You will find a number of welcome security enhancements in Windows 7 RC1. For the very first user account created during setup, it is automatically made a member of the built-in Administrators security group. This account will likely remain the primary account used daily by the majority of users. Normally, a standard user account belongs only to the Users group and this is the recommended account type to create and use on a regular basis.
By default, the User Account Control (UAC) settings is set to “Notify me only when programs try to make changes to my computer” for administrative accounts (”Always notify” for others). Together with other improvements in this space, it is no longer as intrusive or disruptive compared to its predecessors, notably Vista. The changes should make Windows 7 - an already attractive platform before its official release - your future choice for work or play.
Some security highlights using an administrative account* in Windows 7 RC1 include:
- default check against “Allow all users to install updates on this computer” under Windows Update enables exactly what it describes; you can now specify how Automatic Updates will behave (in standalone, non Active Directory Group Policy environment)
- run ipconfig /release, ipconfig /renew but not ipconfig /registerdns (these apply to a standard user as well); modifying network adapter settings such as TCP/IP properties via the GUI is no longer UAC blocked
- drag and drop to command-prompt is now possible again e.g. from Windows Explorer (valid for standard users too)
- view and modify date, time, time zone and Internet time synchronization** (”You do not have the proper privilege level to change the System Time” in XP)
- Event Viewer / Windows Logs / Security log is now accessible without UAC or access denied error
- Computer Management / Storage / Disk Management works without errors like “You do not have access rights to Logical Disk Manager on machine_name” in XP
- Device Manager / Update driver software is now possible without first elevating to an administrative account
- you can install an ActiveX control for all users of the machine in Internet Explorer 8 (IE8) shipped with Windows 7 RC1
* certain operations may also apply to the built-in Administrator account
** standard user can change time zone only
Windows 7 Security Enhancements
Test system: Dell Latitude D600, Intel Pentium M 1.40GHz, 512MB RAM, Broadcom 570x Gigabit Integrated Controller, ATI Mobility Radeon 9000 AGP Mobile (32MB), Windows 7 Ultimate RC1 (x86, v6.1 build 7100)
Technorati tags: Windows 7 Client, Beta , Security