|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
09-28-2007
| #1 (permalink) |
| | Flaw in UAC/User Accounts Hi All!! Upon making a Limited User account while making a How-To guide for Vista, stumbled upon this flaw. A Limited User is able to make an Aministrator User. Therefore bypassing the Parental Controls and safety regarding the whole reason for making a Limited User. A Limited User should have just house permissions....Limited. I am not sure if blocking access to the control panel applet/MSC or control useraccounts applet/MSC would remedy the probem. Hopefully MS will address and fix this issue before the release of SP1, or make a HotFix for it and put it on their Update Server. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. http://windowshelp.microsoft.com/com...unts_passwords |
My System Specs |
|
09-29-2007
| #2 (permalink) |
| Vista x64 Ultimate SP2, Windows 7 Ultimate x64 | Re: Flaw in UAC/User Accounts  Quote: Originally Posted by McFingers  Hi All!! Upon making a Limited User account while making a How-To guide for Vista, stumbled upon this flaw. A Limited User is able to make an Aministrator User. Therefore bypassing the Parental Controls and safety regarding the whole reason for making a Limited User. A Limited User should have just house permissions....Limited. I am not sure if blocking access to the control panel applet/MSC or control useraccounts applet/MSC would remedy the probem. Hopefully MS will address and fix this issue before the release of SP1, or make a HotFix for it and put it on their Update Server. ---------------- This post is a suggestion for Microsoft, and Microsoft responds to the suggestions with the most votes. To vote for this suggestion, click the "I Agree" button in the message pane. If you do not see the button, follow this link to open the suggestion in the Microsoft Web-based Newsreader and then click "I Agree" in the message pane. Windows Vista Community: Discussion Groups If you would like to, you can use these links to report this directly to Microsoft. https://www.microsoft.com/technet/se...n/alertus.aspx Shawn |
| My System Specs |
|
09-29-2007
| #3 (permalink) |
| | RE: Flaw in UAC/User Accounts What? How? Sounds like bull to me. -- - It's always Microsoft's fault no matter what your problem is. |
| My System Specs |
|
09-30-2007
| #4 (permalink) |
| | Re: Flaw in UAC/User Accounts McFingers What you are describing is not possible in Vista? If you are logged on with a Standard account and attempt to access any part of Control Panel/User Accounts where you can create a new account or even change a current account, you must elevate that process using an administrator account credentials. There are only 2 settings possible for a Standard account in Vista when starting a process that requires elevation to administrator privileges. 1. Prompt for administrator privileges where an administrator account and password must be entered. 2. Deny any elevation. Even if UAC is turned off and you try to create or change a user account, (or any other task that requires administrator privileges) you may actually be able to go through the process, but the changes will silently fail to take effect. A new administrator user account will not be created and any changes to any current account (such as changing a standard user to an administrator account) will fail to take effect. -- Ronnie Vernon Microsoft MVP Windows Shell/User "McFingers" <McFingers@xxxxxx> wrote in message news:BE022208-01FB-4D91-B3BE-112CE0D70007@xxxxxx Quote: > Hi All!! > > Upon making a Limited User account while making a How-To guide for Vista, > stumbled upon this flaw. > > A Limited User is able to make an Aministrator User. Therefore bypassing > the > Parental Controls and safety regarding the whole reason for making a > Limited > User. > > A Limited User should have just house permissions....Limited. > > I am not sure if blocking access to the control panel applet/MSC or > control > useraccounts applet/MSC would remedy the probem. Hopefully MS will > address > and fix this issue before the release of SP1, or make a HotFix for it and > put > it on their Update Server. > > > ---------------- > This post is a suggestion for Microsoft, and Microsoft responds to the > suggestions with the most votes. To vote for this suggestion, click the "I > Agree" button in the message pane. If you do not see the button, follow > this > link to open the suggestion in the Microsoft Web-based Newsreader and then > click "I Agree" in the message pane. > > http://windowshelp.microsoft.com/com...unts_passwords |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| User Accounts at Logon vs User Accounts in Parental Control | Vista General | |||
| User Accounts, Switch User, Hibernate, Sleep, Restart | Vista account administration | |||
| user accounts with different email accounts | Vista networking & sharing | |||
| user accounts don't show up on manage accounts | Vista account administration | |||
| Standard user accounts can access files of other accounts??!! | Vista account administration | |||
