NVAPI Security

NVAPI Security Info:

User administrator privilege is required to access certain driver features, as per NVIDIA's overall security vision. This helps mitigate the impact of malware. Each API that requires the administrator access, will return NVAPI_INVALID_USER_PRIVILEGE error, when run with standard user privilege. The application will require Administrator privileges to access this API, which can be elevated to a higher permission level by selecting "Run as Administrator" in Admin approval mode.

Windows access control policy:

By default, standard users and administrators access resources and run apps in the security context of standard users. When a user logs on to a computer, the system creates an access token for that user. The access token contains information about the level of access that the user is granted, including specific security identifiers (SIDs) and Windows privileges. With the built-in UAC elevation component, standard users can easily perform an administrative task by entering valid credentials for a local administrator account. The alternative to running as a standard user is to run as an administrator in Admin approval mode. With the built-in UAC elevation component, members of the local Administrators group can easily perform an administrative task by providing approval.

The one exception is the relationship that exists between parent and child processes. Child processes inherit the user's access token from the parent process. Both the parent and child processes, however, must have the same integrity level. Windows 10 protects processes by marking their integrity levels. Integrity levels are measurements of trust. A "high" integrity application is one that performs tasks that modify system data. Apps with lower integrity levels cannot modify data in applications with higher integrity levels. When a standard user attempts to run an app that requires an administrator access token, NVIDIA driver requires that the user provide valid administrator credentials.

Application Manifest:

An app manifest is an XML file that describes and identifies the shared and private side-by-side assemblies that an app should bind to at run time. The app manifest includes entries for UAC app compatibility purposes. Administrative apps that include an entry in the app manifest prompt the user for permission to access the user's access token. Although they lack an entry in the app manifest, most administrative app can run without modification by using app compatibility fixes. App compatibility fixes are database entries that enable applications that are not UAC-compliant to work properly.

All UAC-compliant apps should have a requested execution level added to the application manifest. If the application requires administrative access to the system, then marking the app with a requested execution level of "require administrator" ensures that the system identifies this program as an administrative app and performs the necessary elevation steps. Requested execution levels specify the privileges required for an app.

UAC slider level:

The slider will never turn UAC completely off. If you set it to Never notify, it will:

• Keep the UAC service running. Cause all elevation request initiated by administrators to be auto-approved without showing a UAC prompt.
  
• Automatically deny all elevation requests for standard users.

Important: In order to fully disable UAC you must disable the policy User Account Control: Run all administrators in Admin Approval Mode.

Warning: Universal Windows apps will not work when UAC is disabled.

References: For more details on Windows user account control, refer to https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/how-user-account-control-works