User Account Control Overview
Published: August 15, 2012
Updated: August 31, 2012
Applies To: Windows 8, Windows Server 2012
User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of a malicious program.
UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any programs that are executed using Windows Explorer (for example, by double-clicking an application shortcut) also run with the standard set of user permissions. Many applications, including those that are included with the operating system itself, are designed to work properly in this way.
Other applications, especially those that were not specifically designed with security settings in mind, often require additional permissions to run successfully. These types of programs are referred to as legacy applications. Additionally, actions such as installing new software and making configuration changes to programs such as Windows Firewall, require more permissions than what is available to a standard user account.
When an applications needs to run with more than standard user rights, UAC can restore additional user groups to the token. This enables the user to have explicit control of programs that are making system level changes to their computer or device.
Admin Approval Mode in UAC helps prevent malicious programs from silently installing without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.
In Windows Server 2012 UAC functionality is improved to:
Allow a user with administrator privileges to configure the UAC experience in the Control Panel.
Provide additional local security policies that enable a local administrator to change the behavior of the UAC messages for local administrators in Admin Approval Mode.
Provide additional local security policies that enable a local administrator to change the behavior of the UAC messages for standard users.