this.Pose() as Expert

September 2021

Sun

Mon

Tue

Wed

Thu

Fri

Sat

On this page...

UAC Prompts & Security

Links

My Consulting Company

Blog Homepage

Impressum (Imprint)

Official ASP.NET Site

SharpDevelop (Free .NET IDE)

Member of...

Blog Categories

Microsoft

MSR News and Headlines

MSR Publications

Security Bulletins

Blogroll

Deutsche Resourcen

.NET & ASP Artikel

Active Server Pages Wiki

ASP.NET Wiki

DotNetGerman Blogs

Management

Wednesday, May 31, 2006

UAC Prompts & Security

When you run an application that needs administrative rights (in this specific case via a manifest file), you are prompted with an UAC dialog to allow this operation:

This is the dialog you get for the "default" user, the one you create during setup that is a member of the Administrators group. Contrast that to the dialog a standard user is presented with:

Now, I am fine with prompting the user to enter administrative credentials. However, I am not fine with providing the user with the name of the administrative user(s) on that machine. In my opinion, this is giving away security-related information without need.

Update Of course you can always use net localgroup Administrators to get a list of the members of the Administrators group (Markus pinged me on that one). This feature has been available for ages, true. However, I am not convinced that the UAC convenience of providing the administrative accounts on a silver platter is really necessary.

Categories: Security | this | Vista

Wednesday, May 31, 2006 2:46:05 PM (W. Europe Daylight Time, UTC+02:00)

Comments [0]

Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.