Category Archives: Uncategorized
A lot of my students ask me how to disable UAC and it takes some convincing to persuade them not to do it. UAC is a great security feature, but it isn’t a magic bullet. Unfortunately there’s a perception that UAC is at best, just an annoyance, and at worst that it will secure your PC against malware.
I recently read a great blog posting by Jesper Johansson that cleared a lot of the issues up for me. I won’t steal his thunder (well I’m too lazy to copy and paste it all) but the highlights are…
- UAC is meant to help more people log in as standard users. That’s right, you can now perform more configuration tasks than previously possible. For example, non-admins can now change the time zone, without changing the time. Previously the whole group of settings was inaccessible, but it’s more granular now.
- Software developers need to write their programs to operate in standard mode, and not require admin privileges.
- UAC does not offer total protection against malware. It will just alert you that a process, which may be malware, is attempting to run with elevated privileges. By the same token, malware doesn’t need to run with elevated privileges to be harmful.
- There are many ways to attack a machine that UAC will not alert the user about, so UAC should be part of your defense-in-depth strategy, not your only line of defense.
Be sure to read Jesper’s blog for all the details
I trained my first Exchange 2007 course early in May and all in all found it challenging and rewarding. The style of the course is slightly different from Microsoft’s previous courses but it’s more of an evolution than a revolution. The course content is pretty good and shows off the product well. Some of the questions that came up during the course were not covered in the courseware… I’ve just finished digging up the last answers and have added them to my Exchange 2007 FAQ. If you’d like access to the FAQ just email me (please note access to the FAQ is for course attendees only).