Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Who’s in Charge of User Account Control?

October 20, 2017

  • Blog
  • Archive

Microsoft’s Security Intelligence Report (SIR) v10, published in May this year, revealed figures that show Windows 7 is the company’s most secure operating system, reporting that the OS suffered fewer security incidents per 1000 computers than any other supported version of Windows in 2010. Windows 7 64-bit edition had 2.5 infections per 1000 computers, with 32-bit Windows 7 coming in at 3.8. This compared to 15.9 infections for Windows XP SP3 and 19.3 for XP SP2.

64-bit Windows 7 fares better than its 32-bit counterpart in part due to the inclusion of kernel patch protection, a technology only available in 64-bit Windows 7 that protects the kernel from unauthorized changes. Windows 7 is less likely to be infected overall because of User Account Control (UAC), an umbrella term for a set of technologies that make the OS easier to work with as a standard user or specially protected administrator account (Protected Administrator).

The results reported in SIR v10 for Windows 7 would have been even better if more home users didn’t disable UAC, which is likely what many tech-savvy home and business users do considering the number of articles on the Internet about the evils of UAC and how to turn it off; and hence goes the old adage that people don’t always know what’s good for them. If your users currently run as protected administrators on Windows 7, configure UAC in Group Policy to make it a little harder for them to disable UAC - though it’s worth bearing in mind that if a user has admin rights, Group Policy settings can be circumvented with enough will.

While UAC has some benefits in enterprise computing, it is a user-driven technology. UAC elevation prompts require users to give consent, or provide an admin username and password, to perform administrative tasks, resulting in decisions being made by unqualified staff that affect the integrity and security of the OS.

UAC Protected Administrator accounts provide a lot of flexibility, with a limited degree of security, that wasn’t possible in Windows XP. Once you move to standard user accounts in Windows 7, users can no longer elevate privileges; and all tasks, anticipated or otherwise, must be made to work as a standard user, or IT will have to intervene and provide administrator credentials.

Predicting users’ every move and requirement isn’t possible, so if it’s not acceptable to restrict the computing experience with a standard user account, you’ll either need to leave the default user-driven UAC experience in place or deploy Avecto’s enterprise rights management solution.

As well as the ability to assign privileges to individual applications and tasks, Avecto’s software can be configured to allow users to run any process with administrative privileges. UAC prompts can be replaced with custom corporate messages and users can be prompted to provide a valid reason before elevation. An audit trail of privilege elevation events allows administrators to keep track of how privileges are used. Avecto helps companies strike the right balance between the flexibility of user-driven UAC and policy-based IT controls, making Windows 7 more secure and mitigating unnecessary risks.

Photograph of Russell Smith

Russell Smith, IT Consultant & Security MVP

Russell Smith specializes in the management and security of Microsoft-based IT systems. In addition to blogging about Windows and Active Directory for the Petri IT Knowledgebase, Russell is a Contributing Editor at CDW’s Biztech Magazine.

Russell has more than 15 years of experience in IT, has written a book on Windows security, co-authored one for Microsoft’s Official Academic Course (MOAC) series and has delivered several courses for Pluralsight.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.