Mandatory Integrity Control in Windows 10/8/7

Windows Vista introduced a new security construct called Mandatory Integrity Controls (MIC), which is similar to integrity functionality long available in the Linux and Unix worlds. In Windows Vista and later versions like Windows 7 and Windows 10/8, all security principals (users, computers, services, and so on) and objects (files, registry keys, folders, and resources) are given MIC labels.

Mandatory Integrity Control

Mandatory Integrity Control (MIC) provides a mechanism for controlling access to securable objects and helps defend your system safe from a malicious Web, provided your browser supports them.

The purpose behind integrity controls, of course, is to give Windows another layer of defense against malicious hackers. For example, if a buffer overflow is able to crash Internet Explorer (and not a third-party add-on or toolbar), the resulting malicious process will often end up with Low integrity and be unable to modify Windows system files. This is the primary reason so many Internet Explorer exploits have resulted in an “important” severity rating for Windows, a but a higher “critical” rating for Windows XP.

Internet Explorer Protected Mode (IEPM) is built around mandatory integrity control. The IEPM process and extensions run at low integrity and therefore have write access only to the Temporary Internet Files\Low folder, History, Cookies, Favorites, and the HKEY_CURRENT_USER\Software\LowRegistry key.

While it’s completely invisible, mandatory integrity control is an important advance in maintaining the security and stability of Windows OS.

Windows defines four integrity levels:

  1. Low
  2. Medium
  3. High
  4. System.

Mandatory Integrity Control

Standard users receive medium, elevated users receive high. Processes you start and objects you create receive your integrity level (medium or high) or low if the executable file’s level is low; system services receive system integrity. Objects that lack an integrity label are treated as medium by the operating system—this prevents low integrity code from modifying unlabeled objects.

Further reading:

  1. MSDN Blogs
  2. Technet Blogs.
Posted by on , in Category Security with Tags
Anand Khanse is the Admin of, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

One Comment

  1. Randy Land

    We are having some performance issues in IE and Chrome with authenticated users that I suspect are related to their MIC level. We don’t want to elevate them to local administrators on Wndows 7, but we also don’t want to have to track down every little component and manage the rights one-by-one. Is their a SID with a high MIC level that is not an Administrator?

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 6 =