The Windows 7 OS provide a new security management mechanism that is User Account Control (UAC). So, what is UAC or what can it do? To be brief ,that is if the other users ,not the administrator want to do some changes to the operating system, they must receive the permission from the administrator. When they want to change, the OS will automatically send the notice to the administrator, who determines whether to allow these changes. In the previous OS editions there is the limit like that, but greatly improvement in Windows 7.UAC not only makes the level of the users more granular, also automatically inform the administrator.
1.The administrator can choose the different levels to control the users according the requirements.
In Windows 7, UAC has four grades. The highest level is “Windows 7’s UAC setting is set to “Notify me when any changes in my computer”. That is to say, when the users install the application software or get the applications upgrade, or the applications want to do some changes to the OS such as modify ,change the Windows setting of modification ,change and so on ,which the user do not know , the system will prompt UAC to make the users informed.
The second level is “by default, Windows 7’s UAC setting is set to “Notify me only when programs try to make changes to my computer”. Differently from the first level ,the key change is not to notify system administrator when the Windows setting changed. Even though there are malware or autorun programs inserting into the system, it won’t have much impact on the OS. Because the programs couldn’t change the system setting such as this registry setting, Defaults page of IE browser, and the Service start-up list and so on. For most of the users ,especially for the enterprise users, this security level is enough .Higher the level ,more inflexible the system. Too high level will make the system administrator very busy.
The third and the fourth levels gradually reduce the security, finally down to no security .This level is similar to the control-lever of the previous IE .Both of them is a control-level named by Microsoft itself. The administrators need to know about the details of each of the control-levels to set the security level fit for the enterprise. Generally speaking ,the higher the level is ,more safe the system is . Unfavorably, the administrator would spend more time in the complaint from the users, as the users made any changes to the system ,which would notify the administrator .But , you cannot burn the candle at both ends. The administrator must give a choice between the security and the flexibility.
2. How to notify the administrators when the authority was not enough?
When you read this, had you used workflow products from Microsoft or other companies? In fact, the Microsoft was effective in borrowing from the way the workflow software cope with that problem. When the users without enough authority tried to change one setting or some security application, the system will send a request to the administrator. When the system administrator login next time, he would see the dialog box, which would show these changes the users tried to. After checking over whether these message to damage the stability of the system, the admin will tell the system to allow or refuse the changes by the dialog box.
At last, the system would automatically send the information back to the users, who can continue the setup of the application programs or the change of the OS setting via the permission of the administrator. Obviously, these workflow was familiar to us ,who once used that. When you read this , will say “Oh, just a process of the workflow!” However, in Windows 7 operating system, everywhere is the workflows. This is a human Oriented Design in the Win7 OS.
