Maintaining Systems That Run Windows Vista

Questions derived from the 70-622 – PRO: Microsoft Desktop Support – ENTERPRISE Microsoft Self-Test Software Practice Test.

 

Objective: Managing and Maintaining Systems That Run Windows Vista
SubObjective: Troubleshoot policy settings

 

Item Number: 70-622.3.1.9
Single Answer, Multiple Choice

 

You are the desktop support technician of your company. The network of your company consists of a single Active Directory domain. You upgrade all client computers from Windows XP to Windows Vista. You want to configure all client computers to ensure that Public Key Infrastructure (PKI) signature checks are enforced on any interactive application that requests elevation. What should you do?

 

 

  1. Enable the User Account Control: Only elevate UIAccess applications that are installed in secure locations policy setting.
  2. Enable the User Account Control: Virtualize file and registry write failures to per-user locations policy setting.
  3. Enable the User Account Control: Only elevate executables that are signed and validated policy setting.
  4. Enable the User Account Control: Detect application installations and prompt for elevation policy setting.

 

Answer:
C. Enable the User Account Control: Only elevate executables that are signed and validated policy setting.

 

Tutorial:
You should enable the User Account Control: Only elevate executables that are signed and validated policy setting. User Account Control (UAC) is a new security component in Windows Vista that helps mitigate the impact of malware. UAC limits administrator-level access to authorized processes by requiring all users to run applications and tasks with a standard user account. Windows Vista includes various UAC policy settings that can be used to control the behavior of UAC on client computers. The User Account Control: Only elevate executables that are signed and validated policy setting enforces PKI signature checks on any interactive application that requests elevation of privilege. When you enable this policy setting, the PKI certificate chain validation of a given executable is enforced before it is allowed to run.

 

You should not enable the User Account Control: Only elevate UIAccess applications that are installed in secure locations policy setting. This policy setting is used to enforce the requirement that applications that request execution with a UIAccess integrity level must reside in a secure location on the system. Enabling the User Account Control: Only elevate UIAccess applications that are installed in secure locations policy setting will not ensure that PKI signature checks are enforced on any interactive application that requests elevation.

 

You should not enable the User Account Control: Virtualize file and registry write failures to per-user locations policy setting. The virtualization technology in Windows Vista supports applications that are not UAC compliant and that have required an administrator’s access token to run correctly in the past. Virtualization is used to make non-UAC-compliant applications compatible with Windows Vista. When a non-UAC-compliant administrative application attempts to write to a protected directory, such as Program Files, UAC provides the application its own virtualized view of the resource it is attempting to change, by using a copy-on-write strategy. This virtualized copy of the resource is maintained under the user’s profile. When you enable this policy setting, virtualization supports the running of pre-Windows Vista applications that failed to run as a standard user. When you disable the User Account Control: Virtualize file and registry write failures to per-user locations policy setting, non-UAC-compliant applications that attempt to write to protected areas will silently fail. Enabling this policy setting will not ensure that PKI signature checks are enforced on any interactive application that requests elevation.

 

You should not enable the User Account Control: Detect application installations and prompt for elevation policy setting. This policy setting determines the behavior of application installation detection for the entire system. When you enable this policy setting, application installation packages that require an elevation of privilege to install will be detected and the elevation prompt that is configured is triggered. Enabling the User Account Control: Detect application installations and prompt for elevation policy setting will not ensure that PKI signature checks are enforced on any interactive application that requests elevation.

 

Reference:
Microsoft Windows Vista TechCenter > Understanding and Configuring User Account Control in Windows Vista

 

Microsoft Windows Vista TechCenter > Security Policy Settings New for Vista

 

MSDN Home > MSDN Magazine > January 2007 > Least Privilege > Teach Your Apps To Play Nicely With Windows Vista User Account Control

Like what you see? Share it.Share on Google+Share on LinkedInShare on FacebookShare on RedditTweet about this on TwitterEmail this to someone
cmadmin

ABOUT THE AUTHOR

Posted in Archive|

Comment: