You might have noticed that, occasionally, the Run dialog will display a little Windows Security shield and message indicating that anything you run will be considered to already have passed through UAC.
Raymond Chen blogged about this quite a while ago, but I think it's a fascinating little tidbit in the huge complex machine that is Windows; it deserves a tiny bit more recognition. (And, hey, more trivia for us geeks!)
Basically, that line appears if the Explorer instance that controls the taskbar and desktop is considered elevated. I'm guessing it will also appear all the time if you disable the UAC boundary, which is a very bad idea from a security standpoint.
How does Explorer get elevated? The only non-suspicious way this could happen is that Explorer died (bad shell extension, probably), you launched Task Manager, elevated it (with the "Show all processes" button on Windows 7 or by checking "Create this task with administrative privileges" on Windows 8), and recreated Explorer.
Since Explorer is responsible for the Run dialog, any processes created with it will inherit its elevatedness. (By the way, it is very difficult for me to resist the urge to print out a picture of the Windows Security shield and post it on every elevator I see.) If you don't want the new processes to be elevated, kill the elevated Explorer with Task Manager and make sure not to press any UI elements with the Windows Security shield.
No comments:
Post a Comment