User Account Control (UAC) is a collection of features
designed to improve your computer’s security and better protect it from
malicious programs. UAC fundamentally changes the way Windows 7
works.For Windows 7, there are significant changes to UAC as originally
implemented in Windows Vista. You can now control exactly how UAC works.
Before I discuss how to do this, let’s first look at the way UAC works in
a standard configuration.
1. User Accounts and Permissions
Windows 7 has two general types of user accounts:
Standard users
can perform any general computing tasks, such as starting programs,
opening documents, and creating folders, as well as any support tasks
that do not affect other users or the security of the computer.
Administrators, on the other hand, have complete access to the computer
and can make changes that affect other users and the security of the
computer.
Unlike Windows XP and earlier releases of Windows, Windows 7 makes
it easy to determine which tasks standard users can perform and which
tasks administrators can perform. You may have noticed the multicolored
shield icon, shown in Figure 1, next to certain
options in Windows 7’s windows, wizards, and dialog boxes. This is the
Permissions icon. It indicates that the related option requires
administrator permissions to run.
2. Permission and Consent Prompting
In Windows 7, regardless of whether you are logged on as a
standard user or as an administrator, you see a UAC prompt by default
when programs try to make changes to your computer and when you try to
run certain privileged applications. Computers can also be configured to
prompt you whenever you make changes to Windows settings. The standard
way the prompt works depends on whether you are logged on with a standard user account or with an
administrator account.
If you are logged on with a standard user account, you are
prompted to provide administrator credentials, as explained here and shown in Figure 2:
On most personal or small office computers, the prompt lists
each local computer Administrator account by name. To proceed, you
must click an account, type the account’s password, and then click
OK.
If you log into a domain, the prompt shows the logon domain
and provides username and password boxes. To proceed, you must enter
the name of an administrator account, type the account’s password,
and then click OK.
If you are logged on with an administrator account, you are
prompted for consent to continue, as shown in Figure 3. The consent prompt works the
same regardless of whether you are connected to a domain.
3. Elevation and the Secure Desktop
The process of getting a user’s approval prior to running an
application in administrator mode and prior to performing actions that
change system-wide settings is known as elevation. Elevation
enhances security by reducing the exposure and attack surfaces of the
operating system. It does this by providing notification when you are
about to perform an action that could affect system settings, such as
installing an application, and eliminating the ability for malicious
programs to invoke administrator privileges without your knowledge and
consent.
Prior to elevation and display of the UAC prompt, Windows 7 does
several things in the background. The key thing you should know is that
by default Windows 7 switches to a secure, isolated desktop prior to displaying the prompt.
The purpose of switching to the secure desktop is to prevent other
processes or applications from providing the required permissions or
consent. All other running programs and processes continue to run on the
interactive user desktop—only the prompt itself runs on the secure
desktop.
Elevation, permission/consent prompts, and the secure desktop are
the key aspects of UAC that affect you the most. As you can see, they
have a measurable impact on the way Windows 7 works. Due to these UAC
features:
User accounts are not used in the same way as they are in
Windows XP.
Applications do not run in the same way as they do in Windows
XP.
Most configuration tasks are not performed in the same way as
they are in Windows XP.
Although these features have a far-reaching impact on the way you
use Windows 7, they enhance security and provide your computer with
better protection from malicious programs. If you use these features as
they are intended to be used, your computer will be protected from many
types of malicious programs.
4. Configuring and Tuning UAC
In Windows 7, UAC differentiates between changes to
Windows settings and changes to the operating system made by programs
and devices. Because of this, you can fine-tune the way UAC works so
that you are notified about only particular types of changes. For
example, most of the time you’ll want to know only when programs
are trying to install themselves or make changes to the operating system
and won’t want to be prompted every time you try to change Windows
settings. In the revised UAC as implemented in Windows 7, you can now do
this. You also can configure UAC so the secure desktop is not used. You also can
manage UAC through policy settings under Security Settings->Local
Policies->Security Options.
On most personal or small office computers, you can fine-tune UAC
by following these steps:
In Control Panel, click System and Security and then click the
Change User Account Control Settings link under the Action Center
heading.
On the User Account Control Settings page, shown in Figure 4, use the slider provided to choose when
to be notified about changes to the computer. Your options and my
recommendations (which differ somewhat from Microsoft’s
recommendations) are:
- Always notify
Always notifies you when programs try to install
software or make changes to the computer and when you change
Windows settings. You should choose this option when a
computer requires the highest security possible and you
frequently install software and visit unfamiliar
websites.
- Default—notify me only when programs try to make changes
to my computer
Notifies you only when programs try to make changes to
the computer and not when you change Windows settings. You
should choose this option when a computer requires high
security and you want to reduce the number of notification
prompts.
- Notify me only when programs try to make changes to my
computer (do not dim my desktop)
Works the same as Default but also prevents User Account
Control from switching to the secure desktop. You should
choose this option when you work in a trusted environment with
familiar applications and do not visit unfamiliar websites.
You may also want to use this option when it takes a long time
for your computer to switch to the secure desktop.Never notify
Turns off all User Account Control notification prompts.
You should choose this option when security is not a priority
and you work in a trusted environment.
Click OK. If you selected Never Notify, you will need to
restart your computer for this change to take effect.
NOTE
Depending on the current configuration of UAC, you may be
prompted for permissions or consent, as discussed previously. Because
this is an inherent part of the user interface and a feature that you
can enable or disable, I will not mention each time the prompt is
displayed. Rather, I assume that you provide the permissions or
consent as required.
On a computer that is logged into a domain, you may not be able to manage UAC using this
technique. Though you may be able to configure individual UAC features
through policy settings, these features will more than likely be set so
that you cannot configure them.
