Q. I'm using over-the-shoulder (OTS) elevation with User Access Control (UAC), but I'm concerned about malware stealing my credentials by faking the UAC screen. What can I do?

John Savill

April 29, 2010

1 Min Read
ITPro Today logo in a gray background | ITPro Today

A. UAC has had a lot of bad press, but it's a very good technology that helps to secure an environment. OTS elevation lets an administrator supply credentials by typing them during an elevation request. By default, when you use OTS, your credentials are entered in a separate, secure desktop that stops interaction with the rest of the desktop to make it harder for applications to interfere—but not impossible.

You can add extra security by requiring the user to press Ctrl+Alt+Del (the secure attention sequence) before typing the credentials, which ensures no malware can fake the request, because no process other than the core OS can respond to the Ctrl+Alt+Del combination.

To enable the secure attention sequence requirement, set the Require trusted path for credential entry Group Policy setting, which can be found at Computer Configuration, Policies, Administrative Templates, Windows Components, Credential User Interface. Just make sure you consider the end user experience before enabling this. People don't like the impact UAC can add, and making them also press Ctrl+Alt+Del won't help your office cred .

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like