PsExec, User Account Control and Security Boundaries

Update: PSExec

Sysinternals Site Discussion — Mon, 12 Feb 2007 20:06:38 GMT

The following Sysinternals utility has been updated: PSExec v1.80 Update : This update to PsExec enhances

re: PsExec, User Account Control and Security Boundaries

Catalin — Mon, 12 Feb 2007 21:36:29 GMT

I believe DropMyRights will actually add a token to deny administrator rights ...

http://msdn2.microsoft.com/en-us/library/ms972827.aspx

Cosas Interesantes 12/02/2007

Be Geek My Friend — Mon, 12 Feb 2007 22:02:28 GMT

Hoy en cosas interesantes: Live Search para windows Mobile, WSUS 3.0 Release Candidate!!!!!!, Mobiles

The Value of UAC in Windows Vista

Jeff Jones Security Blog — Mon, 12 Feb 2007 22:17:33 GMT

Last week at the RSA conference, I had the excellent opportunity to talk to a lot of people about security

An interesting article about Windows Vista security model

KaRt0nEs Blog — Tue, 13 Feb 2007 02:10:36 GMT

Reading some security related RSS feeds, I've came upon an interesting article about the new Vista security

UAC and the discussions around it

Roger's Security Blog — Tue, 13 Feb 2007 11:13:19 GMT

Well, a lot of time when I talk to people about Windows Vista, two things pop up: User Account Control

re: PsExec, User Account Control and Security Boundaries

Isaac — Tue, 13 Feb 2007 21:30:17 GMT

Seems that UAC isn't sitting well with zdnet blog...

http://blogs.zdnet.com/security/?p=29

re: PsExec, User Account Control and Security Boundaries

Rulo — Tue, 13 Feb 2007 22:32:40 GMT

We use Psexec to execute scripts for monitoring windows systems using Pandora, very useful!!

Russinovich parla di UAC « In Vista

Russinovich parla di UAC « In Vista — Wed, 14 Feb 2007 00:52:42 GMT

PingBack from http://invista.wordpress.com/2007/02/13/russinovich-parla-di-uac/

re: User Interface Privilege Isolation (UIPI)

Foolhardy — Wed, 14 Feb 2007 01:19:40 GMT

User Interface Privilege Isolation (UIPI) is the third attempted solution to a very old Windows security problem.

Back in the ancient days of Win16, every task lived in the same address space, so there was no concept of OS security and no reason to disallow any task sending a message to any other task, even those impersonating the user. To maintain reverse compatibility (at least at the source level) with Win16 programs in Win32 for the new NT 3.1, sending of such messages between processes couldn't simply be automatically restricted-- it'd break too many things.

With the release of NT 3.51 and support for multi-user UI (via Citrix WinFrame), there needed to be a way to prevent processes belonging to different users (with different privilege levels) from being able to attack one another via the window message system. Hence the securable desktop object was born: every window belongs to a desktop object, and before a thread can send messages to the windows the desktop contains it has to pass an access check against the desktop's security descriptor.

Desktops worked quite nicely: each user got their own desktop, not accessible to other users. Potentially, a single user could have a desktop for each level of trust afforded to programs, each protected from each other (e.g. one for untrusted websites, one for normal stuff, one for admin tasks). I guess the biggest problem with desktops is that each desktop is visually disjoint from each other; no windows can be shared because that would defeat the purpose. This also a security benefit because it prevents a low-trust program from impersonating a high one.

With Windows 2000 and job objects, one of the limits that can be assigned to a job is to prevent processes in the job from accessing windows belonging to processes outside the job-- a sort of sandbox for processes that can't be trusted to access all the windows on the desktop. I'm not entirely sure why this method isn't being used.

UIPI prevents processes in a lower integrity process from sending most messages to windows belonging to higher integrity level processes. Apparently, it misses some edge cases.

IMO, this problem was solved long ago with desktop objects and two more re-inventions of the wheel imply that there are too many cooks spoiling the soup.

re: PsExec, User Account Control and Security Boundaries

Vinay — Wed, 14 Feb 2007 03:08:47 GMT

Thanks for an excellent post. Please keep blogging often..

