The New Way
Microsoft's solution, called User Account Protection (UAP), makes a lot of sense. It's attacking the problem from both sides. On one side, it's expanding the scope of Limited account privileges. For example, locking down the system clock is an important thing to do for security purposes on a Limited account. But there's really nothing wrong with allowing the user to change the time zone of a Limited account. You can't make that change from a Windows XP Limited account, but you'll be able to do that in Vista. So, Microsoft is running through all the privilege restrictions on the Limited account to liberalize aspects of default privileges smartly, when loosening does not pose a security threat.
 Once you turn on User Account Protection, when you try to access a protected function from a Limited user account, you're given the Unlock option. Click to Enlarge |
The other part of the software giant's strategy is to borrow the privileges of your Administrator account by authenticating to it. In a Windows Vista Limited account, it is possible, for instance, to change the system date, month, year, and so forth. The way you do that is by double-clicking the clock in the system tray (or opening the Date and Time Control Panel). A new Unlock button appears on the dialog. When you click that button, you're prompted to enter the name of a user account with administrator privileges and its password. When you clear that hurdle, you'll be given full access to make date and time changes.
 When you click the User Account Protection Unlock button, you're confronted with this authentication prompt. You provide the password to prove that you have Administrator privileges. Click to Enlarge |
Installing Apps
That's all well and good, but the most frustrating scenario occurs when you want to install a new application. Limited accounts do not have the right to install programs. And this is probably the single biggest reason why so many Windows users who have tried Limited accounts in the past have gone back to accounts with Administrator privileges. So you'd think Microsoft would just apply the same logic to the process that they did with the system clock. And they have. But software makers must also join the effort to make this work. They have to make their applications Limited-account-aware and provide the Unlock functionality in their setup routines.
Microsoft is a much better-than-average market leader when it comes to creating structured environments for third-party software and hardware providers, helping them work toward shared goals like this one. And I suspect that most mainstream business applications will support Windows Vista's User Account Protection features in fairly short order. But there are literally thousands and thousands of shareware and freeware apps whose makers will probably never get around to adding this support. Or, at the least, won't do so for years to come. And that means that people trying to use Limited accounts especially in the early going may be frustrated enough by the installation hassles that they'll go back to working out of a user account with full-fledged Administrator privileges. And that will defeat the whole purpose.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
