- Least Privilege Security for Windows 7, Vista and XP
- Russell Smith
- 352字
- 2025-02-24 01:29:27
What is privilege?
Each user that logs in to NT-based versions of Microsoft Windows, does so with a set of system privileges. Privileges differ from permissions in that they give users the ability to perform an action, whereas permissions allow access to an object such as a file or registry key. There are many privileges used to control access to various system functions, ranging from the ability to change the system time to restoring files and directories. Rather than assigning each user account with privileges individually, a set of built-in groups are provided with pre-assigned privileges. Users are then added to groups, in a form of role-based access control, as the following table describing built-in groups in Windows 7 illustrates:
The two most frequently used built-in groups are Users and Administrators. If your user account is assigned to the Administrators group, you have a high level of privilege on the system and can perform almost any task that isn't specially protected by the operating system.
Note
While members of the administrators group in Windows aren't completely unrestricted, it is possible to override operating system protections and make any desired changes.
In contrast, if your user account is assigned to the Users Group, you can run installed programs and change settings that won't affect system stability, but you can't install software to the restricted Program Files directory, or modify protected areas of the registry or Windows directory. The Power Users group was often used in Windows NT, 2000, and XP, but was essentially an administrator with a few less privileges. Microsoft decided to deprecate this group in Windows Vista, preferring system administrators to assign users to either the users or administrators group, as it was easy for power users to escalate to administrative privilege. You should, however, note that the Power Users group still exists in Vista and Windows 7 for compatibility reasons, but isn't assigned any privileges.
Note
The built-in administrator account is disabled out of the box in Vista and Windows 7, and UAC prompts are not triggered for this account by default. This behavior can be changed in Group Policy.