What makes c:\Program Files UAC-protected?

Question

I know that c:\Program Files is UAC-protected, and if I allow a user to install to d:\Program Files, this is not, by default, UAC protected. What makes c:\Program Files UAC protected other then the directory security settings? Is it simply directory security, or is there something else that Windows does to make it special?

I am trying to advise someone if it is possible to make d:\Program Files sort of as equivalently secure as c:\Program Files. If I were to create d:\Program Files with the same directory security as c:\Program Files, would these folders be equivalent?

Answer 1

Directory security alone dictates what a user can or can't do in regards to adding, deleting or changing files in that folder. UAC only comes into play in that even for users in the Administrators group in Windows, you now (by default) DON'T have the admin token attached to your login session. When you try to do a privileged action, Windows doesn't let you and begins the process to try and get a user that does have admin access. Since your account is a member of Adminstrators, UAC will show the Allow /Deny dialog, and FOR THAT ACTION ONLY the admin token will attach to your logon session. Since you're a member of admin, you can click just OK or cancel. If you were not, you'd be prompted for logon credentials for an account which does have admin privileges.

You can read more about UAC and what's going on behind the scenes here: http://technet.microsoft.com/en-us/library/dd835561(v=ws.10).aspx

Answer 2

No.

UAC is (mostly) not magic.

Folders like Windows or Program Files simply have ACLs which do not grant write access to users without administrative privileges.

Answer 3

One important aspect of the protected folders is the mandatory label assigned to them, which determins the integrity level (criticality) of these locations. If you install in 'D:\Program Files' in any post vista windows version the following will happen 1 - You will be asked for your consent via the UAC prompt. 2 - Windows will assign the label of 'Trusted Installer' to the D:\Program Files folder which gives it a very high integrity. The 'trusted installer' integrity level alone is enough to make your folder protected, any process below the trusted installer integrity level (which is practically all of them) will have to answer to a UAC (consent or credential) prompt before it can proceed.

For more on Windows Integrity Mechanism, UAC prompts and windows security internals, please visit http://securityinternals.blogspot.com