Tim Anderson’s ITWriting - Tech writing blog » How secure is Windows Vista?

Tim Anderson’s ITWriting - Tech writing blog » How secure is Windows Vista? — Wed, 14 Feb 2007 11:58:14 GMT

PingBack from http://www.itwriting.com/blog/?p=128

lazy days » Blog Archive » Vista UAC dance-dance revolution

lazy days » Blog Archive » Vista UAC dance-dance revolution — Wed, 14 Feb 2007 16:33:18 GMT

PingBack from http://aoizora.org/nobue/?p=26

re: PsExec, User Account Control and Security Boundaries

Davey400 — Wed, 14 Feb 2007 17:19:34 GMT

My main reason for not using UAC is the fact that IE7 needs new windows when crossing security boundaries, i.e. switching from a local site to my webmail and to a non-trusted site causes new instances of IE7, and i am unable to open them in tabs

re: PsExec, User Account Control and Security Boundaries

Clint Andrews — Wed, 14 Feb 2007 17:26:44 GMT

As always an excellant read.

Reminds me of the Unix/Linux SUDO command. I guess I'll be happy as long as Mac commericals don't confuse users as to the advantages of the new security model and software developers learn how to right software and installations for limited users.

re: PsExec, User Account Control and Security Boundaries

David Walker — Wed, 14 Feb 2007 21:31:00 GMT

It's too bad that Microsoft has had to expend so much time and energy creating such a framework... just because so many idiots want to create "malware" that can take over computers and send out spam for penny stocks and "growth" pills.

This time and energy could be better spent elsewhere. If only everyone were honest...

re: PsExec, User Account Control and Security Boundaries

Mactire — Wed, 14 Feb 2007 22:03:41 GMT

While I applaud the intent of UAC, I do have one substantial problem with it. I have always run as a standard non-privileged user and have used RunAs to elevate applications with an admin account that I use only for that purpose. In Vista I now have to choose to always be prompted for credentials (annoying and time consuming) or just receive the Consent prompt, which of course does not give me the ability to choose when I want to run with local admin creds for local activities vs. a network admin account for domain management functions. I would like to be able to set Consent as the default and have the ability to specify applications for which I would be prompted for credentials.

stuart @ amanzi » Blog Archive » Vista’s False Sense of Security

stuart @ amanzi » Blog Archive » Vista’s False Sense of Security — Wed, 14 Feb 2007 22:26:45 GMT

PingBack from http://stuart.amanzi.co.nz/2007/02/15/vistas-false-sense-of-security/

treml::techblog » Blog Archive » PsExec, User Account Control and Security Boundaries

Thu, 15 Feb 2007 03:24:27 GMT

PingBack from http://juergentreml.online.de/techblog/archive/20

Vista and UAC

Mike Taulty's Blog — Thu, 15 Feb 2007 03:30:48 GMT

It looks like UAC in Vista is coming under more and more scrutiny. I've seen a lot of links to this post which...

GadGetGuide » Archives » Der schnelle Weckruf vom 15.02. - Gadgets, cooles Zeug, Geschenkideen

Thu, 15 Feb 2007 09:50:04 GMT

PingBack from http://gadgetgui.de/blog/?p=571

Tech Network Blog » Blog Archive » Windows Vista Security

Tech Network Blog » Blog Archive » Windows Vista Security — Thu, 15 Feb 2007 10:05:29 GMT

PingBack from http://blog.tech-network.de/?p=153

Computerhilfen.com: Tech-News » Blog Archive » Vista security: Worse than thought?

Thu, 15 Feb 2007 15:29:41 GMT

PingBack from http://www.computerhilfen.com/technews/2007/02/15/vista-security-worse-than-thought/

J@??????’s Stack Trace » Blog Archive » Privilege escalation in Vista (Vista Security Model ??? A Big Joke?)

