Old time windows users are probably accustomed to deal with many user account types on the windows operating systems like; administrator accounts, user accounts, power user accounts, guest accounts, etc. Now, Microsoft changed the way we create and manage user accounts on windows vista. In vista, there are only two types of accounts, administrators and standard users, and none of them have administrator privilege by default. This is the result of a new security feature introduced on this new operating system called User Account Control. All this, and some of other details, will be the purpose of this post. Hang on.

To understand how user accounts differ on windows vista, let’s examine how user accounts work on widows XP. On windows XP, whether you install or configure the operating system you need to provide a password for the special administrator account, and then create one or more regular users. Here, the administrator is what’s called a built-in account type, and is typically reserved for maintenance tasks and has full access to the system. In theory, regular users, that is, people who are not administrators on the computer were supposed to have less control over the system for security reasons. Well, if you have actually pay attention when you create a user account on windows XP, this is not the case, because every user account you create during the post-setup is automatically granted administrator level access, and all the applications that run on that user account assume administrative privileges. This is not good when it comes to malicious software because every piece of code that runs on that account it has the same privilege level as the user.

On windows vista, everything has changed. Now when you install windows vista for the first time, or press the power button on that brand new computer with windows vista preconfigured for the first time, you are prompt to input a bit of information including a username and password which is granted administrative privileges. Unlike windows XP, vista does not create an administrator account by default, instead uses this account.

User Accounts on Vista

Windows vista, unlike windows XP, supports only two account types. Administrator and standard user. The administrator account in vista is the same as in windows XP. The user has access to the entire system and can do whatever changes he likes.
The standard user account has limited access. the user can use most software, and run certain windows services, but is prevented from installing new applications or change system settings like, the system time, or run some control panel applets. Now to complete the entire picture, we should turn to the new security feature on windows vista called user account control.

User Account Control

In order to make windows vista more secure, Microsoft architected windows vista very differently than any previous operating system. They divided the tasks on two modes, those tasks that require administrative privilege, and those that don’t. This operating system re-structure required a lot of thinking and engineering, but the result is priceless, because this and many other security features have made windows vista the most secure operating system ever released by Microsoft. Now, let’s look how user account control work.

In windows vista any user whether configured as administrator or standard user can perform the tasks that don’t require administrative privilege. Tasks like, running applications, changing time zones, running windows updates, adding a printer etc. but when the user attempt to run a task that requires administrative privilege and that user does not have administrative privilege on the system, a dialog box is prompted to put an administrator username and password, or if the user already has administrative privileges on the system, a dialog box is only prompted to consent the operation.

An interesting thing happens in windows vista at the logon process. When a user with administrative privilege logs in, that user account is given two tokens; one with standard user privilege level and the other with administrative privilege, but all the profiles are loaded with standard user privilege. So, when an administrator logs in on windows vista, that account is seen as a standard user, and if something is perform that requires administrative privilege, that account requests to be elevated, and the administrator account kicks in. slick uh.

User account control is a complex mechanism that requires many components to run in the background, like, system virtualization, folder redirectors, registry virtualization etc. no doubt, windows vista is the most secure operating system on earth.

Get the latest post from Help Desk Geek in a RSS reader. Subscribe to this blog.

This entry was posted on Wednesday, November 7th, 2007 at 11:50 pm and is filed under Windows Vista Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.