Using UAC elevation in Windows Explorer to view a folder creates access control entry

Note to Vista and Windows 7 users: using UAC elevation in Windows Explorer to view a folder's contents creates an access control entry giving the current user permanent full access to the given folder, its files, and all subfolders! This behavior is by design, not a bug.

Example: I am using Windows Explorer from the standard user account schmo to browse files in c:\users\brian, where brian is an admin account. This requires UAC elevation with an admin password. Looking at the security of folder c:\users\brian, there an access control entry giving schmo full control of all files and subfolders within c:\users\brian! As a result, if I encounter malware while using account schmo, the malware could read and modify all files within c:\users\brian, which normally would have been inaccessible to schmo.

 

Are you using windows 7 ?
Is so what is your UAC level set to ?

 

Is there a way around giving the permanent access or does one have to reset this manually if it's a concern? If it's by design, what was their intentions in having designed this way?

 

Yes, Win x64 with UAC set to highest. Are you able to reproduce on your OS?

I didn't try it on Vista but I assumed it's the same there. Maybe somebody using Vista can test.

 

I believe the reason for this behavior is that UAC cannot elevate already running processes, and explorer.exe is already running when you use your computer. See http://vistavitals.blogspot.com/2008/06/uac-elevate-windows-explorer.html for further explanation and some workarounds.

Some other workarounds:
1. Use an alternate file explorer running elevated
2. Use Windows Explorer in the hidden administrator account that always runs as true admin

I didn't research this issue a lot. You can get some further information by doing a web search for "Windows explorer" elevated.

Some discussions about this issue:
http://social.technet.microsoft.com...y/thread/1798a1a7-bd2e-4e42-8e98-0bc715e7f641