Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.2k views
in Technique[技术] by (71.8m points)

windows - What makes c:Program Files UAC-protected?

I know that c:Program Files is UAC-protected, and if I allow a user to install to d:Program Files, this is not, by default, UAC protected. What makes c:Program Files UAC protected other then the directory security settings? Is it simply directory security, or is there something else that Windows does to make it special?

I am trying to advise someone if it is possible to make d:Program Files sort of as equivalently secure as c:Program Files. If I were to create d:Program Files with the same directory security as c:Program Files, would these folders be equivalent?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Directory security alone dictates what a user can or can't do in regards to adding, deleting or changing files in that folder. UAC only comes into play in that even for users in the Administrators group in Windows, you now (by default) DON'T have the admin token attached to your login session. When you try to do a privileged action, Windows doesn't let you and begins the process to try and get a user that does have admin access. Since your account is a member of Adminstrators, UAC will show the Allow /Deny dialog, and FOR THAT ACTION ONLY the admin token will attach to your logon session. Since you're a member of admin, you can click just OK or cancel. If you were not, you'd be prompted for logon credentials for an account which does have admin privileges.

You can read more about UAC and what's going on behind the scenes here: http://technet.microsoft.com/en-us/library/dd835561(v=ws.10).aspx


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...