Nytro Posted November 22, 2011 Report Posted November 22, 2011 Sysinternals: Understanding the UAC with logonsessionsWith the release if Windows Vista, Microsoft fundamentally changed their security model. For years we have been told to maintain two accounts as admins, one for day to day activities and the other for admin tasks. In some organisations security would dicatate that this was true but in others and in most home environments this was never the case. Of course we would all bleat about MS and its lack of security when a virus destroyed our machine.Now with Vista and above the User Account Control or UAC manages our priviliged accounts for us and will give us two logons although we only need to one account and password. The magic happens beneath the surface and is controlled by the Local Security Authority (LSA) ont he machine we log in to. If we use an account that has admin rights, either through privilged groups like adminstrators or backup operators, or maybe just via additional user rights assigments then when we log on two access tokens will be created. One with the full rights that our user has, the other with admin rights filtered out. For every day tasks we use the filtered token, for admin tasks we use the full token. These tokens are associated with completely separate login sessions and these sessions cannot talk to each other. This can be demonstrated using logonsessions, a command from SYSINTERNALS.The video will step you through the isolation of these sessions and how to display the information you need to understannd UAC with logonsessions Video:http://www.theurbanpenguin.com/win7/sys-uac-logonsessions.htmlhttp://www.youtube.com/watch?v=0aI5_t0vvDg&feature=player_embedded#! Quote
