Flaw in UAC/User Accounts

G

Guest

Hi All!!

Upon making a Limited User account while making a How-To guide for Vista,
stumbled upon this flaw.

A Limited User is able to make an Aministrator User. Therefore bypassing the
Parental Controls and safety regarding the whole reason for making a Limited
User.

A Limited User should have just house permissions....Limited.

I am not sure if blocking access to the control panel applet/MSC or control
useraccounts applet/MSC would remedy the probem. Hopefully MS will address
and fix this issue before the release of SP1, or make a HotFix for it and put
it on their Update Server.


----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://windowshelp.microsoft.com/co...ndows.vista.administration_accounts_passwords
 
R

Ronnie Vernon MVP

McFingers

What you are describing is not possible in Vista?

If you are logged on with a Standard account and attempt to access any part
of Control Panel/User Accounts where you can create a new account or even
change a current account, you must elevate that process using an
administrator account credentials.

There are only 2 settings possible for a Standard account in Vista when
starting a process that requires elevation to administrator privileges.
1. Prompt for administrator privileges where an administrator account and
password must be entered.
2. Deny any elevation.

Even if UAC is turned off and you try to create or change a user account,
(or any other task that requires administrator privileges) you may actually
be able to go through the process, but the changes will silently fail to
take effect. A new administrator user account will not be created and any
changes to any current account (such as changing a standard user to an
administrator account) will fail to take effect.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

UAC Options 2
UAC Suggestion 6
Smart UAC 1
One User Option Needed. 2
Error ! User Profile Service service failed the logon. 8
User Name dialog box 1
Website 2
Vista - Admin.Pak 3

Top