Windows User Access Control or UAC is the foundation of security in Windows Vista and Windows 7 operating systems. It ensures that any action that is likely to change or compromise system status is challenged before the system is compromised. However to be effective the UAC must be managed to allow people to do necessary tasks like connecting to a printer on a client site whilst protecting the enterprise systems that the mobile worker needs to access.
The Elevation Management System from Secure Management Systems controls the allocation of the necessary privileges for the user to increase their effectiveness without compromising security.
UAC does a very good job of securing local computers in the enterprise from malware and end user interference. UAC alone with no firewall or virus software can stop 92% of known malware. However when the requirement to perform out of line processes demands administrator rights the security is compromised. UAC is a core part of Windows Vista and Windows 7. The UAC process in Windows 7 is less intrusive however the same administrator rights are still required by mostly the same processes.
Hence security management challenges occur when the end user needs to run a process that requires higher privileges. The UAC enforces a Least Privilege model. When a process requires elevation to perform its work the user is required to provide a user ID and password with administrator rights. To perform the action the local user must be given Administrator access to answer the UAC challenge. By providing these rights, however temporary, the user is given full Administrator access to the computer.
There are two alternatives to providing this level of access, switching off the UAC and losing the Least Privilege model. Alternatively the Enterprise can give the user full Administrator access to the local computer. Both these options pose significant security threats and administrative overheads. EMS removes the need for this compromise by managing security invisibly and without disruption.
home ems aboutus contact overview paper windows security white paper