prompt. Other User Account Control settings that can be changed through the new UI could have been accessed through the registry in Windows Vista.
Read more about this topic: User Account Control
Famous quotes containing the word history:
“When the landscape buckles and jerks around, when a dust column of debris rises from the collapse of a block of buildings on bodies that could have been your own, when the staves of history fall awry and the barrel of time bursts apart, some turn to prayer, some to poetry: words in the memory, a stained book carried close to the body, the notebook scribbled by hand—a center of gravity.”
—Adrienne Rich (b. 1929)
“There has never been in history another such culture as the Western civilization M a culture which has practiced the belief that the physical and social environment of man is subject to rational manipulation and that history is subject to the will and action of man; whereas central to the traditional cultures of the rivals of Western civilization, those of Africa and Asia, is a belief that it is environment that dominates man.”
—Ishmael Reed (b. 1938)
“To care for the quarrels of the past, to identify oneself passionately with a cause that became, politically speaking, a losing cause with the birth of the modern world, is to experience a kind of straining against reality, a rebellious nonconformity that, again, is rare in America, where children are instructed in the virtues of the system they live under, as though history had achieved a happy ending in American civics.”
—Mary McCarthy (1912–1989)