At TechEd Ben Fathi , the new Vice President of security at Microsoft, and some of his team members highlighted improvements to User Account Control that we can expect to see in the product by Windows Vista RC1.
During the talk they showed how they are working to reduce prompts by placing them more intelligently. How they have altered ACL’s in certain locations like the “Public Desktop” folder to allow the deletion of shortcuts etc. from the common desktop as a standard user without a long series of prompts.
Lastly they showed a new feature that will be included with Windows Vista RC1, a service called “Activex Management Service”. This service which will sit between the browser and the Windows Explorer to facilitate the installation of ActiveX controls, if approved by an administrator, by a standard user.
ActiveX has long been a problem area for enterprises looking to achieve standard user because of its implementation. Under the covers when you download an ActiveX control it is trying to write to system locations like C:\windows\download program files\ and HKey_Classes_Root. These locations are inaccessible as a standard user which led many companies to either relaxing the ACL’s or choosing a different security context (than standard user) entirely. This new service will facilitate the install as local system much in the same way that Windows Installer facilitates installations.
Tech-ED US 2006