Information about the UAC dialog in Vista

The UAC prompt runs by default policy on the Secure Desktop. This desktop is the same desktop where the LogonUI runs. It is ACLed down to system process only. Most viruses and malware run as user-mode processes. Only by elevating to Admin does malware get an opportunity to damage the entire box.

So LogonUI and the UAC dialog are both SYSTEM level processes. They are the only pieces of UI that run natively at that privilege level. There are 4 ways to get from the interactive desktop (running at the MEDIUM privilege level) to the secure desktop (running at HIGH):


1. Initiate a SAS (Secure Attention Sequence) - The most commonly used SAS is CTRL+ALT+DELETE (CAD). This tells the WinLogon state machine to switch desktops, usually by bringing up LogonUI.exe. A less commonly used SAS is Win+L which will automatically "Lock" the desktop in Vista.

2. Have a SYSTEM process broker the desktop switch with WinLogon - This is what UAC does.

3. Have a properly registered Accessibility tool initiate a software SAS (in conjunction with the proper policy setting and manifest marking) - This is what AT and Remote Access apps must do. It's not free and you must convince the IT Admin to enable policy.

4. Install a kernel-mode keyboard driver - This driver can do whatever it wants. If you've managed to get someone to install a kernel-mode driver, you have owned the machine.