In this article, Microsoft security guru Russell Smith looks at the limitations of Windows User Account Control, why Microsoft recommends the use of standard user accounts, and how IT admins are providing hackers with an easy way into corporate systems.
Despite its historical reputation as an insecure operating system, Windows today provides one of the most secure platforms for personal computing. Balancing usability and security has always been a compromise, especially in the consumer space, where User Account Control (UAC) provides a solution that isn’t perfect, but is useful when there’s no IT department to implement controls and help users decide about making changes to system configuration.
But UAC Protected Administrators don’t offer the same level of security afforded by standard user accounts, and moreover enterprises can’t customize UAC elevation prompts, granularly assign privileges to applications, or quickly grant rights in situations where policy prevents privilege elevation.
The rest of this article examines why UAC Protected Administrators are not suitable for use in the enterprise, and how IT admins are falling victim to attackers.