1
00:00:01,640 --> 00:00:08,140
Walk into the module entitled Windows security in this module will look at the technologies that further

2
00:00:08,140 --> 00:00:11,250
improve the safety and reliability of this operating system.

3
00:00:16,370 --> 00:00:22,010
The first function to further protect Windows users is the User Account Control which was widely commented

4
00:00:22,010 --> 00:00:29,650
on particularly during its premier and for some time afterwards its operation is based on the assumption

5
00:00:29,650 --> 00:00:38,910
that we have two types of users users with standard privileges and users with administrative privileges.

6
00:00:38,940 --> 00:00:46,430
These are users who either belong or don't belong to the computers local Administrators group.

7
00:00:46,570 --> 00:00:53,070
If a user launches any program or process a personal access token for this user is attached to the program.

8
00:00:54,980 --> 00:01:01,970
This means that when logging on to the system we receive a certain token that will identify us it'll

9
00:01:02,010 --> 00:01:07,260
contain our security identifier plus a list of privileges that we have directly or through membership

10
00:01:07,260 --> 00:01:08,250
in various groups

11
00:01:11,970 --> 00:01:17,170
when this automatically attaches such a token to each program we run.

12
00:01:17,190 --> 00:01:19,590
How does a User Account Control function work

13
00:01:24,460 --> 00:01:25,410
in newer versions.

14
00:01:25,420 --> 00:01:30,410
Windows automatically checks user tokens if they're privileged.

15
00:01:30,410 --> 00:01:36,600
The system automatically creates for such a user an additional token which is invisible.

16
00:01:36,610 --> 00:01:39,820
This is a token that's devoid of administrative privileges.

17
00:01:42,200 --> 00:01:49,700
If the administrator logs onto the computer he has two tokens an administrative token or 80 tea and

18
00:01:49,700 --> 00:01:52,670
a standard user access token or set

19
00:01:57,080 --> 00:02:03,290
an important note is that the process can only receive one of these tokens either the token or the set

20
00:02:03,290 --> 00:02:03,880
token

21
00:02:06,590 --> 00:02:09,650
the set token is attached to all processes by default

22
00:02:13,330 --> 00:02:17,140
after receiving the token the process cannot be changed in any way.

23
00:02:18,270 --> 00:02:24,880
This is due to the fact that some programs are closed and restarted when we request additional privileges.

24
00:02:24,880 --> 00:02:32,660
This was the case with Process Explorer such programs must receive a new token with additional privileges

25
00:02:36,840 --> 00:02:39,820
for this mechanism to be somewhat functional.

26
00:02:39,870 --> 00:02:44,580
The designers of Windows assume that the program which requires additional privileges for actions will

27
00:02:44,580 --> 00:02:45,870
ask for such.

28
00:02:46,110 --> 00:02:53,290
In the course of its action the user will be able to decide whether to allow such a program to modify

29
00:02:53,290 --> 00:02:58,290
the user privileges for a work session as well as the entire operating system.

30
00:03:01,310 --> 00:03:03,940
The principle of token inheritance always works

31
00:03:06,620 --> 00:03:12,200
if we have a program running with the administrative token the program activated by it will also receive

32
00:03:12,200 --> 00:03:14,190
this token.

33
00:03:14,360 --> 00:03:18,380
It's worth remembering for example before you run the command with an 8 token

34
00:03:24,490 --> 00:03:28,450
the set token will automatically be assigned to the processes run by the user.

35
00:03:28,720 --> 00:03:30,550
If you belong to the privileged groups

36
00:03:33,330 --> 00:03:35,050
these are predefined groups.

37
00:03:35,340 --> 00:03:40,650
For example groups created during the installation of the operating system.

38
00:03:40,870 --> 00:03:45,460
They are automatically given certain rights.

39
00:03:45,520 --> 00:03:49,180
One of the privileged groups is the administrators group.

40
00:03:49,260 --> 00:03:52,530
Another is the backup operators make create and restore

41
00:03:55,210 --> 00:03:57,650
they have access to data of other users.

42
00:03:58,990 --> 00:04:04,270
For the needs of creating a copy we can read files and folders that we normally don't have access to

43
00:04:06,400 --> 00:04:08,530
this clearly requires raising the privileges

44
00:04:12,040 --> 00:04:17,740
members of the network configuration Operators Group may change system settings including lowering the

45
00:04:17,740 --> 00:04:25,860
level of the security system the advanced user group is really an unused group or at least shouldn't

46
00:04:25,860 --> 00:04:26,970
be used.

47
00:04:28,580 --> 00:04:33,740
This is a group created in order to ensure backward compatibility with certain programs that otherwise

48
00:04:33,740 --> 00:04:36,100
do not want to operate on the Windows environment.

49
00:04:43,330 --> 00:04:50,180
In addition windows checks to see if we have one of the nine specific privileges each of these privileges

50
00:04:50,180 --> 00:04:51,680
may compromise security.

51
00:04:51,680 --> 00:04:54,770
So if we have it it will be automatically withdrawn.

52
00:04:57,830 --> 00:05:04,920
As we create token privilege allows creating new tokens this privilege must be disabled because otherwise

53
00:05:04,920 --> 00:05:10,990
there will be a gap in the entire mechanism.

54
00:05:11,090 --> 00:05:16,660
A person who has the s e TCB privilege may start system processes.

55
00:05:16,790 --> 00:05:23,520
These are processes which operate at a high level of confidence as you take ownership.

56
00:05:23,520 --> 00:05:32,840
Privilege allows taking ownership of objects as the load driver privilege allows installing drivers.

57
00:05:32,860 --> 00:05:40,310
These are processes running in kernel mode system as Restore privilege restores the system's backup

58
00:05:42,390 --> 00:05:46,340
S-E impersonate privilege allows impersonating other users.

59
00:05:46,450 --> 00:05:48,920
We can launch processes acting as someone else

60
00:05:51,730 --> 00:05:53,500
thanks to the SC relabel privilege.

61
00:05:53,500 --> 00:05:59,810
We can change the levels of responsibilities in this way or we can change the integrity and User Account

62
00:05:59,810 --> 00:06:06,500
Control mechanism.

63
00:06:06,540 --> 00:06:11,970
Any person who has the SC debug privilege may connect to other processes and debug or monitor their

64
00:06:11,970 --> 00:06:14,760
action.

65
00:06:14,760 --> 00:06:17,900
Also the previously shown P.W. dump works this way.