User Account Control (UAC) is a
mandatory access control enforcement feature introduced with
Microsoft
Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
's
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
and
Windows Server 2008
Windows Server 2008, codenamed "Longhorn Server" (alternatives: "Windows Vista Server" or "Windows Server Vista"), is the seventh major version of the Windows NT operating system produced by Microsoft to be released under the Windows Server b ...
operating system
An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ...
s, with a more relaxed
[Windows 7 Feature Focus: User Account Control](_blank)
, An overview of UAC in Windows 7 by Paul Thurott version also present in
Windows 7
Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on July 22, 2009, and became generally available on October 22, ...
,
Windows Server 2008 R2
Windows Server 2008 R2, codenamed "Windows Server 7" or "Windows Server 2008 Release 2", is the eighth major version of the Windows NT operating system produced by Microsoft to be released under the Windows Server brand name. It was release ...
,
Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012, made available for download via Microsoft ...
,
Windows Server 2012
Windows Server 2012, codenamed "Windows Server 8", is the ninth major version of the Windows NT operating system produced by Microsoft to be released under the Windows Server brand name. It is the server version of Windows based on Windows ...
,
Windows 8.1,
Windows Server 2012 R2,
Windows 10
Windows 10 is a major release of Microsoft's Windows NT operating system. The successor to Windows 8.1, it was Software release cycle#Release to manufacturing (RTM), released to manufacturing on July 15, 2015, and later to retail on July 2 ...
, and
Windows 11
Windows 11 is a version of Microsoft's Windows NT operating system, released on October 5, 2021, as the successor to Windows 10 (2015). It is available as a free upgrade for devices running Windows 10 that meet the #System requirements, Windo ...
. It aims to improve the security of
Microsoft Windows
Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
by limiting
application software
Application software is any computer program that is intended for end-user use not operating, administering or programming the computer. An application (app, application program, software application) is any program that can be categorized as ...
to standard
user privileges until an
administrator authorises an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges and
malware
Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
are kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorises it.
UAC uses
Mandatory Integrity Control to isolate running processes with different privileges. To reduce the possibility of lower-privilege applications communicating with higher-privilege ones, another new technology,
User Interface Privilege Isolation, is used in conjunction with User Account Control to isolate these processes from each other. One prominent use of this is
Internet Explorer 7
Windows Internet Explorer 7 (IE7) (codenamed Rincon) is a version of Internet Explorer, a web browser for Windows. It was released by Microsoft on October 18, 2006. It was the first major update to the browser since 2001. It does not support ve ...
's "Protected Mode".
Operating systems on mainframes and on servers have differentiated between
superusers and
userland for decades. This had an obvious security component, but also an administrative component, in that it prevented users from accidentally changing system settings.
Early Microsoft
home operating-systems (such as
MS-DOS
MS-DOS ( ; acronym for Microsoft Disk Operating System, also known as Microsoft DOS) is an operating system for x86-based personal computers mostly developed by Microsoft. Collectively, MS-DOS, its rebranding as IBM PC DOS, and a few op ...
and
Windows 9x
Windows 9x is a generic term referring to a line of discontinued Microsoft Windows operating systems released from 1995 to 2000 and supported until 2006, which were based on the kernel introduced in Windows 95 and modified in succeeding version ...
) did not have a concept of different user-accounts on the same machine. Subsequent versions of Windows and Microsoft applications encouraged the use of non-administrator user-logons, yet some applications continued to require administrator rights. Microsoft does not certify applications as Windows-compliant if they require administrator privileges; such applications may not use the Windows-compliant logo with their packaging.
Behavior in Windows versions
*
Windows 1.0–
3.11 and
Windows 9x
Windows 9x is a generic term referring to a line of discontinued Microsoft Windows operating systems released from 1995 to 2000 and supported until 2006, which were based on the kernel introduced in Windows 95 and modified in succeeding version ...