Thu, 15 Feb 2007 18:17:54 GMT

PingBack from http://www.jasonmacpherson.com/?p=20

Dinis Cruz Blog » Blog Archive » UAC not a security feature

Dinis Cruz Blog » Blog Archive » UAC not a security feature — Thu, 15 Feb 2007 20:01:45 GMT

PingBack from http://blogs.owasp.org/diniscruz/2007/02/15/uac-not-a-security-feature/

To Nick a challenge:

E-Bitz - SBS MVP the Official Blog of the SBS "Diva" — Fri, 16 Feb 2007 05:06:40 GMT

http://msmvps.com/blogs/thenakedmvp/archive/2007/02/15/user-account-control-uac-on-vista-a-useless-feature-t.aspx

Sicurezza in Windows Vista

Blog Team TechNet Italia — Fri, 16 Feb 2007 15:55:50 GMT

Ciao a tutti. Dopo qualche giorno passato a Seattle ad imparare cose nuove ritorno per segnalarvi alcuni

Sicurezza, ICT ed altro » Blog Archive » Sicurezze a confronto

Sicurezza, ICT ed altro » Blog Archive » Sicurezze a confronto — Fri, 16 Feb 2007 20:12:01 GMT

PingBack from http://www.telmon.org/?p=124

learning something new » Blog Archive » Safer email and web browsing with psexec

Sun, 18 Feb 2007 00:45:46 GMT

PingBack from http://dalelane.co.uk/blog/?p=117

Un lugar en el mundo… » Blog Archive » Retazos de la semana (y XII)

Un lugar en el mundo… » Blog Archive » Retazos de la semana (y XII) — Sun, 18 Feb 2007 08:31:47 GMT

PingBack from http://blog.unlugarenelmundo.es/2007/02/18/retazos-de-la-semana-y-xii/

Sergio Hernando » A vueltas con la seguridad de Windows Vista

Sergio Hernando » A vueltas con la seguridad de Windows Vista — Sun, 18 Feb 2007 12:57:14 GMT

PingBack from http://www.sahw.com/wp/archivos/2007/02/18/a-vueltas-con-la-seguridad-de-windows-vista/

Rutkowska vs. Russinovich on Vista UAC security at Security Samizdat

Rutkowska vs. Russinovich on Vista UAC security at Security Samizdat — Mon, 19 Feb 2007 17:49:10 GMT

PingBack from http://security-samizdat.com/2007/02/19/rutkowska-vs-russinovich-on-vista-uac-security/

Na jak wiele sposobów można przedstawić jedną rzecz...

Wampiryczny blog — Mon, 19 Feb 2007 22:17:28 GMT

Temat jest prosty(?) Vista, UAC i opinia o nim przedstawiona przez Joannę Rutkowską. A teraz do rzeczy. Najpierw oczywiście mrożący krew w żyłach artykuł o sporze Microsoftu i Joanny Rutkowskiej. Swoją drogą zjeżyło mnie tłumaczenie pojęcia

re: PsExec, User Account Control and Security Boundaries

Jerimiah Cole — Tue, 20 Feb 2007 01:18:42 GMT

You say, "The elevation and Protected Mode IE sandboxes might have potential avenues of attack , but they’re better than no sandbox at all."

I couldn't disagree with you more. Weak or easily circumvented security is _far worse_ than no security at all. Why? Because it crease a sense of security when there is no justification for one, aka a false sense of security.

Best of Webmaster Blog » Blog Archive » Vista Security Overhaul Questioned

Best of Webmaster Blog » Blog Archive » Vista Security Overhaul Questioned — Tue, 20 Feb 2007 07:02:06 GMT

PingBack from http://blog.imagestr.com/?p=29

Symantec Security Response Weblog: An Example of Why UAC Prompts in Vista Can’t Always Be Trusted

Chris Mosby at myITforum.com — Tue, 20 Feb 2007 17:31:40 GMT

An Example of Why UAC Prompts in Vista Can’t Always Be Trusted People who have been following the not

Liquidmatrix Security Digest

Liquidmatrix Security Digest — Tue, 20 Feb 2007 23:04:51 GMT

PingBack from http://www.liquidmatrix.org/blog/2007/02/20/vista-security-overhaul-questioned/

UAC isn't a security feature, really?

