中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeWindows Vista User Account Control

Windows Vista User Account Control

User Account Control (UAC) is a technology and security infrastructure first introduced with Microsoft's Windows Vista operating system. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase in privilege level. In this way, only applications that the user trusts receive higher privileges, and malware should be kept from receiving the privileges necessary to compromise the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not also have those privileges unless they are approved beforehand or the user explicitly authorizes it to have higher privileges.

In Vista, there are basically two types of users: the standard users and the administrator. But administrator can modify each user’s privileges for a particular purpose. In the following table, the typical user group types and privileges are listed:

User type Privileges Vista Edition
Administrator The admin type of users has all privileges to perform all tasks in the system, such as, install software, backup/restore systems, monitoring system, setup other users and change their privileges etc. All
Anonymous Logon This is a special identity provided to anyone who has access to the system but doesn’t authenticate in anyway. Admin user need to assign specific such as access certain file folders to this type of users. All
Backup Operators This type of user has privilege to read/write files to all folders so that they can perform the task of system backup and restore. All
Batch This type of user can log on the system through some batch process, such as the scheduled batch utility tasks. All
Event Log Readers This type of user has the same permission as an admin to view all event log of the system, including the security log. (Standard user can only view part of the system log via Event Viewer.) All
Guest This is a build-in account used to provide someone without permissions on the machine to log on and access limited resources of the system. All
IIS_IUSRS (or IUSR) This type of user has permissions to accounts used by web pages within IIS.  Vista uses IUSR for anonymous access to web pages published through IIS. Business, Enterprise and Ultimate
Interactive This is a special identity that is logged on either directly to the machine or through a remote desktop connection. This group is opposite of the Network type of user. Business, Enterprise and Ultimate
Local Service This is a special identity set to run Local Services of a particular machine. By default, this group has the same permissions as standard users. All
Network This is a special identity that includes users to access Vista resources over the network (other than via a remote desktop connection). This group is opposite of the Interactive special identity. Business, Enterprise and Ultimate
Network Configuration Operators This is a group of users with privileges in relation to networking within Vista, who can manage the configuration of networking features to Standard User accounts. All
Network Service This is a special identity that includes any service set to run as a Network Service. All
Performance Log User This group of users has privileges in relation to the Vista Windows Reliability and Performance Monitor. Business, Enterprise and Ultimate
Performance Monitor User This group of users has privileges in relation to the Vista Windows Reliability and Performance Monitor. Business, Enterprise and Ultimate
Service This is a special identity that includes any service to run as a Service. By default this type of user has the same permissions as a standard user. All
Standard User This group is for all users. By default, Vista places all new users into this group unless you change the account type to Administrator. All
System This is a special identity that is the Vista OS itself. By default this group has all the permissions that the OS needs. All
‹ Windows Vista Standard User vs. AdministratorupWindows XP Security Guide Overview ›

Reply

The content of this field is kept private and will not be shown publicly.
  • Use <!--pagebreak--> to create page breaks.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <!--pagebreak--> <img> <br> <table> <tr> <td> <tbody> <p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
2 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.