Q. I'm using over-the-shoulder (OTS) elevation with User Access Control (UAC), but I'm concerned about malware stealing my credentials by faking the UAC screen. What can I do?

A. UAC has had a lot of bad press, but it's a very good technology that helps to secure an environment. OTS elevation lets an administrator supply credentials by typing them during an elevation request. By default, when you use OTS, your credentials are entered in a separate, secure desktop that stops interaction with the rest of the desktop to make it harder for applications to interfere—but not impossible.

You can add extra security by requiring the user to press Ctrl+Alt+Del (the secure attention sequence) before typing the credentials, which ensures no malware can fake the request, because no process other than the core OS can respond to the Ctrl+Alt+Del combination.

To enable the secure attention sequence requirement, set the Require trusted path for credential entry Group Policy setting, which can be found at Computer Configuration, Policies, Administrative Templates, Windows Components, Credential User Interface. Just make sure you consider the end user experience before enabling this. People don't like the impact UAC can add, and making them also press Ctrl+Alt+Del won't help your office cred Smile.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.