Josh's Windows Weblog — Wed, 21 Feb 2007 04:00:59 GMT

The press has been having a field day with headlines like this one due to a recent post by Mark Russinovich

Un parere sullo User Account Control (UAC), da ingegnere e non da fisico

Security Blog di Feliciano Intini — Wed, 21 Feb 2007 20:48:30 GMT

Devo confessarvi un personale dissidio interno: sotto la corteccia da ingegnere che mi ritrovo, pulsa un cuore da (mancato) teorico di fisica nucleare. Proprio così: da liceale sognavo di avviarmi alla carriera dello "scienziato", grazie ad una illuminazione

re: PsExec, User Account Control and Security Boundaries

lvitte — Thu, 22 Feb 2007 11:09:35 GMT

There are a couple things relating to the new consumer and marketer benefit. First of all, I am a certified M.C.S.E, if that means anything anymore, and most of my business clients are running what I suggest for their solutions, Windows XP, the only thing is that after i tried the beta of windows vista things started going bad. Then I notticed that microsoft was initialing updates for XP that cordiallited with Vista. The only problem is that most of the updates for XP are "screwing" up the system. I've read the tech papers of all the kernel updates and FS updates and found a pattern. Backwards compatibility is an issue for microsoft. Obviously you and your staff already know this, but the fact is my media "movies" are studdering like never before and this blog is studdering every time i hit a key. Yes, you are advancing, but how fast and how far do you have to go to sacrifice customer satisfaction, instead of gaining so. I am a business owner. Honestly, I am thinking of switching to linux.

UAC e Fronteiras de Segurança

Segurança na Microsoft — Thu, 22 Feb 2007 18:10:11 GMT

"Fronteira de segurança" (ou security boundary ) é alguma barreira pela qual código ou acesso não podem

UAC isn't a security feature, really?

Josh's Windows Weblog — Thu, 22 Feb 2007 18:52:14 GMT

The press has been having a field day with headlines like this one due to a recent post by Mark Russinovich

Why bother then?

Marek — Fri, 23 Feb 2007 17:36:01 GMT

If all implementation bugs in UAC are not to be considered as security bugs why bother then? Why assume that every setup executable should be run elevated? Is the UAC designed just to piss people off?

I liked the UAC idea very much... . Please, don't waste it!

W2K.PL » Blog Archive » UAC lubiany, UAC znienawidzony….

W2K.PL » Blog Archive » UAC lubiany, UAC znienawidzony…. — Tue, 27 Feb 2007 01:58:43 GMT

PingBack from http://www.w2k.pl/uac-lubiany-uac-znienawidzony/

re: PsExec, User Account Control and Security Boundaries

Armin Kittel — Thu, 01 Mar 2007 01:53:45 GMT

Vista is certainly a step in the right direction (of least privilege computing). Now, when will we finally arrive at a state where administrator privileges are exactly that – there to administer OS level files and processes and ALL users (developers, casual users, guests, etc.) can run on the machine and do everything they need to do WITHOUT requiring any administrator privileges. To be specific, there should for example be an elevated permission level allowing for debugging user space processes that is short of being an administrator level privilege that has jurisdiction over OS level files and processes.

re: PsExec, User Account Control and Security Boundaries

Lionel Fourquaux — Fri, 02 Mar 2007 01:21:14 GMT

This is very interesting, but I feel some points could be clarified.

"elevations and ILs don’t define a security boundary"

Wouldn't it be even better to have created new security boundaries? Isn't it possible to create some kind of trusted path for user input that would prevent hostile processes from sending messages to elevated processes without impairing usability? Which one is the right answer:

1. There is a fundamental reason that makes such a trusted path impossible, or at least very difficult to implement within the current Windows security infrastructure. (Can you explain why?)

2. There is a fundamental reason why usability would be degraded. (Do you have a precise scenario that show this fundamental reason?)

3. It could be done, but it affects backward compatibility so strongly that it was rejected (e.g. because accessibility tools would have to be rewritten).

4. It could be done, but it requires so much checking (e.g. validating input for any program that could run elevated, for the example you describe) that you didn't include it in your threat model.

