Formula
Group
OS
Keywords
WindowsMicrosoftOS
Last edited time
May 3, 2024 11:52 AM
Slug
Status
Draft
Title
Code inside page
Github
👉 Overview
👀 What ?
Windows Integrity Levels (IL) is a security component of Microsoft's Windows operating system, which is designed to prevent unauthorized access to system resources. It is a part of Windows' Mandatory Integrity Control (MIC), a core component of the Windows security model. At its most basic level, an IL is a label that is assigned to an object (a process, a file, a registry key, etc.) that specifies the trustworthiness of the object. The ILs range from 'Low', 'Medium', 'High', to 'System'.
🧐 Why ?
Understanding Windows Integrity Levels is crucial as it is an integral part of Windows security model and plays a key role in limiting the potential damage that can be done by malware or a hacker. By assigning an IL to every object, the operating system can prevent a lower-integrity process from modifying or interacting with a higher-integrity object, thereby limiting the potential for malicious activity.
⛏️ How ?
To view the integrity level of a process on Windows, you can use the built-in 'Process Explorer' tool. In the 'Process Explorer', navigate to 'View' > 'Select Columns' > 'Process Image' tab, and check the 'Integrity Level' box. To change the integrity level of a process, you can use the 'icacls' command-line utility, although this should only be done by experienced administrators as it can have significant implications for system security.
⏳ When ?
The concept of Windows Integrity Levels was introduced with Windows Vista in 2006 and has been a component of all subsequent versions of the Windows operating system.
⚙️ Technical Explanations
At a technical level, Windows Integrity Levels are implemented as an attribute of a security access token, which is assigned to each process when it is started. The token's integrity level is then used by the operating system's access control mechanism to determine whether the process should be allowed to access a particular object. This is done by comparing the integrity level of the process to the integrity level of the object. If the process's integrity level is lower than the object's, the process is not allowed to write to or delete the object. This mechanism is a key part of the Windows security model, as it can prevent a process that has been compromised by malware from modifying system files or other critical resources.