- Great Painters
- Accounting
- Fundamentals of Law
- Marketing
- Shorthand
- Concept Cars
- Videogames
- The World of Sports

- Blogs
- Free Software
- Google
- My Computer

- PHP Language and Applications
- Wikipedia
- Windows Vista

- Education
- Masterpieces of English Literature
- American English

- English Dictionaries
- The English Language

- Medical Emergencies
- The Theory of Memory
- The Beatles
- Dances
- Microphones
- Musical Notation
- Music Instruments
- Batteries
- Nanotechnology
- Cosmetics
- Diets
- Vegetarianism and Veganism
- Christmas Traditions
- Animals

- Fruits And Vegetables


  1. Architecture of Windows NT
  2. AutoPlay
  3. Bill Gates
  4. BitLocker Drive Encryption
  5. Calibri
  6. Cambria
  7. Candara
  8. Chess Titans
  9. ClearType
  10. Consolas
  11. Constantia
  12. Control Panel
  13. Corbel
  14. Criticism of Windows Vista
  15. Dashboard
  16. Desktop Window Manager
  17. Development of Windows Vista
  18. Digital locker
  19. Digital rights management
  20. Extensible Application Markup Language
  21. Features new to Windows Vista
  22. Graphical user interface
  23. Group Shot
  24. ImageX
  25. INI file
  26. Internet Explorer
  27. Internet Information Services
  28. Kernel Transaction Manager
  29. List of Microsoft software codenames
  30. List of Microsoft Windows components
  31. List of WPF applications
  32. Luna
  33. Mahjong Titans
  34. Meiryo
  35. Microsoft Assistance Markup Language
  36. Microsoft Expression Blend
  37. Microsoft Expression Design
  38. Microsoft Gadgets
  39. Microsoft Software Assurance
  40. Microsoft Virtual PC
  41. Microsoft Visual Studio
  42. Microsoft Windows
  43. Microsoft Windows Services for UNIX
  44. MS-DOS
  45. MSN
  46. MUI
  47. Object manager
  48. Operating system
  49. Original Equipment Manufacturer
  50. Outlook Express
  51. Peer Name Resolution Protocol
  52. Protected Video Path
  53. Purble Place
  54. ReadyBoost
  55. Recovery Console
  56. Remote Desktop Protocol
  57. Security and safety features of Windows Vista
  58. Segoe UI
  59. User Account Control
  60. WIM image format
  61. Windows Aero
  62. Windows Anytime Upgrade
  63. Windows Calendar
  64. Windows CE
  65. Windows Communication Foundation
  66. Windows Disk Defragmenter
  67. Windows DreamScene
  68. Windows DVD Maker
  69. Windows Explorer
  70. Windows Fax and Scan
  71. Windows Forms
  72. Windows Fundamentals for Legacy PCs
  73. Windows Hardware Engineering Conference
  74. Windows Live
  75. Windows Live Gallery
  76. Windows Live Mail Desktop
  77. Windows Mail
  78. Windows Media Center
  79. Windows Media Player
  80. Windows Meeting Space
  81. Windows Mobile
  82. Windows Movie Maker
  83. Windows Photo Gallery
  84. Windows Presentation Foundation
  85. Windows Registry
  86. Windows Rights Management Services
  87. Windows Security Center
  88. Windows Server Longhorn
  89. Windows Server System
  90. Windows SharePoint Services
  91. Windows Shell
  92. Windows Sidebar
  93. Windows SideShow
  94. Windows System Assessment Tool
  95. Windows System Recovery
  96. Windows Update
  97. Windows Vienna
  98. Windows Vista
  99. Windows Vista editions and pricing
  100. Windows Vista Startup Process
  101. Windows Workflow Foundation
  102. Windows XP
  103. Windows XP Media Center Edition
  104. XML Paper Specification
  105. Yahoo Widget Engine

This article is from:

All text is available under the terms of the GNU Free Documentation License: 

User Account Control

From Wikipedia, the free encyclopedia

UAC dialog for administrators
UAC dialog for administrators
User Account Control dialog for non-administrators
User Account Control dialog for non-administrators
Operating system commands or actions that require administrator rights (and thus will trigger UAC) are marked with a security shield
Operating system commands or actions that require administrator rights (and thus will trigger UAC) are marked with a security shield

User Account Control (UAC) is a technology and security infrastructure introduced with Microsoft's Windows Vista operating system. It aims to improve the experience of using Windows as a standard user.


Before Windows XP was released, previous versions of Windows targeted at the consumer audience, such as Windows 95, 98 and ME, were all operating systems where the user had super user rights despite multi-user capabilities. Windows XP on the other hand was a multi-user operating system based on Windows NT. This allowed for different user levels and permissions.

However, in Windows XP the first user created when installing the operating system is given administrative privileges by default. As such, most users would use this account for everyday use. This ensured that all software, including malware, was also running with administrator privileges as well, thereby giving it full access to the operating system.

