User Account Control Overview
Updated: March 1, 2012
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Vista
User Account Control (UAC) is a security component that enables users to perform common tasks as nonadministrators—who are called "standard users" in this version of Windows—and as administrators, without having to switch users, log off, or use the Run as administrator command. A standard user account is similar to a user account in Microsoft Windows® XP. User accounts that are members of the local Administrators group run most applications as a standard user. Because it separates user functions and administrator functions while enabling productivity, UAC is an important enhancement for this version of Windows.
When an administrator logs on to a computer running this version of Windows, the user is assigned two separate access tokens. Windows uses access tokens, which contain a user's group membership, authorization data, and access control data, to control what resources and tasks the user can access. In some previous versions of Windows such as Windows XP, an administrator account received one access token, which included data to grant the user access to all Windows resources. This access control model did not include any fail-safe checks to make sure that the user truly wanted to perform a task that required his or her administrative access token. As a result, malicious software could install itself on a computer without notifying the user. This process is commonly referred to as "silent" installation. Because the user was an administrator, the malicious software could use the administrator's access control data to infect core operating system files. In some situations, the malicious software could become nearly impossible to remove, and it could cause even more damage.
The primary difference between a standard user and an administrator in this version of Windows is how much control they have over the computer. Administrators can change system state, turn off the firewall, turn off policy, install a service or a driver that affects every user on the computer, and so on. Administrators can install software for an entire computer. Standard users cannot change system state in this manner.