Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Flaw in UAC/User Accounts

microsoft.public.windows.vista.administration accounts passwords






Speedup My PC
Reply
  #1 (permalink)  
Old 09-28-2007
McFingers
 

Posts: n/a
Flaw in UAC/User Accounts
Hi All!!

Upon making a Limited User account while making a How-To guide for Vista,
stumbled upon this flaw.

A Limited User is able to make an Aministrator User. Therefore bypassing the
Parental Controls and safety regarding the whole reason for making a Limited
User.

A Limited User should have just house permissions....Limited.

I am not sure if blocking access to the control panel applet/MSC or control
useraccounts applet/MSC would remedy the probem. Hopefully MS will address
and fix this issue before the release of SP1, or make a HotFix for it and put
it on their Update Server.


----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://windowshelp.microsoft.com/com...unts_passwords
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 09-30-2007
Philip Ulrich
 

Posts: n/a
RE: Flaw in UAC/User Accounts
What? How? Sounds like bull to me.

--
- It's always Microsoft's fault no matter what your problem is.

Reply With Quote
  #3 (permalink)  
Old 09-30-2007
Ronnie Vernon MVP
 

Posts: n/a
Re: Flaw in UAC/User Accounts
McFingers

What you are describing is not possible in Vista?

If you are logged on with a Standard account and attempt to access any part
of Control Panel/User Accounts where you can create a new account or even
change a current account, you must elevate that process using an
administrator account credentials.

There are only 2 settings possible for a Standard account in Vista when
starting a process that requires elevation to administrator privileges.
1. Prompt for administrator privileges where an administrator account and
password must be entered.
2. Deny any elevation.

Even if UAC is turned off and you try to create or change a user account,
(or any other task that requires administrator privileges) you may actually
be able to go through the process, but the changes will silently fail to
take effect. A new administrator user account will not be created and any
changes to any current account (such as changing a standard user to an
administrator account) will fail to take effect.



--

Ronnie Vernon
Microsoft MVP
Windows Shell/User


"McFingers" <McFingers@discussions.microsoft.com> wrote in message
news:BE022208-01FB-4D91-B3BE-112CE0D70007@microsoft.com...
> Hi All!!
>
> Upon making a Limited User account while making a How-To guide for Vista,
> stumbled upon this flaw.
>
> A Limited User is able to make an Aministrator User. Therefore bypassing
> the
> Parental Controls and safety regarding the whole reason for making a
> Limited
> User.
>
> A Limited User should have just house permissions....Limited.
>
> I am not sure if blocking access to the control panel applet/MSC or
> control
> useraccounts applet/MSC would remedy the probem. Hopefully MS will
> address
> and fix this issue before the release of SP1, or make a HotFix for it and
> put
> it on their Update Server.
>
>
> ----------------
> This post is a suggestion for Microsoft, and Microsoft responds to the
> suggestions with the most votes. To vote for this suggestion, click the "I
> Agree" button in the message pane. If you do not see the button, follow
> this
> link to open the suggestion in the Microsoft Web-based Newsreader and then
> click "I Agree" in the message pane.
>
> http://windowshelp.microsoft.com/com...unts_passwords


Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
user profile and user accounts larry microsoft.public.windows.vista.administration accounts passwords 1 09-11-2007 18:57
User Accounts and UAC Strange Behaviour, Users are not shown under "Manage another account" lushdog microsoft.public.windows.vista.administration accounts passwords 2 08-19-2007 19:12
User name in user accounts different nam than the user name in C:u Ron G microsoft.public.windows.vista.administration accounts passwords 1 07-29-2007 18:22
Standard user accounts can access files of other accounts??!! Ralf microsoft.public.windows.vista.administration accounts passwords 0 06-04-2007 11:53
Hackers use cursor flaw to steal WoW accounts Steve Security News 0 04-10-2007 02:35




All times are GMT +1. The time now is 09:48.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120