2

My Windows 7 Ultimate no longer 'UAC prompts' me when I open the services applet (administrative tools). I can manipulate services without ever confirming the elevation.

Yes, UAC is still enabled. Yes, I've rebooted to make sure this is not due to a former UAC elevation of explorer.exe or so.

It looks like a big security hole. Does anyone have an idea about the reason for this behaviour? Or how to investigate it?

Improve this question
2
  • Try this from a standard user account and then lets talk about security.
    – surfasb
    Commented Nov 15, 2011 at 8:20
  • @surfasb: what's your point?
    – Serge Wautier
    Commented Nov 15, 2011 at 12:57

3 Answers 3

Reset to default
2

It doesn't here either, and I don't think I've ever seen it. So, the answer appears to be "It's by design."

There are lots of things you can do and change with UAC enabled. Most control panel items, device manager etc all go without a prompt.

Improve this answer
2
  • Ok, I understand now when the behaviour changed, it's when I upgraded from Vista to Win7! I just checked my Vista laptop and it does indeed prompt me. It looks like MS got sick of this Mac vs PC ad ;-)
    – Serge Wautier
    Commented Nov 14, 2011 at 17:18
  • Again, this only happens if you are logged in as an admin. UAC was never intended to be a security boundary. The vulnerabilities of UAC are well known and Microsoft themselves even publish working code.
    – surfasb
    Commented Nov 15, 2011 at 8:22
1

Windows 7 provides finer grain control over UAC prompts, as opposed to Vista which only provided a Turn On/Turn Off setting.

The setting page is easily found in Control Panel:

Finding UAC in Control Panel

The default setting filters out the prompt in applets such as Services:

enter image description here

Improve this answer
0

For what it's worth, here are some links about UAC.

http://technet.microsoft.com/en-us/magazine/2009.07.uac.aspx#id0560031

http://technet.microsoft.com/en-us/library/cc731416(WS.10).aspx

Link

http://msdn.microsoft.com/en-us/library/bb530410.aspx

Starting with Windows 7, certain executables auto-elevate (no UAC prompt under the default setting). They pretty much have some common characteristics, such as being digitally signed, are located in %System32% and/or are instanced from a trusted Windows executable.

This includes your Control Panel, Admin tools, and such. For example, if you download the Remote Admin Tools fro Win7 SP1 and install Hyper-V Manager, you'll notice that while it is instanced from a trusted Windows Executable (mmc.exe) it still gets a UAC prompt despite being very similar to other Admin tools, like Services.

The key is that Hyper-V manager (virtmgmt.msc) is installed into Program Files. Move virtmgmt.msc inot %system32 and UAC prompt disappears.

But to move the file in the first place, you need Admin credentials. So not really a security hole. It's the equivalent of saying that if you sudo a process it can run amok on your system and thus it is a security hole.

My guess as to why this was added in Windows 7? Because some many people complained bitterly about UAC. So much for better security.

Improve this answer
1
  • Looks like I know much less than I thought about UAC :-) Thanks for the details. I'll dive into those articles ASAP.
    – Serge Wautier
    Commented Nov 15, 2011 at 19:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .