Introduction to User Account Control

  • Article

Can a popup put you in prison?

You love it, you hate it....ok, you may hate it, but....

You’ve seen it, or at least heard about it in Windows Vista: User Account Control or UAC (formerly known as LUA or Least Privileged User Account). With the release of Windows Vista, we hope that more and more ‘cyberholics’ will better appreciate this new feature.

There has been tons of speculation, concern and anxiety around how UAC will impact troubleshooting and workflow so I want to be sure everyone understands the basics and knows where to get more information. Much of this will be obtained in a well constructed UAC technical documentation released on the Microsoft TechNet portal. We would also like to recommend you read the Tim Sprinston’s blog, which provide unique perspective to have a good understanding to UAC:

https://blogs.technet.com/ad/archive/2007/01/29/i-ll-say-it-again-user-account-control.aspx.

Here is some data that you should keep in mind before deciding to turn UAC off!

  • UAC has the potential to reduce the operating system attack surface by 85%!
  • UAC goes through 3 checks for applications (in this order):

1. -Does it have an application compatibility database entry?

2. -Is it made for Vista by having a manifest?

3. -Is it a setup/install routine?

  • Interactive Users - All interactive users (except the built-in Administrator) will be affected. They will need to provide consent UI before running any application or task with administrative privileged.
  • Services, System Components, Built-in Administrator - Services, system components and the built-in administrator will not be impacted. However, changes may be needed to applications and tasks that manage components by marking these to require administrative privileges.
  • Built-in Administrator account is now disabled by default on new installs of Windows Vista (more information available @ https://blogs.msdn.com/windowsvistasecurity).