Identifying User Rights Assignment Changes
|
797
Several new user rights are available in Windows Vista. These user rights are:
Access Credential Manager as a trusted caller
This privilege controls whether an application that a user or member of a partic-
ular group is running can establish a trusted connection to Credential Manager.
In Windows Vista, you use Credential Manager to manage a user’s credentials.
Credentials provide identification and proof of identification. Examples of cre-
dentials are usernames and passwords, smart cards, and certificates.
Allow log on locally
This privilege controls whether a user or member of a particular group can log
on at the keyboard. This user right was originally named Log On Locally and is
renamed in Windows Vista so that there are now both “allow logon locally” and
“deny logon locally” user rights.
Create symbolic links
This privilege controls whether an application that a user or member of a partic-
ular group is running can create a symbolic link from the computer to which she
is logged on. Symbolic links make it appear as though a document or folder is in
a specific location when it actually resides in another location. Because mali-
cious users can exploit symbolic links, use of symbolic links is limited by default.
Change the time zone
This privilege allows a user or member of a particular group to change the time
zone. As all members of the Users group have this right by default, all users are able
to change the computer’s time zone without requiring administrator privileges.
Increase a process working set
This privilege allows an application that a user or member of a particular group is
running to increase the memory that a process working set uses. A process work-
ing set is the set of memory pages currently visible to a process in physical memory
(RAM). As these pages are resident in memory, they are available for an applica-
tion that a user is running without triggering a page fault. The size of the working
sets used by processes a user is running affects the virtual memory paging. This
privilege is added to Windows Vista to allow standard user applications to request
additional memory for process working sets, and it is the desired behavior.
Figure 24-2. Accessing the User Rights Assignment node