BeyondTrust, a Microsoft Gold Certified Partner, has released last month a solution for the “annoying” UAC (User Account Control) security feature used by Windows Vista. Basically, according to Microsoft, users should be running Vista under a Standard Account to increase the security in the operational system. UAC comes into play when applications running under a Standard Account need to perform certain operations or access resources without having enough privileges. In this case, UAC prompts the user for the Administrator’s credentials, and if the credentials are validated, the request is granted.
The idea of having users running under a Standard Account is not new; for years, I have my Windows XP box running under a Standard Account with limited privileges, while using the Administrator Account only for maintenance purposes. The new ingredient in the soup is the UAC prompt box, which allows users to perform operations at higher privileges without logging out their Standard Account. Even though I agree 100% with Microsoft about the UAC feature to increase security, I must admit that, for home users, this feature must be annoying because there is a requirement to remember at least two credentials (assuming the user account is password protected), and if the Administrator’s credentials are not used in a while, users might forget them. Also, considering that, in some businesses, essential applications must run at a higher privilege level, I can easily imagine corporations replacing Windows Vista by Windows XP to avoid the security risk of giving away Administrator’s credentials to users.
BeyondTrust attempts to solve the UAC issue by releasing the BeyondTrust Privilege Manager. According to their press release, BeyondTrust Privilege Manager allows Administrators to configure essential applications to automatically receive a higher privilege when executed, while still maintaining the security of running under a Standard Account. I wasn’t able to find any white papers about the process, but I’m assuming a new layer was probably added to the regular UAC process, and it’s executed when an application needs higher privileges. Check out the flowcharts below for a better understanding of how I think this process works at higher level.
Any other suggestions about how this process might work?