: all applications had privileges equivalent to the operating system;
* All versions of
Windows NT
Windows NT is a Proprietary software, proprietary Graphical user interface, graphical operating system produced by Microsoft as part of its Windows product line, the first version of which, Windows NT 3.1, was released on July 27, 1993. Original ...
up to, and including,
Windows XP
Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct successor to Windows 2000 for high-end and business users a ...
and
Windows Server 2003
Windows Server 2003, codenamed "Whistler Server", is the sixth major version of the Windows NT operating system produced by Microsoft and the first server version to be released under the Windows Server brand name. It is part of the Windows NT ...
: introduced multiple user-accounts, but in practice most users continued to function as an administrator for their normal operations. Further, some applications would require that the user be an administrator for some or all of their functions to work.
*
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
and
Windows Server 2008
Windows Server 2008, codenamed "Longhorn Server" (alternatives: "Windows Vista Server" or "Windows Server Vista"), is the seventh major version of the Windows NT operating system produced by Microsoft to be released under the Windows Server b ...
: Microsoft developed Vista security firstly from the ''Limited User Account'' (LUA), then renamed the concept to ''User Account Protection'' (UAP) before finally shipping User Account Control (UAC). Introduced in
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
, User Account Control (UAC) offers an approach to encourage "super-user when necessary". The key to UAC lies in its ability to elevate privileges without changing the user context (user "Bob" is still user "Bob"). As always, it is difficult to introduce new security features without breaking compatibility with existing applications.
**When someone logs into Vista as a standard user, the system sets up a logon session and assigns a
token containing only the most basic privileges. In this way, the new logon session cannot make changes that would affect the entire system.
**When a person logs in as a user with membership in the Administrators group, the system assigns two separate tokens: the first token contains all privileges typically awarded to an administrator, and the second is a restricted token similar to what a standard user would receive.
***User applications, including the
Windows Shell
The Windows shell is the graphical user interface for the Microsoft Windows operating system. Its readily identifiable elements consist of the desktop, the taskbar, the Start menu, the task switcher and the AutoPlay feature. On some versions of ...
, then start with the restricted token, resulting in a reduced-privilege environment – even when running under an Administrator account.
***When an application requests higher privileges or when a user selects a "Run as administrator" option, UAC will prompt standard users to enter the credentials of an Administrator account and prompt Administrators for confirmation and, if consent is given, continue or start the process using an unrestricted token.
*
Windows 7
Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on July 22, 2009, and became generally available on October 22, ...
and
Windows Server 2008 R2
Windows Server 2008 R2, codenamed "Windows Server 7" or "Windows Server 2008 Release 2", is the eighth major version of the Windows NT operating system produced by Microsoft to be released under the Windows Server brand name. It was release ...
: Microsoft included a user interface to change User Account Control settings, and introduced one new notification mode: the ''default'' setting. By default, UAC does not prompt for consent when users make changes to Windows settings that require elevated permission through programs stored in
%SystemRoot% and digitally signed by Microsoft. Programs that require permission to run still trigger a prompt. Other User Account Control settings that can be changed through the new UI could have been accessed through the
registry in Windows Vista.
*
Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012, made available for download via Microsoft ...
/
8.1 and
Windows Server 2012
Windows Server 2012, codenamed "Windows Server 8", is the ninth major version of the Windows NT operating system produced by Microsoft to be released under the Windows Server brand name. It is the server version of Windows based on Windows ...
/
R2: add a design change. When UAC is triggered, all applications and the taskbar are hidden when the desktop is dimmed.
*
Windows 10
Windows 10 is a major release of Microsoft's Windows NT operating system. The successor to Windows 8.1, it was Software release cycle#Release to manufacturing (RTM), released to manufacturing on July 15, 2015, and later to retail on July 2 ...
and
Windows Server 2016-
2022
The year began with another wave in the COVID-19 pandemic, with SARS-CoV-2 Omicron variant, Omicron spreading rapidly and becoming the dominant variant of the SARS-CoV-2 virus worldwide. Tracking a decrease in cases and deaths, 2022 saw ...
: early versions have the same layout as
Windows 8
Windows 8 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on August 1, 2012, made available for download via Microsoft ...
and
8.1. The
Anniversary Update (including Windows Server 2016, which is based on said update) adds a more modern look, along with support for dark mode. Also, Windows 10 adds support for
Windows Hello in the User Account Control dialog box.
