Understanding Vista's UAC (User Access Control)

  • Article

It was one of the features I definitely "hated" at first, but after some insight by fellow Microsoft employees I have understood and actually applauded the UAC. It is common for Windows users for things to just work, just double-click. Unless something is going to go incredibly wrong (like I will format my C drive) I will get my way around things.  Users used to get shocked if they ever saw an on-screen warning, now most of them just click "OK" to get on with whatever they were doing. User-mode and kernel-mode mean very little to most people. We will get around what a superuser is, what user-mode and kernel-mode mean, and how the UAC helps you (the user) protect your assets (i.e. PC)

What is a superuser?

A superuser is a special user account, this account has basically unrestricted access to the system. In Unix/Linux it is known as the Root user. In Linux/Unix you get a lot of messages telling you that you are running as ROOT and should change accounts, and the messages let you know damage or impair your system permanently.

What is an administrator?

An administrator account, as it is know in Windows (since Windows NT), is almost a ROOT account except that some of the privileges were part of the Local System account. In Windows XP, if you add yourself to the Administrator group, then you are a pseudo-superuser. (https://en.wikipedia.org/wiki/Superusers)

What does this have to do with the UAC?

UAC helps you, the user, identify when a software is requiring superuser access. (https://en.wikipedia.org/wiki/User_Account_Control)

Why does this "help" me in any way?

In favor of user-friendliness, the Windows OS took risks upon itself which have been the user's responsibility all along, this is where UAC steps in. There is one thing that is familiar to most Linux/Unix users, sudo. Both the UAC and sudo serve the same purpose, let you conciously know that you are changing something in your system that can harm or change it in ways that are fundamental to its operation.

Why do I get this prompt for almost everything?

Most software vendors are not aware of the differences in superuser and user operation. We are used to having access to everything in our system, and we rightfully do. We should know when that new game we bought wants to install a new driver, or when that antivirus we bought wants to modify a file that belongs to the system. The answer is that most Windows applications are not used to having restrictions, hence most people perceive other versions of the Windows OS as the "most compatible". This is true in the measure that software providers and developers are not aware of user-mode software.

What should I do?

  1. Remove yourself from the administrator group, it is not needed on 99% of the time. Make sure you have an account with administrator access and that you know its username and password. Do not use that account to log on a daily basis.
  2. Enable UAC, if you disabled it. 
  3. Write down those common applications that you use that need administrator access. Learn to use the runas command. (https://technet.microsoft.com/en-us/library/bb490994.aspx) or open an administrator command promt (Right-click-> Run as Administrator...) and use the command lines for those applications. You can alternately make desktop shortcuts with the Runas command.
  4. Write to your software vendor and tell them to start providing user-mode software which is more secure.