User Account Control and the Run As Command


One of the key new security features of Windows Vista is known as User Account Control. Enabled by default, User Account Control is designed to ensure that users are prompted any time that administrative privileges are required to complete a task. If you're logged on with an Administrator account, the User Account Control dialog box appears when you try to perform an action limited to Administrators; however, you only need to click Continue to perform the requested action, as shown in Figure 2-8.

image from book
Figure 2-8: The User Account Control dialog box as it appears when you're already logged on as an Administrator.

If you're logged on as a Standard user and attempt to perform an administrative action - such as installing software or changing the system time, for example - the User Account Control dialog box prompts you to supply the credentials associated with an Administrator account, as shown in Figure 2-9.

image from book
Figure 2-9: The User Account Control dialog box as it appears when you're logged on as a Standard user.

The basic idea behind User Account Control is that you'll be alerted every time an action requires the powers associated with an Administrator account. User Account Control makes it easy for everyone to work within the confines of a Standard user account, allowing them to complete tasks as an Administrator (if or when necessary) without the need to log off and back on with an Administrator account. Of course, if a user doesn't have the password associated with an Administrator account, the action that they are trying to take will be denied.

Beyond simply helping to control which actions Standard users can take on a Windows Vista system, User Account Control also helps protect your system against threats like worms, viruses, and spyware infections. Most of these pests require Administrator-level privileges to lodge themselves onto your system, so User Account Control helps by alerting you when such actions are attempted. If you notice that the User Account Control dialog box appears at strange times, it could indicate the presence of a pest or an attempt by an outside entity to compromise the security of your system.

As mentioned earlier in this chapter, there is a way for a Standard user to perform tasks requiring the powers of an Administrator without the need to log off and back on. That's the product of a Windows Vista User Account Control–related feature known as Run As.

Run As is a feature that enables you to open a program or install software by supplying alternate user account credentials for that particular task only. For example, imagine that you're logged on with your Standard user account and want to run a program that requires administrative privileges. Rather than log off and then log on with an Administrator account to complete the task, you can use the Run As Administrator command to open the program. As part of doing this, you're prompted by the User Account Control dialog box to supply the password associated with an account allowed to carry out such a task, in this case an Administrator.

Assuming that you've supplied a valid password, the program (and that particular program only) will proceed as it normally would for an Administrator. When it's done (the installation is complete, or the program that you opened is closed), the privileges associated with the account used with the Run As Administrator command effectively disappear until you use it again.

Follow these steps to open or install a program using the credentials of another user account through the Run As Administrator feature:

  1. Select Start Computer.

  2. Browse to the program file or shortcut that you want to open using another user's credentials.

  3. Right-click the file, and select Run As Administrator as shown in Figure 2-10.

    image from book
    Figure 2-10: The Run As Administrator command is available from the Windows Vista shortcut menu.

  4. When the User Account Control dialog box appears, enter the password associated with an Administrator account and click Continue. The program will open and function according to the rights and privileges associated with the user account information supplied.

  5. Complete the required task(s), and then close the program. Your privilege levels are again those associated with the account you originally used to log on to Windows Vista.

An alternate version of Run As is available to those who prefer working from the Windows Vista command prompt, in the form of the runas.exe command. The basic syntax of the command is:

  runas /user:username program 

Username is the user account name that will be used to launch the program or shortcut file specified. After this command is entered, you're prompted to supply the user's password, as shown in Figure 2-11. For a complete breakdown of switches and settings associated with the runas command, enter runas /? at the command prompt.

image from book
Figure 2-11: Using runas.exe from the command prompt.




PC Magazine Windows Vista Security Solutions
PC Magazine Windows Vista Security Solutions
ISBN: 0470046562
EAN: 2147483647
Year: 2004
Pages: 135
Authors: Dan DiNicolo

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net