Confusion about Vista Features: What UAC Really Is

Jesper's Blog — Fri, 02 Mar 2007 10:07:04 GMT

As you may know I am just putting the finishing touches on a new book. Roger Grimes and I teamed up to

Vista open to user-privilege bug - Error

Vista open to user-privilege bug - Error — Fri, 02 Mar 2007 10:07:20 GMT

PingBack from http://www.errorforum.com/microsoft-windows-vista-error/10998-vista-open-user-privilege-bug.html#post13669

Eeye meldet (Sicherheits-)L?cke in Windows Vista - WinBoard - Die Windows Community

Fri, 02 Mar 2007 15:20:47 GMT

PingBack from http://www.winboard.org/forum/news/55179-eeye-meldet-sicherheits-luecke-windows-vista.html#post403772

re: PsExec, User Account Control and Security Boundaries

Harry Johnston — Tue, 06 Mar 2007 00:08:21 GMT

UAC may not achieve a great deal of security directly but it may still be worthwhile - depending on how the community reacts to it. If developers can get away with "to use our software, turn UAC off" then it won't help. If users won't accept that, developers will be forced to write software that doesn't assume admin privilege. That would be a big step forwards.

Merchant Accounts » PsExec, User Account Control and Security Boundaries

Merchant Accounts » PsExec, User Account Control and Security Boundaries — Wed, 07 Mar 2007 05:22:36 GMT

PingBack from http://www.accountmerchant.org/psexec-user-account-control-and-security-boundaries/

Tim Anderson’s ITWriting - Tech writing blog » Visual Studio 2005: still needs admin rights on Vista?

Wed, 07 Mar 2007 17:26:26 GMT

PingBack from http://www.itwriting.com/blog/?p=151

Quotes Manager Blog » Blog Archive » I DID IT!!!!!!! True UAC for Vista and XP by SafeZilla!!!!!

Wed, 07 Mar 2007 20:09:46 GMT

PingBack from http://quotes-manager.com/blog/2007/03/07/i-did-it-true-uac-for-vista-and-xp-by-safezilla/

re: PsExec, User Account Control and Security Boundaries

James — Sat, 10 Mar 2007 21:30:22 GMT

I agree with Harry that 'just turn UAC off' becoming accepted would be bad; what irritated me when I first tested my TFind utility - a command-line file searched, linked from my name here - is that the manifest setting 'requireAdministrator' causes it to open in a *new* command window - so the search results disappear as soon as it finishes!

(The current builds lack that setting: running will just fail, unless you open an elevated command window. Apparently tools like chkdsk have similar behavior, but I'm working on a more user-friendly workaround.)

Talking of user-friendly, this blog's comments would be a lot more readable if the 'pingbacks' appeared separately from regular comments!

Blame It On The Model

jsd — Mon, 12 Mar 2007 23:25:06 GMT

There's a fundamental problem here that's not going to go away soon: the Windows security model has become extremely complex.

It's hard to program, which is what leads to such unforgiveable consequences as Grisoft making their files world-writable ("I can't get the SID-lookup to work on all platforms" "Well just add the Everyone group then - that's easy enough and it's sure to work everywhere")

It's hard to identify why apps fail when running with limited rights, even _with_ Mark's tools (and where would we be without those - thanks _so_ much, Mark) which is what leads to developers running as admin, and to corporate support staff setting up users as local admins on their workstations. No doubt also that's why the default user is still being created as an admin when Windows is installed.

Nor are matters helped by friendly error messages that hide the true cause of a problem, which admittedly in many cases is not even available to the failing application. How often have you had a COM object fail with a 0x....0005 error and cursed for not knowing to _what_ object access was being denied?

The more complicated the security model, the harder it is going to be to persuade anybody - developers, installers, or (heaven forbid) end users - to abide by it.

Additional complexity in a security system helps nobody except those with the time and incentive to find ways of breaking it. Worse yet: it increases their chances of doing so.