*
Windows 11
Windows 11 is a version of Microsoft's Windows NT operating system, released on October 5, 2021, as the successor to Windows 10 (2015). It is available as a free upgrade for devices running Windows 10 that meet the #System requirements, Windo ...
and
Windows Server 2025
Windows Server 2025 is the fourteenth and current major version of the Windows NT operating system produced by Microsoft to be released under the Windows Server brand name. It was released on November 1, 2024.
Microsoft announced that the su ...
: has mostly the same layout as in later versions of
Windows 10
Windows 10 is a major release of Microsoft's Windows NT operating system. The successor to Windows 8.1, it was Software release cycle#Release to manufacturing (RTM), released to manufacturing on July 15, 2015, and later to retail on July 2 ...
, but with visual changes that match the rest of the operating system's new look and feel.
Tasks that trigger a UAC prompt
Tasks that require administrator privileges will trigger a UAC prompt (if UAC is enabled); they are typically marked by a security shield icon with the 4 colors of the Windows logo (in Vista and Windows Server 2008) or with two panels yellow and two blue (Windows 7, Windows Server 2008 R2 and later). In the case of executable files, the icon will have a security shield overlay. The following tasks require administrator privileges:
*Running an Application as an Administrator
*Changes to system-wide settings
*Changes to files in folders that standard users don't have permissions for (such as %SystemRoot% or %ProgramFiles% in most cases)
*Changes to an
access control list (ACL), commonly referred to as file or folder permissions
*Installing and uninstalling applications outside of:
**The
%USERPROFILE% (e.g. C:\Users\) folder and its sub-folders.
***Most of the time this is in %APPDATA%. (e.g. C:\Users\\AppData), by default, this is a
hidden folder.
****
Chrome's and
Firefox
Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curr ...
's installer ask for admin rights during install, if given, Chrome will install in the Program Files folder and be usable for all users, if denied, Chrome will install in the %APPDATA% folder instead and only be usable by the current user.
**The
Microsoft Store
The Microsoft Store (formerly known as the Windows Store) is a digital distribution platform operated by Microsoft. It was created as an app store for Windows 8 as the primary means of distributing Universal Windows Platform apps. With ...
.
**The folder of the installer and its sub-folders.
***
Steam
Steam is water vapor, often mixed with air or an aerosol of liquid water droplets. This may occur due to evaporation or due to boiling, where heat is applied until water reaches the enthalpy of vaporization. Saturated or superheated steam is inv ...
installs its games in the /steamapps/ sub-folder, thus not prompting UAC. Some games require prerequisites to be installed, which may prompt UAC.
*Installing device
drivers
*Installing
ActiveX
ActiveX is a deprecated software framework created by Microsoft that adapts its earlier Component Object Model (COM) and Object Linking and Embedding (OLE) technologies for content downloaded from a network, particularly from the World Wide W ...
controls
*Changing settings for
Windows Firewall
*Changing UAC settings
*Configuring
Windows Update
Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers sof ...
*Adding or removing user accounts
*Changing a user's account name or type
*Turning on Guest account (Windows 7 to 8.1)
*Turning on network discovery, file and printer sharing, Public folder sharing, turning off password protected sharing or turning on media streaming
*Configuring Parental Controls (in Windows 7) or Family Safety (Windows 8.1)
*Running
Task Scheduler
*Backing up and restoring folders and files
*Merging and deleting network locations
*Turning on or cleaning logging in Remote Access Preferences
*Running Color Calibration
*Changing remote, system protection or advanced system settings
*Restoring backed-up system files
*Viewing or changing another user's folders and files
*Running
Disk Defragmenter
Disc or disk may refer to:
* Disk (mathematics), a two dimensional shape, the interior of a circle
* Disk storage
* Optical disc
* Floppy disk
Music
* Disc (band), an American experimental music band
* ''Disk'' (album), a 1995 EP by Moby
Other ...
