Following up from yesterday’s post, here are a few more notes on UAC and Bandolier.
First, my earlier post focused on Windows 7 but I probably should mention that UAC applies to 2008 server as well. The UAC implementation on the original 2008 server is similar to Vista, with 2008 R2 being more similar to Windows 7. One other caveat is that these posts are not a thorough treatment of the ins and outs of UAC. For example, we didn’t even touch on File and Registry Virtualization but perhaps we’ll get to that in a future discussion.
Another UAC connection to Bandolier is the ability to audit the UAC group policy settings. There are 10 settings related to UAC that we can easily verify with audit checks provided by the Nessus policy compliance plugins. The settings are:
- Admin Approval Mode for the built-in Administrator account
- Allow UIAccess applications to prompt for elevation without using the secure desktop
- Behavior of the elevation prompt for administrators in Admin Approval Mode
- Behavior of the elevation prompt for standard users
- Detect application installations and prompt for elevation
- Only elevate executables that are signed and validated
- Only elevate UIAccess applications that are installed in secure locations
- Run all administrators in Admin Approval Mode
- Switch to the secure desktop when prompting for elevation
- Virtualize file and registry write failures to per-user locations
You can see more details and a list of the default values here. And here’s what an audit check for one of the settings looks like:
<item>name: “User Account Control: Only elevate executables that are signed and validated”value: “enabled”</item>
Very simple syntax. For common policy values, the Nessus compliance plugins offer this abbreviated syntax. If you’d like to learn more about the how these audit checks work, the Bandolier Security Audit Files, safe vulnerability scanning/auditing, and customizing audit files for your control system environment, please check out the class we are offering in September directly after the EnergySec conference.
Finally, see the comments in the previous post for a discussion on how the deterministic nature (or not) of control systems plays into UAC.