Sadly, the addition of Integrity Level is likely only to exacerbate this situation.

re: PsExec, User Account Control and Security Boundaries

Harry Johnston — Tue, 13 Mar 2007 04:11:52 GMT

UAC is already helping:

http://www.cakewalk.com/support/kb/kb20070117.asp

(I don't know what this product does, but it didn't used to run without administrator access and now it does - because of UAC.)

Windows Server Longhorn - Per User Password Policy

Musings, Ramblings, and the Occasional Useful Information — Fri, 16 Mar 2007 19:15:33 GMT

I can't imagine that this will make the front page of People Magazine , but if you are a Network or Security

UAC report for the week

E-Bitz - SBS MVP the Official Blog of the SBS "Diva" — Sun, 25 Mar 2007 23:38:12 GMT

What is Vista's User Account Control as described by the Uber Geek crowd: http://blogs.technet.com/markrussinovich/archive/2007/02/12/638372.aspx

re: PsExec, User Account Control and Security Boundaries

Keith Patrick — Mon, 26 Mar 2007 16:10:05 GMT

Vista UAC has screwed me ROYALLY. When I changed my main user account from an admin to regular user, all UAC prompts for admin rights tell me to enter a password but provide no means for producing a password. So basically, I cannot perform a single administrative task (including reinstalling the OS, as I downloaded it from MS Live Marketplace). I spent an hour yesterday talking with MS Support to no avail (I'm using one of MS' own F-Lock keyboards, which is apparently disabled during the Windows bootup process, so I cannot boot into Safe mode) and am waiting for an escalation callback.

So let me say, I hate, hate, HATE UAC. I disregarded all the posts about how it's annoying. Forget that - it flat out has locked me out of my system. I've even tried writing a client to impersonate the admin user, and while it can give me a token, the token belongs to me *actual* user. In fact, lemme say that my hate of UAC now goes so far that I hate all of Vista with it (tends to happen when you pay $250 to get locked out of your machine)

Botnets by Email

Mark's Blog — Tue, 10 Apr 2007 01:37:41 GMT

I make no effort to hide my email address, which means that I know the instant a new email-based virus,

Afaceri pe internet » Blog Archive » Vista Security Model ??? A Big Joke?

Afaceri pe internet » Blog Archive » Vista Security Model ??? A Big Joke? — Wed, 18 Apr 2007 15:51:52 GMT

PingBack from http://blog.afaceri-pe-internet.com/00200712/vista-security-model-%e2%80%93-a-big-joke

» Hacker, Microsoft duke it out over Vista design flaw | Zero Day | ZDNet.com

» Hacker, Microsoft duke it out over Vista design flaw | Zero Day | ZDNet.com — Wed, 23 May 2007 01:31:58 GMT

PingBack from http://blogs.zdnet.com/security/?p=29

re: PsExec, User Account Control and Security Boundaries

Bob — Sun, 10 Jun 2007 10:02:12 GMT

Mark, A thought:

How hard would it be to write a piece of code that can invade the sandbox and then lie in wait until an elevation of priviledge occurs?

Also, does a program at medium mode have acces to the file that it was run from, that is, would IE have access to iexplorer.exe?

Sounded like a "no".

I'd love to see your thoughts on both these items.

re: PsExec, User Account Control and Security Boundaries

hotindir — Wed, 20 Jun 2007 15:49:30 GMT

http://www.hotindir.com

re: PsExec, User Account Control and Security Boundaries

cellotin — Mon, 25 Jun 2007 20:14:33 GMT

Talking of user-friendly, this blog's comments would be a lot more readable if the 'pingbacks' appeared separately from regular comments!

re: PsExec, User Account Control and Security Boundaries

jeremyd — Wed, 04 Jul 2007 10:30:47 GMT

Microsoft has made it fairly easy to get elevated from a limited user, via Manifest or RunAs verb to ShellExecute, but I have noticed a distinct lack of ability to spawn a limited process from an elevated one. Now, I can use CreateRestrictedToken and CreateProcessAsUser to create a restricted process, a la the "run as limited" option in process explorer. But I have found that processes created in this way (including from the process explorer option) have odd "access denied" errors running things like whoami /all. These seem to be fixed in psexec -l. Can you explain what code was required to make that work right? Also, can you explain how to set the integrity level of the process, as I would like to create a process in Medium level since this is what normal limited processes are. I was trying to track though psexec -l in a debugger with the interesting function calls, and see that you call SetTokenInformation with TokenLinkedToken class. I cannot seem to get this to work, I get that I do not have a required privilege. And looking at the memory for the TOKEN_LINKED_TOKEN struct in the debugger, your token looks more like a valid pointer than any of the token handles I have been seeing. Is there some trick to this? I may have to dig into the kernel debugger to see what is going on with these...

re: PsExec, User Account Control and Security Boundaries

siteymaps — Wed, 04 Jul 2007 19:56:04 GMT

Talking of user-friendly, this blog's comments would be a lot more readable if the 'pingbacks' appeared separately from regular comments!

re: PsExec, User Account Control and Security Boundaries

jeremyd — Thu, 05 Jul 2007 03:19:05 GMT

Figured out my questions on my own:

turns out the call I thought was setting the linked token was actually setting something else (probably was the integrity level). Setting the linked token requires SeCreateTokenPrivilege. The fix which makes the whoami command start working is to add the user of the token to the token's default dacl with PROCESS_ALL_ACCESS. Setting the integrity level is done with SetTokenInformation with the TokenIntegrityLevel option, and specifying the proper integrity level Sid.

I wish there was a way to set the Linked Token and the other elevation-related properties of the token, so that code which is inspecting these properties to see if it is elevated can properly tell that it is not. Any ideas?

Windows Security Boundaries

Windows Security Boundaries — Sat, 07 Jul 2007 01:03:54 GMT

PingBack from http://doubt.pernick.org/2007/07/06/WindowsSecurityBoundaries.aspx

User Account Control and Default Settings For 2 Policies

Gale — Thu, 02 Aug 2007 12:25:25 GMT

Where can I locate the Default setting for the UAC policies on all Vista editions other than Home & Enterprise for these:

1.User Account Control: Detect application installations and prompt for elevation

Default: Enabled (home) / Disabled (enterprise)

2.User Account Control: Behavior of the elevation prompt for standard users

Default: Prompt for credentials (home) / Automatically deny elevation requests (enterprise)

The above defaults are documented on the Explain Tab of the Properties Tab of each of these policies - but are INCOMPLETE

re: PsExec, User Account Control and Security Boundaries

Quitch — Thu, 15 Nov 2007 03:25:46 GMT

I am finding the difference between AAM and OTS less than clear. Is the article indicating that OTS leads to a security boundary due to the elevated process being launched under a separate user account i.e. the admin, or is this merely terminology to indicate which account the elevation request came from?

re: PsExec, User Account Control and Security Boundaries

marisha ohama — Sat, 08 Dec 2007 11:43:46 GMT

Thank goodness I finally came across your site. Basically, I know barely computer basics, and I don't even know how to use the command promt, but even someone as unknowledeable about computers such as myself knows that something is amiss when the hierarchy in my folders looks all messed up- I was begining to think that all this strangeness is just a figment of my imagination - My computer is acting strangely- active desktop, remote console, default user, owner, shared files, sharing files, Local C and C??? It seems as if someone is controlling my pc remotely from the console. I have learned a great deal about computers over the past few weeks just trying to unravel the fact that I am not imagining things, but a novice like me needs a lot of help fixing things.

Victor

Victor — Wed, 09 Apr 2008 08:06:24 GMT

Cool guestbook, interesting information... Keep it UP. excellent site i really like your stuff.

Pakistan IT forum

ranaawais — Sat, 28 Jun 2008 11:37:20 GMT

re: PsExec, User Account Control and Security Boundaries

Hypotheek in Duitsland — Mon, 30 Jun 2008 15:26:00 GMT

Thanxx, for taking the words out of my mouth.

But there rest is pretty amazing.

re: PsExec, User Account Control and Security Boundaries

John P — Wed, 29 Oct 2008 05:39:35 GMT

This is great. Now my 75 year old mum can use her PC securely... right after she studies for her MCSE... Are you really sure you guys can't make things easier?