,
System Restore
System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state (including system files, installed applications, Windows Registry, and system settings) to that of a previous point in time, which can be used ...
or
Windows Easy Transfer (Windows 7 to 8.1)
*Running
Registry Editor
*Running the
Windows Experience Index
The Windows System Assessment Tool (WinSAT) is a module of Microsoft Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, and Windows 11 that is available in the Control Panel (Windows), Control Panel under ''Performance Information an ...
assessment
*Troubleshoot audio recording and playing, hardware / devices and power use
*Change power settings, turning off Windows features, uninstall, change or repair a program
*Change date and time and synchronizing with an Internet time server
*Installing and uninstalling display languages
*Change
Ease of Access administrative settings
Common tasks, such as changing the time zone, do not require administrator privileges (although changing the system time itself does, since the system time is commonly used in security protocols such as
Kerberos). A number of tasks that required administrator privileges in earlier versions of Windows, such as installing critical Windows updates, no longer require administrator privileges in Vista. Any program can be run as administrator by right-clicking its icon and clicking "Run as administrator", except MSI or MSU packages as, due to their nature, if administrator rights will be required a prompt will usually be shown. Should this fail, the only workaround is to run a Command Prompt as an administrator and launch the MSI or MSP package from there.
Features
User Account Control asks for credentials in a ''Secure Desktop'' mode, where the entire screen is temporarily dimmed,
Windows Aero
Windows Aero (a backronym for ''Authentic, Energetic, Reflective, and Open'') is the design language introduced in the Microsoft Windows Vista operating system in 2006. The changes introduced by Windows Aero encompassed many elements of the Windo ...
disabled, and only the authorization window at full brightness, to present only the elevation user interface (UI). Normal applications cannot interact with the Secure Desktop. This helps prevent spoofing, such as overlaying different text or graphics on top of the elevation request, or tweaking the mouse pointer to click the confirmation button when that's not what the user intended. If an administrative activity comes from a minimized application, the secure desktop request will also be minimized so as to prevent the
focus
Focus (: foci or focuses) may refer to:
Arts
* Focus or Focus Festival, former name of the Adelaide Fringe arts festival in East Australia Film
*Focus (2001 film), ''Focus'' (2001 film), a 2001 film based on the Arthur Miller novel
*Focus (2015 ...
from being lost. It is possible to disable ''Secure Desktop'', though this is inadvisable from a security perspective.
In earlier versions of Windows, Applications written with the assumption that the user will be running with administrator privileges experienced problems when run from limited user accounts, often because they attempted to write to machine-wide or system directories (such as ''Program Files'') or registry keys (notably
HKLM).
UAC attempts to alleviate this using ''File and Registry Virtualization'', which redirects writes (and subsequent reads) to a per-user location within the user's profile. For example, if an application attempts to write to a directory such as "C:\Program Files\appname\settings.ini" to which the user does not have write permission, the write will be redirected to "C:\Users\username\AppData\Local\VirtualStore\Program Files\appname\settings.ini". The redirection feature is only provided for non-elevated 32-bit applications, and only if they do not include a manifest that requests specific privileges.
There are a number of configurable UAC settings. It is possible to:
*Require administrators to re-enter their password for heightened security,
*Require the user to press
Ctrl+Alt+Del as part of the authentication process for heightened security;
*Disable only file and registry virtualization
*Disable ''Admin Approval Mode'' (UAC prompts for administrators) entirely; note that, while this disables the UAC confirmation dialogs, it does not disable Windows' built-in
LUA feature, which means that users, even those marked as administrators, are still limited users with no true administrative access.
Command Prompt
A command-line interface (CLI) is a means of interacting with software via commands each formatted as a line of text. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user-friendly alternativ ...
windows that are running elevated will prefix the title of the window with the word "Administrator", so that a user can discern which instances are running with elevated privileges.
A distinction is made between elevation requests from a signed executable and an unsigned executable; and if the former, whether the publisher is 'Windows Vista'. The color, icon, and wording of the prompts are different in each case; for example, attempting to convey a greater sense of warning if the executable is unsigned than if not.
