Questions tagged [uac]
User Account Control, or UAC, is a security feature first introduced in Microsoft Windows Vista. It aims to improve security by limiting application software to user level privileges unless the process is authorized to run with elevated privileges.
45 questions
0
votes
0
answers
216
views
In Windows 11 why a simple 32-bit console binary run from shell goes without problems while patching just a byte, triggers UAC/new-shell for it?
I came to ask this doubt here, because, it ended being more an operating system's security heuristics/cryptological question than a pure reverse-engineering one.
Question is about UAC and its ...
- 105
1
vote
0
answers
190
views
Pass-the-hash, why do I get a shell with high integrity?
I am testing the security of a Windows Server 2019 machine and have a question about remote access to the machine.
The user on the machine has the permission "SeBackupPrivilege". I can ...
- 11
0
votes
0
answers
129
views
Disabling UAC (Windows 10) for Administrator accounts
To help improve the user experience on admin workstations, would it be ok to disable the UAC or maybe set it with a more permissive mode?
1
vote
1
answer
1k
views
Is it worth it to force UAC to ask for a password?
I've tried to harden my Windows 10 by using an unprivileged account, which I know reduces the attack surface a lot. I'm running Ableton (a music program) which is running after UAC has given admin ...
- 35
1
vote
0
answers
369
views
Is UAC an overestimated protection measure in Windows? Does Linux do it better?
Windows is an API-based operating system, whereas Linux is file-based. Hence in my opinion, any operating system API security measures alone aren't effective in Windows. One of such examples would be ...
- 1,697
0
votes
2
answers
521
views
Is Windows UAC's clicking OK authentication as secure as macOS/Linux's password authentication?
Windows only show [Yes] or [No] for the same thing as Linux's sudo. macOS/Linux both require you to type the password. Is the password-less Windows implementation almost as secure as password-...
- 237
3
votes
1
answer
2k
views
Why does this Windows process run with High integrity?
Background
I'm trying to understand more about the Mandatory Integrity Control system in Windows, and have been looking through the background processes that are running at High integrity on my laptop....
- 133
0
votes
0
answers
168
views
No UAC appearing for newly installed applications
Recently I have noticed that my system doesn't show the UAC prompt whenever I install some application from another source, I have UAC on and everything is working fine, I also have an administrator ...
- 1
1
vote
1
answer
723
views
How is using the standard Windows account more secure than using the administrator Windows account with highest UAC settings?
If someone uses the administrator Windows account for everyday work while having the default UAC settings they will be prompted by UAC whenever an application other than certain predefined system apps ...
- 6,871
0
votes
1
answer
963
views
How do I stop local users from bypassing the UAC on Windows 10?
I'm the admin for a Windows 10 machine with a few local users. While I understand there are other ways to bypass security with access to the physical machine, I'd like to protect against hacks that ...
- 304
0
votes
1
answer
597
views
DLL hijack privileges
DLL hijacking means that malicious software gets admin rights from default or it means you need to elevate your privileges first?
Because I tried to change a DLL in Windows/System32 folder, but I can'...
- 1
1
vote
1
answer
499
views
How are malware able to start on boot on windows without administrator rights? [closed]
I know that a malware could create a new Run registry key to make itself start at boot, but an user could simply remove the registry key and reboot and that would stop the virus, but this is usually ...
- 55
1
vote
2
answers
194
views
Win10 Group Policy - Allow specific programs to run: Protection from malware?
In Windows 10 group policy editor you can restrict and allow only certain programs to run.
I'm wondering if that protects against malware? I can think of following cases:
1) If you start a program ...
- 901
1
vote
0
answers
292
views
Do WebEx's requirements open security holes?
After a WebEx presentation is recorded, the recording cannot be played in-browser without installing a browser extension that requires invasive permissions to access the user's data for all websites:
...
- 11
0
votes
0
answers
309
views
Vulnerability scanner connecting to remote registry service is failing
I am trying to perform full vulnerability scans against all of my corporate PCs, servers and laptops. However, I'm unable to read/connect to the target registry despite the 'Remote Registry' service ...
- 1,145