Why there is no Power Users group in Windows Vista

by Shijaz Abdulla on 23.03.2008 at 14:02

FACT: A clean install of Windows Vista will not have the Power Users local group.

The Power Users group in Windows XP, Windows 2000 and Windows Server 2003 was a little ‘too powerful’.

One of the main reasons why users were made Power Users was because this group had rights install software and device drivers. If you can install software and drivers, then this means you can elevate yourself to an Administrator or run programs in the SYSTEM context.

This is no longer a neccessity with Windows Vista because it includes a signed installer that allows normal users to install packages signed by a trusted root. (The “Trusted Installer” is a service that has a SID, so you’ll see it in the permissions list on various objects throughout the operating system.) The installer validates the digital signature certificate chain, then elevates itself to perform the actual installation. (Does User Account Control ring a bell?!)

At the end of the day, users get the ability to install and update approved software packages without being a “Power” user.

Trackback Permanent Link

2 Responses to Why there is no Power Users group in Windows Vista

Leave a Reply