Internet Explorer 7
Windows Internet Explorer 7 (IE7) (codenamed Rincon) is a version of Internet Explorer, a web browser for Windows. It was released by Microsoft on October 18, 2006. It was the first major update to the browser since 2001. It does not support ve ...
's "Protected Mode" feature uses UAC to run with a 'low'
integrity level (a Standard user token has an integrity level of 'medium'; an elevated (Administrator) token has an integrity level of 'high'). As such, it effectively runs in a sandbox, unable to write to most of the system (apart from the Temporary Internet Files folder) without elevating via UAC.
Since toolbars and ActiveX controls run within the Internet Explorer process, they will run with low privileges as well, and will be severely limited in what damage they can do to the system.
Requesting elevation
A program can request elevation in a number of different ways. One way for program developers is to add a requestedPrivileges section to an XML document, known as the
manifest, that is then embedded into the application. A manifest can specify dependencies, visual styles, and now the appropriate security context:
Setting the level attribute for requestedExecutionLevel to "asInvoker" will make the application run with the token that started it, "highestAvailable" will present a UAC prompt for administrators and run with the usual reduced privileges for standard users, and "requireAdministrator" will require elevation. In both highestAvailable and requireAdministrator modes, failure to provide confirmation results in the program not being launched.
An executable that is marked as "
requireAdministrator
" in its manifest cannot be started from a non-elevated process using
CreateProcess()
. Instead,
ERROR_ELEVATION_REQUIRED
will be returned.
ShellExecute()
or
ShellExecuteEx()
must be used instead. If an
HWND
is not supplied, then the dialog will show up as a blinking item in the taskbar.
Inspecting an executable's manifest to determine if it requires elevation is not recommended, as elevation may be required for other reasons (setup executables, application compatibility). However, it is possible to programmatically detect if an executable will require elevation by using
CreateProcess()
and setting the
dwCreationFlags
parameter to
CREATE_SUSPENDED
. If elevation is required, then
ERROR_ELEVATION_REQUIRED
will be returned. If elevation is not required, a success return code will be returned at which point one can use
TerminateProcess()
on the newly created, suspended process. This will not allow one to detect that an executable requires elevation if one is already executing in an elevated process, however.
A new process with elevated privileges can be spawned from within a .NET application using the "
runas
" verb. An example using
C#:
System.Diagnostics.Process proc = new System.Diagnostics.Process();
proc.StartInfo.FileName = "C:\\Windows\\system32\\notepad.exe";
proc.StartInfo.Verb = "runas"; // Elevate the application
proc.StartInfo.UseShellExecute = true;
proc.Start();
In a native
Win32
The Windows API, informally WinAPI, is the foundational application programming interface (API) that allows a computer program to access the features of the Microsoft Windows operating system in which the program is running. Programs can acces ...
application the same "
runas
" verb can be added to a
ShellExecute()
or
ShellExecuteEx()
call:
ShellExecute(hwnd, "runas", "C:\\Windows\\Notepad.exe", 0, 0, SW_SHOWNORMAL);
In the absence of a specific directive stating what privileges the application requests, UAC will apply
heuristic
A heuristic or heuristic technique (''problem solving'', '' mental shortcut'', ''rule of thumb'') is any approach to problem solving that employs a pragmatic method that is not fully optimized, perfected, or rationalized, but is nevertheless ...
s, to determine whether or not the application needs administrator privileges. For example, if UAC detects that the application is a setup program, from clues such as the filename, versioning fields, or the presence of certain sequences of bytes within the executable, in the absence of a manifest it will assume that the application needs administrator privileges.
Security
UAC is a
convenience feature; it neither introduces a security boundary nor prevents execution of
malware
Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
.
Leo Davidson discovered that Microsoft weakened UAC in
Windows 7
Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on July 22, 2009, and became generally available on October 22, ...
through exemption of about 70 Windows programs from displaying a UAC prompt and presented a
proof of concept for a
privilege escalation
Privilege escalation is the act of exploiting a Software bug, bug, a Product defect, design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resource (computer science), resources that ar ...
.
Stefan Kanthak presented a proof of concept for a privilege escalation via UAC's installer detection and
IExpress installers.
