User Account Control in Windows Vista

Posted by: Suprotim Agarwal , on 5/8/2008, in Category Windows Vista
Views: 40386
Abstract: By now you must be familiar with the look and feel of Windows Vista. Vista users often encounter a rather annoying pop up box that appears while performing most of the tasks in Vista. In this article you would learn this new and exciting feature of Windows Vista called the User Account Control.
User Account Control
 
Microsoft has aimed at making Windows Vista more secure than its previous Operating Systems. And that is why in Vista, Microsoft has divided all the tasks you can perform into two sets, those that require administrative rights and the others that don’t. This was done to avoid any serious implications by any potential actions.
If your children also use your computer and you have configured their accounts as standard user account, then they cannot perform any actions that you don’t want them to do without your (administrator’s) permission or credentials.
Quiet similar to Windows XP, any user, standard or administrator can perform all the tasks in Windows Vista that do not require administrative rights. These tasks include launching applications, desktop settings, running Windows Update, changing Network settings and such other tasks. But when you try out some task that requires the administrator privileges, the system will compel you to enter the administrator credentials to be able to perform the same.
Standard Users are prompted with a User Account Control credentials dialog box, as shown in figure below.
UAC Credentials box
The dialog box requires you to enter password for the Administrator account that is already present on your system.
Administrators too receive a similar dialog box which is known as User Account Control consent dialog box, but administrators do not have to enter their credentials as they already have enough rights. The User Account Control consent dialog box looks like:
UAC Consent
So they just need to click on Continue to proceed.
If administrators do not have to enter their credentials to continue with the action, why is this dialog box prompted?
This is to avoid any unauthorized changes to the system. It may happen that you are working on your computer and this User Account Control dialog pops up all of a sudden on your screen, and you didn’t do anything, or may be you are connected to the internet and you get this dialog box; this would hint you that it could be a potential virus and you would not continue but cancel the process. So to avoid such likely threats, always enable User Account Control on your system. You have an option to disable User Account Control which will be covered later in this article.
NOTE: Whenever the above dialog boxes flash on your screen, your background will be grayed out and will be practically disabled, focusing on the credential or consent dialog boxes in the center of the screen. You are not allowed to continue working with anything else until you have responded to these dialog boxes one way or the other. This feature is called Secure Desktop, which will be covered in our future article.
EXTRAS: You may come across one more type of User Account Control dialog box that would pop up whenever you try to install a program that is not digitally signed or validated by its author. You may encounter this dialog box more often.
Configuring and Disabling User Account Control
Configuring UAC
You can configure User Account Control settings from the Local Security Settings management console. Since this console is hidden, you have to launch it by going onto the Start menu and type secpol.msc and press Enter. To access User Account Control settings expand the Local Policies and choose Security options. All the security options will be listed in the right pane in an ascending order. Scroll to the bottom of the list to find eight security options for User Account Control.
UAC Options
User Account Control attributes listed above figure are explained below:
1.    User Account Control: Admin Approval Mode for the Built-in-Administrator account – Toggles Admin Approval Mode for the built-in-administrator account.
2.    User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode – decides what type of prompt will be received by administrators while trying to perform admin-level task. Options available are Elevate without prompting, Prompt for credentials and Prompt for consent User Management. 
3.    User Account Control: Behavior of the elevation prompt for standard users – decides what type of prompt will be received by standard users while trying to perform admin-level task. Options available are Automatically deny elevation requests and Prompt for credentials.
4.    User Account Control: Detect application installations and prompt for elevation – decides whether application installs trigger User Account Control elevation dialog box.
5.    User Account Control: Only elevate executables that are signed and validated – decides whether signed and validate application installations generate a User Account Control elevation box.
6.    User Account Control: Run all administrators in Admin Approval Mode – decides whether all admin accounts run in Admin Approval Mode which generates User Account Control consent dialog box for admin-level tasks.
7.    User Account Control: Control Switch to the secure desktop when prompting for elevation – decides whether the secure desktop appears whenever a User Account Control prompt is initiated by the system.
8.    User Account Control: Virtualize file and Registry write failures to per-user locations – decides whether User Account Control virtualizes the Registry and file system for legacy applications that attempt to read or write from private parts of the system. Do not disable this option.
Disabling User Account Control
Though it is not recommended, you have an option of disabling User Account Control for all the users on a system. Go to Control Panel > User Accounts and Family Settings > User Accounts and select the option Change Security settings. Choose Turn User Account Control on or off. In this window un-check the box Use User Account Control (UAC) to help protect your computer to protect your system.
Disable UAC
Conclusion
In Windows Vista, Microsoft has added features to help users run their system more securely. One such feature is the User Account Control. I hope this article would help you protect your system from vulnerabilities. Another security feature called Parental Controls helps you make your system safe for use by children. Do check out a previous article on Parental Controls. I hope this article was useful and I thank you for viewing it.
If you liked the article,  Subscribe to my RSS Feed. 
Give a +1 to this article if you think it was well written. Thanks!
Recommended Articles
Suprotim Agarwal, ASP.NET Architecture MVP, MCSD, MCAD, MCDBA, MCSE, is the CEO of A2Z Knowledge Visuals Pvt. He primarily works as an Architect Consultant and provides consultancy on how to design and develop .NET centric database solutions.

Suprotim is the founder and primary contributor to DotNetCurry, DNC .NET Magazine, SQLServerCurry and DevCurry. He has also written an EBook 51 Recipes using jQuery with ASP.NET Controls. and authored a new one at The Absolutely Awesome jQuery CookBook.

Follow him on twitter @suprotimagarwal


Page copy protected against web site content infringement by Copyscape


User Feedback
Comment posted by gavin morris on Friday, November 14, 2008 7:11 PM
i like my user may i download for free
Comment posted by Jim on Monday, February 23, 2009 11:11 AM
UAC prevented me from doing rather normal things on my computer. So I disabled it. I have a non-Windows firewall, so I am not worried about Windows firewall updating with UAC off. The UAC implementation is poorly done. Its like someone heard a vague description of actual computer security, such as in Unix, then made a vague attempt to implement it in Vista. UAC is brokwen as far as I am concerned.
Comment posted by shivanan balgobin on Thursday, April 14, 2011 8:38 AM
i like this software

Comment posted by bandana on Saturday, May 14, 2011 3:04 PM
adobe flesh player is not run

Post your comment
Name:  
E-mail: (Will not be displayed)
Comment:
Insert Cancel