When an administrator user logs on to a Windows Vista computer, two access tokens are created: a filtered standard user access token, and a full administrator access token. Instead of launching the desktop (Explorer.exe) with the administrator’s access token, the standard user access token is used. All child processes inherit from this initial launch of the desktop (the explorer.exe process), which helps limit Windows Vista’s attack surface. By default, all users, including administrators, log on to a Windows Vista computer as standard users.
When a standard user, attempts to perform a task that requires administrative privileges, such as accessing C:\Windows folder, UAC prompts the user to enter valid credentials for an administrator account. (Elevation from standard user account to Administrator Account). When an administrator, attempts to perform a task that requires administrative privileges, such as accessing C:\Windows folder or installing component for that application, UAC prompts the user to approve the action. When the user approves the action, the task is launched with the administrator’s full administrator access token.
- ActiveX installer Service which is enable enterprise to delegate ActiveX control installation for standard users.
- Installer Detection which detects installation programs and requests administration credential and approval from the administrator user in order to run with access privileges.
- User Interface Privilege Isolation (UIPI) which isolate application running as a full administrator from processes running as an account lower than an administrator on the same interactive desktop.
- Virtualization which enables redirection for Application read and write to system files and registry key
- Access Token Change which allow the user to receive one or two access tokens (a filtered access token or standard user access token and a full access token or full administrator access token) based on user account privilege.