User Account Control

Noooo, it's that annoying pop-up screen again!

This little credential prompt seems so annoying, yet it can save your bacon. UAC is an invaluable tool that halts installation processes, or the launching of applications into a mode that has elevated privileges. For example, I tried to open an administrative PowerShell prompt and was presented with the preceding screenshot.

UAC is an in-your-face reminder that something big is about to happen. When an application installer gets launched, you want to make sure it is something you actually intended to install, right? I have witnessed webpages try to launch malicious installers on computers, only to be stopped by UAC. By simply pressing No on this screen, you stop whatever activity was about to happen. There is also plenty of danger in opening up an administrative window, so Windows uses UAC to double-check with you that opening this all-powerful utility is really what you intended to do.

If a user is logged into a computer as an administrative account and is prompted for UAC, you simply click Yes or No on whether to allow the action to happen. You already have admin rights, it is simply confirming that you really want this process to run. When logged in as a standard user account, UAC gets quite a bit harder to push through. As in the preceding screenshot, you need to provide administrative credentials to proceed.

This safety net is very useful. For example, when setting up computers for friends, family, and neighbors (I am sure you are the neighborhood IT person, too), I always try to talk to those folks into having two accounts on their computer—one that is a regular user, which is the profile they always log in with, and then a second account that is a member of the administrators group. This way, whenever they try to install something (or when some other process attempts to install something), UAC prompts them to enter those administrative credentials before allowing the installer to continue. I spend much less time cleaning viruses and reinstalling Windows for people now that I have started this practice of keeping people away from having inherent administrative rights.

Ultimately, UAC is enabled by default and does a pretty good job at keeping users from doing things they should not be doing. If this is working well for you, you do not need to use a GPO here at all. But if there are settings within the UAC options that you want to tweak, such as making it more or less difficult for your users or even administrators to make changes, let's explore the settings available to us inside Group Policy.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.9.172