Chapter 3: Fine-Tuning Windows Vista’s Appearance and Performance
If you are logged on with an Administrator account, you are prompted for consent to
continue, as shown in Figure 3-5. The consent prompt works the same whether you
are at home or at the office.
Elevation and the Secure Desktop
The process of getting a user’s approval prior to running an application in adminis-
trator mode and prior to performing actions which change system-wide settings is
known as elevation. Elevation enhances security by reducing the exposure and attack
surfaces of the operating system. It does this by providing notification when you are
about to perform an action that could impact system settings, such as installing an
application, and eliminating the ability for malicious programs to invoke administra-
tor privileges without your knowledge and consent.
Prior to elevation and display of the UAC prompt, Windows Vista does several things
in the background. The key thing you should know is that Windows Vista switches to
a secure, isolated desktop prior to displaying the prompt. The purpose of switching to
the secure desktop is to prevent other processes or applications from providing the
required permissions or consent. All other running programs and processes continue to
run on the interactive user desktop—only the prompt itself runs on the secure desktop.
Elevation, permission/consent prompts, and the secure desktop are the key aspects
of UAC that affect you the most. As you can see, they have a measurable impact on
the way Windows Vista works. Due to these UAC features:
• User accounts are not used in the same way as they are in Windows XP.
• Applications do not run in the same way as they do in Windows XP.
• Most configuration tasks are not performed in the same way as they are in Win-
Figure 3-5. Providing consent to continue