UAC Best Practices
Managing UAC is not as hard as it seems. How you deploy in an organization depends largely on your organization's security needs and tolerance to implement the required policies to meet those needs. The following solutions are presented in reverse order of preference (good, better, best) with respect to security value.
Good Practice
Run users in Admin Approval Mode. If an administrative user requires elevated privileges, the enterprise UAC policy should enforce that the user enters a valid administrator user name and password instead of simply clicking the Consent dialog box. This configuration prevents unauthorized elevations on the off-chance that a user leaves his workstation unattended. To improve security you could also require ...
Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
