I don't know anything about Windows and try to understand the concepts about Permissions. Unfortunately, simply Googling doesn't help at all.
Windows says that my user is a member of the "Administrator" group. But yet, when I normally run programs, such as PowerShell, they reject to do certain things, such as installing new services. However when I select "Run as Administrator" in the Start-Menu, they suddenly are able to do so. What's the mechanism behind that?
I created a file within a process (PowerShell) that was "Run as Administrator" and then checked the owner of the file in Windows. But much to my surprise, the owner was my own user, instead of the "Adminstrator" user.
What's going on?
答案1
See the Microsoft article Understanding User Account Control (UAC) and especially the section Standard and Administrator Access Tokens that fully explains what happens:
Standard and Administrator Access Tokens
- 当管理员登录时,将为用户分配两个单独的访问令牌:
- 完整的管理员访问令牌和
- 标准用户访问令牌。
- 直到用户尝试执行管理任务时,才会调用完整的管理员访问令牌。
- 换句话说,如果您以本地管理员组成员的身份登录,您将在禁用管理权限的情况下运行,直到您尝试运行已标记为需要管理权限的应用程序或任务。启用 UAC 后,本地管理员帐户将作为标准用户帐户运行,直到需要提升权限为止。