What is the relationship (if any) between UAC and ACLs on Windows platforms?

security windows uac access-control-list

Solution 1:

They are related in that UAC relies on the existence of ACLs (and all the related security apparatus) in order to function.

UAC works by removing (technically speaking, disabling) the Administrators token from non-elevated processes. This means that if the ACL for a particular file or folder only allows access to Administrators, non-elevated processes won't have access. That's why an installer can't write to Program Files without elevating first.

EDIT:

See this article for more information about UAC.

In particular: "When an administrator logs on to a computer that is running Windows 7 or Windows Vista, the user is assigned two separate access tokens. Access tokens, which contain a user's group membership and authorization and access control data, are used by the Windows operating system to control what resources and tasks the user can access."

I suppose you could argue that UAC depends on the Windows authorization model, of which ACLs are only a particular component, and that therefore UAC is not related to ACLs. I don't think that's a useful way of looking at it. Let me put it this way: if there weren't any ACLs, UAC would be pointless.

You should also read this article which addresses some common misconceptions about UAC, and in particular the misconception that it is a security feature: "The primary goal of UAC is to enable more users to run with standard user rights. However, one of UAC's technologies looks and smells like a security feature: the consent prompt. Many people believed that the fact that software has to ask the user to grant it administrative rights means that they can prevent malware from gaining administrative rights."

Solution 2:

They're separate security schemes. UAC flips the display and prompts you to separately authenticate the application you're trying to install/modify/etc.

ACLs determine what you can/can't access, etc. There is no commonality between the two.

As a thought experiment: you have an installer (install.exe) in a folder (C:\folder). If the user lacks permission to access the folder, the installer will never run, regardless of whether UAC is enabled or not. If the user does not have software installation rights, the installer will not run, regardless of whether UAC is enabled. If the user DOES have access to the folder, and can install software, the installer will run regardless of whether UAC is enabled.

UAC was not intended to replace ACLs. It was grafted onto Windows to try to prevent silent installs and program escalations.

xxxxxx

Related

What issues are there in using Gmail for a corporate email solution?
Python Hosting
invoking telnet from two different interfaces
Linux: How to see live numbers of bytes/second transferred to/from hard drive?
Is it OK to use local. in an active directory domain name
Server 2012 Cannot find C: Boot to cd
In Ubuntu I make changes to php.ini but nothing happens
In *nix, how to determine which filesystem a particular file is on?
How to connect to a udp port command line?
IT lead does not have a backup, DR plan in writing [closed]
Is a Network Switch IP-Aware?
Battling Bittorrent