If your environment requires all applications to be signed and validated with a trusted
certifcate, you can enable this policy. When enabled, Windows
Vista will refuse to run any executable that is not signed with a trusted certifcate. All software
with the Certifed For Windows Vista logo must be signed with an Authenticode certifcate,
This setting is disabled by default,which allows users to run any executable, including
potentially malicious software.
User Account Control: Allow UIAccess Applications to Prompt For Elevation
Without Using The Secure Desktop.
This setting controls whether User Interface
Accessibility (UIAccess) programs can automatically disable the secure desktop By
default, this setting is disabled When enabled, UIAccess applications (such as Remote
Assistance) automatically disable the secure desktop for elevation prompts Disabling
the secure desktop causes elevation prompts to appear in the standard desktop.
User Account Control: Only Elevate UIAccess Applications That Are Installed In
This setting, causes Windows Vista to
grant user interface access to only those applications started from Program Files, from \Windows\System32\,
or from a subdirectory.This setting effectively prevents non-administrators
from downloading and running an application because non-administrators will not have
the privileges necessary to copy an executable file to one of those folders.
User Account Control: Run All Administrators In Admin Approval Mode:
This setting, causes all accounts with administrator privileges except
for the local Administrator account to use Admin Approval Mode If you disable this
setting, Admin Approval Mode is disabled for administrative accounts, and the Security
Center will display a warning message.
User Account Control:
Switch To The Secure Desktop When Prompting For
This setting, causes the screen to darken when a UAC
prompt appears. If the appearance of the entire desktop changes,it is very diffcult
for malware that has not been previously installed to impersonate a UAC prompt.
User Account Control: Virtualize File And Registry Write Failures To Per-User
This setting, improves compatibility with applications
not developed for UAC by redirecting requests for protected resources.