Stefan Kanthak presented another proof of concept for
arbitrary code execution as well as privilege escalation via UAC's auto-elevation and binary planting.
Criticism
There have been complaints that UAC notifications slow down various tasks on the computer such as the initial installation of software onto
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
. It is possible to turn off UAC while installing software, and re-enable it at a later time. However, this is not recommended since, as
File & Registry Virtualization is only active when UAC is turned on, user settings and configuration files may be installed to a different place (a system directory rather than a user-specific directory) if UAC is switched off than they would be otherwise.
Also
Internet Explorer 7
Windows Internet Explorer 7 (IE7) (codenamed Rincon) is a version of Internet Explorer, a web browser for Windows. It was released by Microsoft on October 18, 2006. It was the first major update to the browser since 2001. It does not support ve ...
's "Protected Mode", whereby the browser runs in a sandbox with lower privileges than the standard user, relies on UAC; and will not function if UAC is disabled.
Yankee Group analyst Andrew Jaquith said, six months before Vista was released, that "while the new security system shows promise, it is far too chatty and annoying."
By the time Windows Vista was released in November 2006,
Microsoft
Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
had drastically reduced the number of
operating system
An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ...
tasks that triggered UAC prompts, and added file and registry virtualization to reduce the number of
legacy
Legacy or Legacies may refer to:
Arts and entertainment
Comics
* " Batman: Legacy", a 1996 Batman storyline
* '' DC Universe: Legacies'', a comic book series from DC Comics
* ''Legacy'', a 1999 quarterly series from Antarctic Press
* ''Legacy ...
applications that triggered UAC prompts.
However, David Cross, a product unit manager at Microsoft, stated during the
RSA Conference
The RSA Conference is a series of IT security conferences. Approximately 45,000 people attend one of the conferences each year. It was founded in 1991 as a small cryptography conference. RSA conferences take place in the United States, Europe, Asia ...
2008 that UAC was in fact designed to "annoy users," and force independent software vendors to make their programs more secure so that UAC prompts would not be triggered. Software written for
Windows XP
Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct successor to Windows 2000 for high-end and business users a ...
, and many peripherals, would no longer work in Windows Vista or 7 due to the extensive changes made in the introduction of UAC. The compatibility options were also insufficient. In response to these criticisms, Microsoft altered UAC activity in
Windows 7
Windows 7 is a major release of the Windows NT operating system developed by Microsoft. It was Software release life cycle#Release to manufacturing (RTM), released to manufacturing on July 22, 2009, and became generally available on October 22, ...
. For example, by default users are not prompted to confirm many actions initiated with the mouse and keyboard alone such as operating Control Panel applets.
In a controversial article,
New York Times
''The New York Times'' (''NYT'') is an American daily newspaper based in New York City. ''The New York Times'' covers domestic, national, and international news, and publishes opinion pieces, investigative reports, and reviews. As one of ...
Gadgetwise writer Paul Boutin said "Turn off Vista's overly protective User Account Control. Those pop-ups are like having your mother hover over your shoulder while you work." Computerworld journalist Preston Gralla described the NYT article as "...one of the worst pieces of technical advice ever issued."
See also
*
Comparison of privilege authorization features
*
Features new to Windows Vista
Compared with previous versions of Microsoft Windows, features new to Windows Vista are numerous, covering most aspects of the operating system, including Management features new to Windows Vista, additional management features, Security and saf ...
*
Polkit
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of ...
*
runas
*
Secure attention key (SAK)
*
Security and safety features new to Windows Vista
*
sudo
() is a shell (computing), shell command (computing), command on Unix-like operating systems that enables a user to run a program with the security privileges of another user, by default the superuser. It originally stood for "superuser do", a ...
– A similar feature in UNIX-like operating systems
References
External links
Turning UAC On or Offin Windows 7
Documentation about UAC for Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows VistaUAC Understanding and ConfiguringMore Information at Microsoft Technet
Development Requirements for User Account Control Compatibility More information at Microsoft Developer Network
UAC Team Blog
{{Windows Components
Microsoft Windows security technology
Windows Vista