User Account Control Overview

User Account Control (UAC) is a new set of infrastructure technologies in this version of Windows that helps prevent malicious programs, sometimes called "malware," from damaging a system, while also helping organizations to deploy a better-managed desktop.

With UAC, applications and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC stops the automatic installation of unauthorized applications, and prevents inadvertent changes to system settings.

How does UAC work?

In this version of Windows, there are two levels of users: standard users and administrators. Standard users are members of the Users group and administrators are members of the Administrators group on the computer.

Unlike previous versions of Windows, both standard users and administrators access resources and run applications in the security context of standard users by default. When any user logs on to a computer, the system creates an access token for the user. This access token contains information about the level of access that the user is granted, including specific security identifiers (SIDs) and Windows privileges. When an administrator logs on, this version of Windows creates two separate access tokens for the user: a standard user access token and an administrator access token. The standard user access token contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs have been removed. The standard user access token is used to start applications that do not perform administrative tasks ("standard user applications").

When the administrator needs to run applications that perform administrative tasks ("administrator applications"), this version of Windows prompts the users to change or “elevate” their security context from a standard user to an administrator. This default administrator user experience is called Admin Approval Mode. In this mode, applications require specific permission to run as an administrator application (an application that has the same access as an administrator).

When an administrator application is starting, by default a User Account Control message appears. If the user is an administrator, the message gives a choice to allow the application to start or to prevent it from starting. If the user is a standard user, the user can enter the user name and password of an account that is a member of the local Administrators group.

Note:

When designing an application, the software developer should identify the application as either an administrator application or a standard user application. If an application has not been identified as an administrator application, Windows treats it as a standard user application. However, administrators can also mark an application to be treated as an administrator application.

Additional Resources