User Account Control (UAC)

Dennis Faas's picture

User Account Control (UAC) is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more refined version also present in Windows 7 and Windows Server 2008 R2.

The UAC aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation.

In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system.

User Account Control (UAC) History

Differentiation of a superuser and userland has been common in mainframes and servers for decades. This had an obvious security component, but also an administrative component, in that it prevented users from accidentally changing system settings.

MS DOS, Windows 9x/ME

Microsoft home operating systems (such as MS-DOS, Windows 95, Windows 98 and Windows Me) did not have a concept of different user accounts on the same machine, and all actions were performed as super user.

Windows NT, XP

Windows NT and XP introduced multiple user accounts, but in practice most users continued to operate as super user administrator for their normal operations. Further, many applications tend to assume that the user is super user, and will simply not work if he or she is not.

Windows Vista

Subsequent versions of Windows and Microsoft applications have encouraged the use of non-administrator user logins, but the uptake has been slow. User Account Control is a stronger approach to do this introduced in Vista. But it is difficult to introduce new security features without breaking existing applications.

When logging into Vista as a standard user, a logon session is created and a token containing only the most basic privileges is assigned. In this way, the new logon session is incapable of making changes that would affect the entire system.

Windows 7

In Windows 7, Microsoft updated UAC in several ways. By default, UAC does not prompt when certain programs included with Windows make changes requiring elevated permissions. Other programs still trigger a UAC prompt. The strictness of UAC can be changed to either always prompt, or to never do so.

Tasks that Trigger a UAC Prompt

Tasks that require administrator privileges will trigger a UAC prompt (if UAC is enabled); they are typically marked by a 4-color security shield symbol. In the case of executable files, the icon will have a security shield overlay. Ed Bott's Windows Vista Inside Out lists the following tasks which require administrator privileges:

  • Changes to system-wide settings
  • Installing and uninstalling applications or device drivers
  • Installing ActiveX controls
  • Changing settings for Windows Firewall, or UAC
  • Configuring Windows Update
  • Adding, removing, or changing user accounts
  • Configuring Parental Controls
  • Running Task Scheduler
  • Restoring backed-up system files
  • Viewing or changing another user's folders and files
  • Running Disk Defragmenter

Common tasks, such as changing the time zone, do not require administrator privileges. A number of tasks that required administrator privileges in earlier versions of Windows, such as installing critical Windows updates, no longer do so in Vista.

Any program can be run as administrator by right-clicking its icon and clicking "Run as administrator".

Rate this article: 
No votes yet