When you try to install software or make certain changes on your computer, you might see a window like this:
This is from the UAC (User Account Control) feature on Windows. Let's take a look at what UAC is and why it's important to keep enabled.
What Is UAC?
UAC is a security feature first introduced in Windows Vista. In essence, it allows you to prevent applications from gaining administrative rights until and unless they actually require them. It also allows you to provide admin rights from any user account.
We can learn more about why UAC exists and how it works by examining the history of this feature. Then we'll look at what it does in modern versions of Windows.
The History of UAC
Windows XP had two main types of user accounts: Administrator and Standard. Administrators had rights to do everything on the computer, including installing software, changing system settings, adding accounts, and more.
Standard accounts didn't have these privileges. They could still make small changes, such as modifying their wallpaper and own password, but didn't have control over installing/removing software and other admin tasks.
Because many Windows XP programs were written to only work if the user had admin rights, a lot of software would often simply refuse to run on Standard accounts. Thus, on XP it was common for users to run an Administrator account for everything to avoid the hassles of switching back and forth.
However, this was a major security risk. While using an admin account on Windows XP, everything that wanted to run with admin rights did so without your confirmation. Because of this, an attack could compromise an admin account without you knowing and gain full access to the system.
UAC in Windows Vista
To remedy this issue, Microsoft included the UAC feature in Vista. No matter whether you were using an Administrator or Standard account, you would see a prompt to confirm actions that required admin rights. These include adding a new account, uninstalling software, changing the clock, and similar.
Administrators can simply click Yes to allow these changes, while Standard accounts have to enter an administrator's username and password.
While this was a good step and solved many of XP's security problems, Vista's initial implementation was too heavy-handed. It displayed prompts to confirm nearly every action you took, which became grating for many users. This lead to some turning the feature off, defeating its purpose entirely.
Apple mocked this feature in one of its "Mac vs. PC" commercials.
What Is UAC Good For?
UAC is still present in Windows 7 and newer versions, but it's significantly less annoying.
By default, when you're logged into an admin account, it only prompts you to confirm changes related to software and system-wide changes. Minor adjustments, like changing the clock or adding a printer, don't require confirmation for an admin, but still do for a standard account.
Further, UAC displays its prompts in a few different colors depending on what's requesting access:
- A blue prompt signifies a trusted app, such as when running the Command Prompt as an administrator.
- A yellow prompt means the program's publisher is unknown. This may or not be safe to run, depending on the software.
- Red prompts signify blocked programs that Windows has identified as dangerous.
After reviewing its history, you might wonder what the point of UAC is. As it turns out, there are two main advantages.
Limit Standard Accounts Without Having to Switch
It's considered good security practice to use a standard account in your day-to-day computer use. Without admin rights, you have a smaller chance of running into an exploit that abuses them. But it's also inconvenient to switch to an admin account every time you need to make a change.
UAC allows any user on the computer to run programs with admin rights when needed. When a standard user tries to make a system change or install software, they'll see a prompt to enter an admin password. This allows an IT administrator or other trusted entity to authorize the action without having to log into another account.
Meanwhile, standard accounts can still perform actions that don't require authentication. This keeps the overall system safer and doesn't have the Windows XP problem of making Standard accounts mostly useless.
Confirmation as an Admin
Even when you're logged in as an admin, you're technically running programs as a standard user thanks to UAC. Any program that wants to run as an admin has to ask you first, which results in you seeing a UAC prompt.
An administrator only has to click Yes to authorize these, as opposed to entering an admin username and password. This isn't as secure, but still solves the Windows XP problem of programs being able to do whatever they want without asking you.
You can check UAC on your system by searching for UAC on the Windows Start Menu. Click Change User Account Control Settings to open its dialog.
This lets you choose from four different levels. From top to bottom, these are (as an administrator):
- Always notify: This is similar to Windows Vista's behavior. It will ask you for confirmation when apps try to make changes to your computer and when you make changes to Windows settings.
- This offers maximum security, but will likely annoy you with the amount of prompts it displays.
- Default: The standard setting warns you when apps request admin permissions, but not when you make changes to Windows settings.
- This is a good balance for most users.
- No dimming: By default, UAC dims your desktop when it displays a prompt. You can keep UAC on but disable this dimming with this option.
- This isn't usually a good idea, as it makes the security prompt less clear.
- Never notify: This disables UAC completely and never asks you for confirmation. As it's essentially the Windows XP model, this is not recommended for two reasons.
- First, it allows any software to make changes without prompting you, which is dangerous.
- Second, it won't display a UAC prompt when a Standard account tries to make a change. These requests will simply fail with no confirmation.
For our clients, we enable and monitor UAC to improve overall security and prevent viruses and malware from running unrestricted.
Hopefully after walking through the history and reasoning behind UAC, you now understand why it's such an important feature. Managing access to administrator rights helps keep Windows safe by making sure that access doesn't fall into the hands of someone (or some software) that doesn't need it.
UAC is a good example of the principle of least privilege, which states that for security purposes, every process, user, and program should not have more permissions than it needs. This helps keep everything straight and secure, especially in business environments with many users and computers in use.