Understanding User Account Control in Windows 7

User Account Control, otherwise known as UAC, was regularly cited as one of Vista’s problems and was even the subject of an Apple advertisement.  However, this feature has greatly increased the security of Vista computers, and today we’ll see how it’s been improved in Windows 7.

What is UAC?

UAC is a feature of Windows Vista and 7 designed to prevent unauthorized changes to your computer.  Recent versions of Linux and Mac OS X have similar prompts when changing settings or installing programs as well.  This is a crucial feature that makes your computer much more secure.

By default, even an administrator account in modern versions of Windows does not have full access to modify system settings and install programs.  Thus, if you try to install a program or change critical settings, you may see your desktop fade and show only a prompt window asking if you’re sure you want to do this.  This is a secure desktop, designed to prevent a program from automatically approving itself.

image

While this may simply seem like a nuisance, it actually protects your system from malicious programs.  For instance, if you inserted a flash drive that had a worm virus into your computer, it would attempt to automatically run and install on your computer without your knowledge.  UAC, however, would catch it, and ask you whether or not you wanted to install the program.  You could easily know that you did not want it since you did not initiate the install, and thus you would protect your computer and data.

What types of UAC prompts may I see?

The UAC prompt you see may vary depending on the program you are installing.  If you are installing or configuring a program that has been signed with a security certificate, the prompt may look something like this.  Notice that it shows the program’s name, publisher, and origin.

 image

If you click Show details, you can see where the file is stored and can view its security certificate.

 image

Unsigned applications may show a different UAC prompt.  It states that the publisher is unknown, and since it is unsigned there is no certificate to view.  Additionally, this prompt has a yellow banner which alerts that the program is from an unknown publisher.

image

If you’re using a standard account in Windows, then you will be required to enter the administrative password to accept a UAC prompt.

image

When will I see a UAC prompt?

Usually it is fairly easy to tell when you will see a UAC prompt.  First, installing or making changes to any application, or for that matter changing any file that is outside your User folder will require you to authenticate the changes.  Some older programs may actually require a UAC prompt each time they run; this will only occur if they change critical settings or store files in secure folders every time they run.  You may notice a shield icon on programs or installers that will launch a UAC prompt before running.

image

Windows Vista always created a UAC prompt whenever any Windows settings were changed.  In Windows 7, the default is to not prompt you when changes are made to Windows.  However, changing some critical settings, such as the UAC settings, will cause a prompt.  You can tell when an action will create a UAC prompt by the shield logo over the Ok button or beside its name.

image

Finally, you can choose to run any program in administrative mode.  This is helpful if, for instance, you need to change a setting via Command Prompt and need administrative privileges.  To launch a program in administrative mode, simply right-click on it’s icon and select “Run as Administrator.”  Doing this will always require accepting a UAC prompt.

image

How can I change UAC’s settings?

In Windows Vista, UAC had two settings: on and off.  Windows 7 offers more granular controls for UAC.  Simply type “UAC” into your start menu search, and select “Change User Account Control Settings” to change how UAC works on your computer.

image

This panel gives you direct controls on how UAC will work on your computer.  The default settings will notify you if programs try to make changes to your computer, but not if you change Windows settings.  As previously noted, changing certain Windows settings such as these UAC settings will still require approving a UAC prompt.

image

The top setting is the absolutely most secure, and is how UAC worked in Windows Vista.  It will notify you whenever any change is made to your computer, including changing any Windows settings.

image

The step down from the Windows 7 default settings is similar to the default settings in Windows 7, but will not dim the desktop when a UAC prompt comes up.  This may make your system less secure, as some malicious programs could automatically approve the UAC prompt when it is in this mode.

image

Or, if you wish to never see a UAC prompt, you can select the lowest setting.  This leaves your system settings similar to Windows XP, which never prompts when any changes are made or programs are installed.  We do not recommend this setting, but it is available if you want it.  If you do choose to turn off UAC, the changes will not take place until you have restarted your computer.

image

Conclusion

In our opinion, UAC is one of the best features in Windows Vista and 7 as it can keep your computer much more secure than it was in Windows XP and older versions.  UAC is also much less annoying in Windows 7, and you can adjust it to exactly the level of security you need.

Further reading:

Disable UAC in Windows Vista

Info about UAC from the Engineering Windows 7 Blog

Matthew digs up tasty bytes about Windows, Virtualization, and the cloud, and serves them up for all to enjoy!

  • Published 03/1/10
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!