Thread: Windows 7, First Impressions

Originally Posted by phantomotap

Am I right in my thinking that this "UAC" "exploit" only works for a user logged in to an account with administrator privileges?

Yes. Because Run32DLL.exe is part of the trusted group of applications (several file extensions that ship with windows, are digitally signed Microsoft Publisher, and belong to an internal list of Ok applications) it is silently elevated. However under a standard account, there's no silent elevation of anything and run32dll.exe fires a UAC prompt along with an admin password request, ala sudo.

Some detractors complain, but we need admin rights because certain applications don't run without admin rights. They tend to not understand that is exactly what UAC is for. To allow them to use a standard account and still use these applications, ala sudo. UAC is an effort to have us switch our minds into starting to use windows from a standard unprivileged account. Forever putting admin accounts to rest for daily normal usage.

In any case run32dll is indeed a special case. And later Microsoft did remove it's auto-elevated privilege. So now, the exploit does't work anymore under an admin account. Well, it works, if you say yes to the UAC prompt you are seeing in front of you asking if you really want for Run32DLL.exe to execute that strange looking DLL from a temporary folder named rtxyhhxsrdt.

Well, with `sudo' the administrators have finer control over who can do what. (Or can you really use "UAC" to give specific non-privileged users "Program Files" installation rights but not other users?)

Good point. Admin in windows is indeed more restrictive than root under Linux. The only account that really has full control is SYSTEM. As my UAC misinformed complain on the very first post of this thread clearly demonstrated, a full admin still doesn't have full control over the system.

So there's quite a bit of adapting to the new rules and new ways of doing things. From my first experiments during the past hours, this is a lot more transparent for standard unknowledgeable users running off a standard account. They will be doing things as they usually did with just the "annoying popups" showing up once and awhile. For power users running under a standard account or under an Admin account there's more adapting and some frustrating moments until the concept is fully realized. Definitely, if like me, they come from Windows XP.

However to answer your question directly, yes. An administrator can change user account rights through the Local Security Policies administrative tool. And because of UAC you don't need to login as an administrator. You just insert an administrator password when you fire it from a standard account. Familiar?