User Account Control (UAC) is a security feature in Windows 7 that helps protect users from unauthorized access to their computer. UAC is a part of the Windows 7 operating system and is enabled by default. UAC helps you to protect your computer by preventing unauthorized users from gaining access to your files, programs, and data. UAC also helps you to keep your computer running smoothly by preventing other users from changing or deleting files on your computer. To enable UAC on your computer, you must first be logged on as an administrator. To do this, open the Start screen and type “cmd” into the search bar. Then click on the “command prompt” icon that appears in the top left corner of the screen. Once you have opened the command prompt, type “net user” into the command prompt and press enter. This will start UAC on your computer. You can now use UAC to protect yourself from unauthorized users.

What is UAC?

UAC is a feature of Windows Vista and 7 designed to prevent unauthorized changes to your computer.  Recent versions of Linux and Mac OS X have similar prompts when changing settings or installing programs as well.  This is a crucial feature that makes your computer much more secure.

By default, even an administrator account in modern versions of Windows does not have full access to modify system settings and install programs.  Thus, if you try to install a program or change critical settings, you may see your desktop fade and show only a prompt window asking if you’re sure you want to do this.  This is a secure desktop, designed to prevent a program from automatically approving itself.

While this may simply seem like a nuisance, it actually protects your system from malicious programs.  For instance, if you inserted a flash drive that had a worm virus into your computer, it would attempt to automatically run and install on your computer without your knowledge.  UAC, however, would catch it, and ask you whether or not you wanted to install the program.  You could easily know that you did not want it since you did not initiate the install, and thus you would protect your computer and data.

What types of UAC prompts may I see?

The UAC prompt you see may vary depending on the program you are installing.  If you are installing or configuring a program that has been signed with a security certificate, the prompt may look something like this.  Notice that it shows the program’s name, publisher, and origin.

 

If you click Show details, you can see where the file is stored and can view its security certificate.

 

Unsigned applications may show a different UAC prompt.  It states that the publisher is unknown, and since it is unsigned there is no certificate to view.  Additionally, this prompt has a yellow banner which alerts that the program is from an unknown publisher.

If you’re using a standard account in Windows, then you will be required to enter the administrative password to accept a UAC prompt.

When will I see a UAC prompt?

Usually it is fairly easy to tell when you will see a UAC prompt.  First, installing or making changes to any application, or for that matter changing any file that is outside your User folder will require you to authenticate the changes.  Some older programs may actually require a UAC prompt each time they run; this will only occur if they change critical settings or store files in secure folders every time they run.  You may notice a shield icon on programs or installers that will launch a UAC prompt before running.

Windows Vista always created a UAC prompt whenever any Windows settings were changed.  In Windows 7, the default is to not prompt you when changes are made to Windows.  However, changing some critical settings, such as the UAC settings, will cause a prompt.  You can tell when an action will create a UAC prompt by the shield logo over the Ok button or beside its name.

Finally, you can choose to run any program in administrative mode.  This is helpful if, for instance, you need to change a setting via Command Prompt and need administrative privileges.  To launch a program in administrative mode, simply right-click on it’s icon and select “Run as Administrator.”  Doing this will always require accepting a UAC prompt.

How can I change UAC’s settings?

In Windows Vista, UAC had two settings: on and off.  Windows 7 offers more granular controls for UAC.  Simply type “UAC” into your start menu search, and select “Change User Account Control Settings” to change how UAC works on your computer.

This panel gives you direct controls on how UAC will work on your computer.  The default settings will notify you if programs try to make changes to your computer, but not if you change Windows settings.  As previously noted, changing certain Windows settings such as these UAC settings will still require approving a UAC prompt.

The top setting is the absolutely most secure, and is how UAC worked in Windows Vista.  It will notify you whenever any change is made to your computer, including changing any Windows settings.

The step down from the Windows 7 default settings is similar to the default settings in Windows 7, but will not dim the desktop when a UAC prompt comes up.  This may make your system less secure, as some malicious programs could automatically approve the UAC prompt when it is in this mode.

Or, if you wish to never see a UAC prompt, you can select the lowest setting.  This leaves your system settings similar to Windows XP, which never prompts when any changes are made or programs are installed.  We do not recommend this setting, but it is available if you want it.  If you do choose to turn off UAC, the changes will not take place until you have restarted your computer.

Conclusion

In our opinion, UAC is one of the best features in Windows Vista and 7 as it can keep your computer much more secure than it was in Windows XP and older versions.  UAC is also much less annoying in Windows 7, and you can adjust it to exactly the level of security you need.

Further reading:

Disable UAC in Windows Vista

Info about UAC from the Engineering Windows 7 Blog