What is UAC?
UAC stands for User Account Control (User Account Control) which is a security feature provided by Windows Vista. It will pop up a dialog box when the user uses the computer to change the system settings or install software etc. which will affect the security and stability of the system and friendly prompt the user what they want to do.
When users use Windows Vista UAC is enabled by default. No matter what identity the user logs into the Windows Vista computer even if he logs into the computer as an administrator he only has the authority of a normal user. When the user performs some installation operations or setting operations the Vista system will pop up a dialog box to prompt the user what they want to do. In this process if you are using an administrator account to log in to Windows Vista you only need to click 'Continue' or 'Allow' to continue the operation. When you click UAC performs a privilege escalation and then the administrator really has the privilege of the administrator. If you log in to the computer as an ordinary user when they perform such an operation Windows Vista will pop up a dialog box for the ordinary user to enter an administrator account and password. In the previous Xp system if we were ordinary users we could not perform such operations but in Vista it also provides such operations but you must know the administrator's account and password.
Can this feature be disabled and turned on artificially?
Yes Windows Vista provides related tools.
Method 1: msconfig.exe tool
In the start menu -> Run -> enter \u0026quot;msconfig\u0026quot; and press Enter. Will start msconfig. Click the Tools tab as shown in the figure:
msconfig provides two options for enabling and disabling the UAC function select them and then click the Launch button to set successfully Up. Enabling the new setting requires restarting the computer.
In fact we can see from the commands executed by the tool that the UAC function is enabled and disabled by setting the registry.
C:\\Windows\\System32\\cmd.exe /k %windir%\\System32\eg.exe ADD HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System /v EnableLUA /t REG_DWORD /d 0 /f
The EnableLUA key under HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System in the registry is used to control the enabling of UAC function And pause 1 means enabling UAC function; 0 means disabling UAC function. It is not difficult to explain why the computer needs to be restarted after modifying the UAC settings.
Related settings of local security policy:
Enter \u0026quot;secpol.msc\u0026quot; in the start menu -\u0026gt;run-\u0026gt; to start the local security policy console. There are 9 UAC-related policies in the \u0026quot;Security Option\u0026quot; (Security Option) sub-node under the \u0026quot;Local Policies\u0026quot; (Local Policies) node.
If the program you write requires higher permissions to run you can create a manifest file for your program. In the manifest file add a description of the need to increase permissions:
\u0026lt;xml version=\u0026quot;1.0\u0026quot; encoding=\u0026quot;utf-8\u0026quot;\u0026gt; \u0026lt;asmv1: assembly manifestVersion=\u0026quot;1.0\u0026quot; xmlns=\u0026quot;urn:schemas-microsoft-com:asm.v1\u0026quot; xmlns:asmv1=\u0026quot;urn:schemas-microsoft-com:asm.v1\u0026quot; xmlns:asmv2=\u0026quot;urn: schemas-microsoft-com:asm.v2\u0026quot; xmlns:xsi=\u0026quot;://.w3.org/2001/XMLSchema-instance\u0026quot;\u0026gt; \u0026lt;assemblyIdentity version=\u0026quot;126.96.36.199\u0026quot; name=\u0026quot; DemoUACApp.app\u0026quot;/\u0026gt; \u0026lt;trustInfo xmlns=\u0026quot;urn:schemas-microsoft-com:asm.v2\u0026quot;\u0026gt; \u0026lt;security\u0026gt; \u0026lt;requestedPrivileges xmlns=\u0026quot;urn:schemas-microsoft-com:asm.v3\u0026quot ;\u0026gt; \u0026lt;requestedExecutionLevel level=\u0026quot;requireAdministrator\u0026quot;/\u0026gt; \u0026lt;/requestedPrivileges\u0026gt; \u0026lt;/security\u0026gt; \u0026lt;/trustInfo\u0026gt;\u0026lt;/asmv1:assembly\u0026gt;
In this way the compiled program The small shield will appear on the icon. I did an experiment and tried to use a program to create a subfolder under the Program Files folder of the system disk and create a normal text file in the folder.
The results of the experiment are as follows:
1) The option of privilege elevation is configured in the app.manifest file. Run the program with a normal account and a security prompt appears asking whether to run it. After clicking 'Allow' the program can run normally. Through the resource browser the newly created folders and files in the Program Files folder are found. In line with expectations.
2) Delete the app.manifest file and recompile the program. Run the program with a normal account and there is no security prompt. Found that the program can still run normally. However the newly created folders and files are not visible in the resource browser and the newly created folders and files can still be read normally through the code. It was a bit unexpected.
Since the code can be read normally the file does exist on the hard disk. Log in with the Administrator account and find that the newly created files and folders are visible when browsing the folders as Administrator. This is a bit weird haha. After debugging the code I haven't found out which part of the code has been elevated. However this reminds us that if we do not pay attention to UAC issues when programming it may cause unknown results.
In fact for developers the most 'small trouble' caused by UAC under Vista is to use Visual Studio to create Web applications (including WebApp and WebService) must remember to 'Run as Administrator' otherwise it will fail to create a project due to insufficient permissions. Or when using Sql Management Studio Express I forgot to 'Run as Administrator' and cannot connect to the SQL Server service.
You can open the properties dialog of the program shortcut. There is an 'Advanced button' under the 'Shortcut' tab. After opening it check the 'Run as Administrator' option and save . In this way you can use the left mouse button to open your Visual Studio and create your web application every time. It's just that every 'allow' action is still required. As shown in the picture:
Generally speaking UAC has a good idea. However this is based on the user's 'hot eyes'. MS can't require all users to be programmers and ITPro level? For programmers and ITPro Run as Administrator may be a warning but how many ordinary users can understand it? I personally feel that this UAC is still ineffective against intrusions in the form of spoofed emails using Hotfix that were sent in the name of MS a few years ago. To hit Hotfix system files must be activated and Administrator privileges are required. But once you give the installer administrator rights the machine still opens the back door\u0026hellip;\u0026hellip;?What is a U disk virus?