Unfortunately, most legacy applications and even new applications were or are not designed to work without full administrator privileges.[citation needed] Running these as a standard user or even as a power user could lead to errors or strange behavior. As such, it was often normal practice to give users full Administrator access when running normally.

With Windows Vista, actions that can affect the security and stability of the operating system require the input of an administrator name and password before they are executed. If the user is an administrator, no password is needed; instead, a dialog is shown with the choices to allow or deny the action.

When logging into Windows Vista as a standard user, a logon session is created and a token containing only the most basic privileges is assigned. In this way, the new logon session is incapable of making changes that would affect the entire system. When logging in as a user in the Administrators group however, two separate tokens are assigned. The first token contains all privileges typically awarded to an administrator, and the second is a restricted token similar to what a standard user would receive. User applications, including the Windows Shell, are then started with the restricted token resulting in a reduced privilege environment even under an Administrator account. When an application requests elevation or is run as administrator UAC will prompt for confirmation and, if consent is given, start the process using the unrestricted token.[1]

User Account Control asks for credentials in a Secure Desktop mode, where the entire screen is blacked out and temporarily disabled and only the authorization window is enlightened, to present only the elevation UI. This is to prevent spoofing of the UI or the mouse by the application requesting elevation.[2] If an administrative activity comes from a minimized application, the secure desktop request will also be minimized so as to prevent the focus from being lost.

In Windows Vista, common tasks, such as changing the time zone, do not require administrator privileges.[3] UAC also provides file and registry virtualization to allow poorly designed applications to run as a standard user.

Additionally, command prompt windows that are running elevated will prefix the title of the window with the word "Administrator", so that a user may discern which command prompts are running with elevated privileges.[4]

There are a number of configurable UAC settings. It is possible to:[5]

  • Require administrators to re-enter their password for heightened security
  • Require the user to press Ctrl+Alt+Del as part of the authentication process for heightened security
  • Disable Admin Approval Mode (UAC prompts for administrators) entirely

It has been accepted that having UAC enabled at all times can help secure the operating system, especially when browsing web sites that may pose a potential security threat, however there have been complaints that UAC notifications slow down various tasks on the computer such as the initial installation of software onto Windows Vista. It is therefore possible to turn off this feature whilst installing risk free software and preferably not being connected to the internet and then re enabling UAC afterwards.[6]

Requesting elevation

A program can request elevation in a number of different ways. One way is to add a requestedPrivileges section to an XML document, known as the manifest, that is then embedded into the application. A manifest can specify dependencies, visual styles, and now the appropriate security context:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">

  <v3:trustInfo xmlns:v3="urn:schemas-microsoft-com:asm.v3">



        <v3:requestedExecutionLevel level="highestAvailable" />





Setting the level attribute for requestedExecutionLevel to "asInvoker" will make the application run with the token that started it, "highestAvailable" will present a UAC prompt for administrators and run with the usual reduced privileges for standard users, and "requireAdministrator" will require elevation.[7]

To spawn a new process with elevated privileges from within a .NET application you can use the "runas" verb. An example using C++/CLI:

System::Diagnostics::Process^ proc = gcnew System::Diagnostics::Process();

proc->StartInfo->FileName = "C:\\Windows\\system32\\notepad.exe";

proc->StartInfo->Verb = "runas"; // Elevate the application


In a native Win32 application the same "runas" verb can be added to a ShellExecute() call.[1]

::ShellExecute(0, "runas", "C:\\Windows\\Notepad.exe", 0, 0, SW_SHOWNORMAL);

See also

  • Comparison of privilege authorization features
  • Features new to Windows Vista
  • Security and safety features of Windows Vista
  • List of Windows Vista topics


  1. ^ a b Kenny Kerr (2006-09-29). Windows Vista for Developers Part 4 User Account Control. Retrieved on 2007-03-15.
  2. ^ User Account Control Prompts on the Secure Desktop. UACBlog. MSDN Blogs (2006-05-03). Retrieved on 2007-02-25.
  3. ^ Allchin, Jim (2007-01-23). Security Features vs. Convenience. Windows Vista Team Blog. Microsoft. Retrieved on 2007-03-04.
  4. ^ Administrator Marking for Command Prompt. UACBlog. MSDN Blogs (2006-08-01). Retrieved on 2006-08-07.
  5. ^ Chapter 2: Defend Against Malware. Windows Vista Security Guide. Microsoft (2006-11-08). Retrieved on 2007-03-15.
  6. ^ Disabling the UAC feature (2007-03-10). Retrieved on 2007-03-10.
  7. ^ Mike Carlisle (2007-03-10). Making Your Application UAC Aware. The Code Project. Retrieved on 2007-03-15.

External links

  • User Account Control Information at Microsoft TechNet
  • UAC Team Blog
  • Preview of User Account Control in Windows Vista Beta 2
  • UAC The Good and The Bad (Joanna Rutkowska -
  • What triggers User Account Control prompts?
  • Security Features vs. Convenience
Retrieved from ""