Owner's Manual
Microsoft Windows Server 2008 User Account Control 53
Microsoft Windows Server 2008
User Account Control
In previous versions of Windows
®
, user accounts were often members of
the local Administrators group and had access to administrator privileges.
Members of the local Administrators group could install, update, and run
software since an Administrator account has system-wide access. When a user
was added to the local Administrators group, that user was automatically
granted every Windows privilege. These privileges provided access to all
operating system resources. Hence, user accounts with Administrator
privileges posed a security risk by providing access to operating system
resources that could be exploited by malicious software (or malware).
User Account Control (UAC) is a new security feature in the
Windows Server
®
2008 operating system. When enabled, it restricts access to
critical system resources for all users except the built-in local Administrator.
The three types of user accounts in the Windows Server 2008 operating
system are:
• Domain Administrator Account which is a user account with
administrator privileges.
• Standard User Account which allows the user to install software and change
system settings that do not affect other users or the security of the computer.
• Local Administrator Account which is the default super user of the
operating system.
The user experience for a Domain Administrator Account differs from
a Local Administrator Account when UAC is enabled. When a Domain
Administrator Account requires access to critical system resources, the
Windows Server 2008 operating system prompts for one of the below before
launching a program or task that requires full administrator access:
– Permission to elevate privileges (in the case of a user in the Domain
Administrators group)
– Domain administrator credentials to elevate privileges (in the case of
standard users)