Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« Windows Server 2008: What's New / What's Changed Part #9 of 12: Chapter 8 - Terminal Services | Main | Windows Server 2008: What's New / What's Changed Part #11 of 12: Chapter 10 - IIS 7.0 »

Windows Server 2008: What's New / What's Changed Part #10 of 12: Chapter 9 - Security & the Windows Firewall with Advanced Security

This snippet from Chapter 9 of my new book Windows Server 2008: What's New / What's Changed is brought to you by SAPIEN Press. Get your copy at http://www.sapienpress.com/Windows_Server_08.asp.

User Account Control
For many Vista users, UAC is a four-letter word. Seeing that elevation prompt over and over again when doing administrative work on a Vista box can be enough to pull your hair out. But there's value in keeping it, because the Admin Approval Mode (AAM) prompt is only part of the protection UAC provides. In Server 2008, UAC isn't going anywhere. Microsoft intends it and the splitting of your administrator access token to be a critical part of securing operating systems for the foreseeable future.

With Server 2008 there is a slightly different way that UAC operates with the built-in administrator account. The AAM prompt is disabled by default for the built-in administrator account in both Vista and Server 2008. But, whereas Vista's built-in administrator account is disabled by default, with Server 2008 it's a much needed component. With the changes to Server 2008's installation routine, manual installations require the use of the built-in account for the initial logon and configuration.

More after the fold...

The difference between UAC in Vista and Server 2008 has little to do with UAC itself, but deals more with the set of permissions given to standard users. With Vista, user-level accounts have been granted permissions to some additional areas like changing the system state and adjusting the firewall. In Server 2008 these privileges aren't given to standard users, so when they attempt to use them they'll be prompted for elevation. This has the most impact on your Terminal Servers, where users are logging in interactively.

For non-administrative users on Server 2008, when a user attempts an action that requires administrative credentials the default result is to prompt for an administrator password. This gives the non-administrative user the ability to request an Over The Shoulder (OTS) elevation from an administrator to accomplish the task. UAC is smart enough that elevating for one action does not necessarily provide the approval for other actions on the system.

(Want to read all the posts in this series? Click here.)

Tags:                                                            
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on May 15, 2008 12:30 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/442

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.