AndyC said:Larry Osterman said:*snip*
I'm not sure I understand you. UAC is the Integrity Levels technology.
"I'm not sure I understand you. UAC is the Integrity Levels technology."
Actually it's not. UAC is the ability to run with a split token (one with the admin rights removed that is active, the other with full admin privileges that isn't) and create processes that either run with the split token or the full admin token. It's basically the equivilant of the old XP "makemeadmin.cmd" (or the "dropmyrights.cmd"). The problem with UAC is that there is nothing preventing an app on the desktop from injecting code in the application running elevated (since they're running as the same base account) and taking over the system. IL is what makes that difficult because it blocks processes running at a lower integrity level from opening processes at a higher integrity level for write access.