Lekki zestaw bez av realtime

[Creer]

Tzn. mógłbyś to rozwinąć?

Edytowalem swoj pierwotny post - dodalem link (Step 5)

Eugeniusz poczytaj oprocz tego co wyzej jeszcze to:
-http://www.wilderssecurity.com/showthread.php?t=262686
-http://www.wilderssecurity.com/showthread.php?t=256366

Jesli chodzi o LUA/UAC:
-http://technet.microsoft.com/en-us/library/dd835561%28WS.10%29.aspx

When an administrator logs on, two separate access tokens are created for the user: a standard user access token and an administrator access token. The standard user access token contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed. The standard user access token is used to start applications that do not perform administrative tasks (standard user applications). The standard user access token is then used to display the desktop (Explorer.exe). Explorer.exe is the parent process from which all other user-initiated processes inherit their access token. As a result, all applications run as a standard user unless a user provides consent or credentials to approve an application to use a full administrative access token.

A user that is a member of the Administrators group can log on, browse the Web, and read e-mail while using a standard user access token.When the administrator needs to perform a task that requires the administrator access token, Windows 7 automatically prompts the user for approval. This prompt is called an elevation prompt, and its behavior can be configured by using the Local Security Policy snap-in (Secpol.msc) or Group Policy.

Czyli w skrocie - normalnie pozwalasz na uruchamianie aplikacji ze standardowym tokenem dzialajac na koncie z uprawnieniami administratora chyba, ze celowo wyrazisz zgode na uruchomienie danej aplikacji z podniesionymi prawami (uprawnienia administratora). Ma to naturalnie swoje plusy i minusy.

BTW.

[Aby zobaczyć linki, zarejestruj się tutaj]