As the long-awaited release of Windows Vista approaches, it's a good idea to get acquainted with some of the security enhancements we can expect in Microsoft's latest operating system. With Vista, Microsoft has made some interesting changes to user security controls.
User rights and abilities will expand with the goal of tighter control of overall domain security as well as less interaction with using an administrator account. Redmond had done away with the power user mode, and the standard user mode will include a host of new abilities.
Standard user mode will now include the following privileges and abilities:
- View system clock and calendar.
- Change time zone.
- Install Wired Equivalent Privacy (WEP) to connect to secure wireless networks.
- Change power management settings.
- Add printers and other devices that have the required drivers installed on the computer (or that an administrator has allowed via Group Policy).
- Install ActiveX Controls from sites approved by an administrator.
- Create and configure a VPN connection.
- Install critical Windows updates.
Representing some of the most common tasks performed by users, these new privileges will require less interaction with administrators. If this seems like too much freedom to grant to your end users, don't worry: Administrators will be able to restrict these privileges through Group Policy.
However, many programs still require the user to have administrative rights. These programs typically require the ability to write to a non-system area of the OS usually protected against the standard user write ability—most often, the program files directory or a restricted portion of the registry.
Vista virtualizes this process by providing the application with a private copy of the file or registry key and placing that copy in the user's profile. This function extends the continued use of older or custom applications while reducing the vulnerability caused by giving everyone administrator status in order to run a specific application.
Vista takes two approaches to administrators and their rights: Admin Approval Mode and the Over-the-shoulder (OTS) Credential approach. When operating in Admin Approval Mode, administrators log on and run applications such as e-mail and Web browsing as a standard user.
When a task or application requires administrator privileges, the system notifies the administrator through a pop-up. Depending on the configuration of system policy settings for the domain, the pop-up asks the user to give consent to the operation or input additional administrative credentials.
This reduces the need for administrators to maintain a separate user account. In addition, at the operating system level, it enforces the use of least privilege for tasks not requiring administrative rights.
In the second approach—OTS Credential—the use of administrative credentials assists standard users requiring administrative rights to perform a task, such as the installation of new software. The system prompts the user to enter the local administrative password in order to allow the operation to proceed.
If a user doesn't know the local administrative account password, he or she can request remote assistance from an administrator. In addition, Vista also displays a shield icon beside actions that require administrative account rights to let users know in advance that it's an administrative function.
Microsoft has finally addressed user rights and their abilities to perform daily functions that don't impact the overall security of the workstation or domain. Automatically running programs in user mode—regardless of the account used to log in—will thwart attacks targeting administrators too lazy to log in with user credentials to check their e-mail or browse the Web—and it's about time!
Miss a column?
Check out the Security Solutions Archive, and catch up on the most recent editions of Mike Mullins' column.
Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.
Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.