|16 Feb 2010||#1|
| || |
Standard user Registry does not prompt UAC
Does anyone know why by default running regedit under a standard user account does not prompt the UAC for administrative credentials?
Under an admin account the UAC does prompt when running regedit, but obviously does not prompt for admin credentials.
I was successful at adding and modifying registry keys under a standard user account. It would seem like restricting access to the registry would be essential for security, any reason why its setup like this?
|My System Specs|
|16 Feb 2010||#2|
| || |
If UAC blocked access to editing registry keys, then almost all changes and all programms you run would have need UAC prompt. As almost anything now changes registry keys.
But as you said leaving it without any blocks, will be great security flaw.
So UAC only controls registry keys which it considers as Administrative.
So, user can edit and create registry keys under HKEY_CURRENT_USER, but it's denied to edit or create most registry enteries under HKEY_LOCAL_MACHINE, and some registry enteries blocked even for reading.
Just simple examples:
1. In this picture my LUA (standart user) can't even access (read) HKEY_LOCAL_MACHINE\SECURITY as it dosen't have permissions.
2. In this example: LUA is denied access, when it tried to create new registr entry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current_Version\Run (Autorun for all users)
But LUA won't be denied if he tries to create registy entry under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Current_Version\Run
Because it's autorun only for this user and so user should be able to create autoruns for himself...
So, as you can see it's not security flaw, but just something to make standard user's life easier without braking security setup.
Hop it will help you
|My System Specs|
|Similar help and support threads for2: Standard user Registry does not prompt UAC|
|Installing rights to standard user or prevent an admin user something||General Discussion|
|User Account Control (UAC) - Change Prompt Behavior for Standard Users||Tutorials|
|How to disable UAC password prompt for Standard User without admin?||System Security|
|Strange Defult Login User Prompt - Local Admin, Not Domain User||General Discussion|
|UAC prompt on WYSIWYG application for standard users||General Discussion|
|User Permissions Standard user||General Discussion|
|How to export command prompt settings frm the registry?||General Discussion|