Flaw in UAC/User Accounts

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi All!!

Upon making a Limited User account while making a How-To guide for Vista,
stumbled upon this flaw.

A Limited User is able to make an Aministrator User. Therefore bypassing the
Parental Controls and safety regarding the whole reason for making a Limited
User.

A Limited User should have just house permissions....Limited.

I am not sure if blocking access to the control panel applet/MSC or control
useraccounts applet/MSC would remedy the probem. Hopefully MS will address
and fix this issue before the release of SP1, or make a HotFix for it and put
it on their Update Server.


----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://windowshelp.microsoft.com/co...ndows.vista.administration_accounts_passwords
 
McFingers

What you are describing is not possible in Vista?

If you are logged on with a Standard account and attempt to access any part
of Control Panel/User Accounts where you can create a new account or even
change a current account, you must elevate that process using an
administrator account credentials.

There are only 2 settings possible for a Standard account in Vista when
starting a process that requires elevation to administrator privileges.
1. Prompt for administrator privileges where an administrator account and
password must be entered.
2. Deny any elevation.

Even if UAC is turned off and you try to create or change a user account,
(or any other task that requires administrator privileges) you may actually
be able to go through the process, but the changes will silently fail to
take effect. A new administrator user account will not be created and any
changes to any current account (such as changing a standard user to an
administrator account) will fail to take effect.
 
Back
Top