Extending Vista, Windows 7 and UAC (User Access Control)

Windows Vista introduced User Account Control (UAC), which provides improved security by encouraging all users, including administrators, to run without administrative rights.

UAC disables a user’s administrative rights if they are logged on as an administrator and prompts the user when their admin rights are required. If a user logs on as a standard user on Windows Vista or Windows 7 they are asked to provide the credentials of an administrative account when they attempt to perform any task that requires administrative rights.

Although UAC is a welcome addition to Windows security, it is more suited to users who manage their own computers, as it is primarily intended to prevent inadvertent use of admin rights. Standard users must still have access to the administrator account to perform admin tasks, which makes it less suitable for most corporate environments, as the user may freely abuse these privileges and make any changes to their computer configuration.

Avecto Privilege Guard integrates seamlessly with Windows Vista and Windows 7 UAC to provide a more effective solution for controlling administrative rights in corporate environments. Privilege Guard can automatically elevate individual applications, without granting the user access to an administrator account. All applications run in the context of the standard user account and Privilege Guard elevates the process token for applications that require administrative rights. The decision to run an application with administrative rights is defined by Privilege Guard policy settings and not by UAC, ensuring the IT department has complete control over which applications should be granted admin rights.

Privilege Guard provides the following benefits when used on Windows Vista and Windows 7:

Eliminates inappropriate UAC prompts or consent dialogs
Enables standard users to perform approved computer configuration tasks, such as
amending network settings, managing printers and changing the time
Allows any application to be run with admin rights by a standard user
Allows standard users to install authorized software

UAC may continue to be used in prompt mode for real system administrators and Privilege Guard can provide complimentary functionality by overriding selective UAC decisions for particular applications, to either prevent an application from being elevated or elevate an application automatically without prompting the administrator.

The IT department have complete control over which applications are elevated by Privilege Guard, and policies may be applied to individual users or groups of users.