Understanding User Account Control
Applies To: Windows 7, Windows Server 2008 R2
User Account Control (UAC) is a feature in Windows that can help prevent unauthorized changes to your computer. UAC does this by asking you for permission or an administrator password before performing actions that could potentially affect your computer's operation or change settings that affect other users.
When you see a UAC message, read it carefully, and then make sure the name of the action or program that's about to start is one that you intended to start. By verifying these actions before they start, UAC can help prevent malicious software (malware) from installing itself or making changes to your computer without permission.
When your permission or password is needed to complete a task, UAC will alert you with one of the following messages:
Windows needs your permission to continue. A Windows function or program that can affect other users of this computer needs your permission to start. Check the name of the action to ensure that it's a function or program you want to run.
A program needs your permission to continue. A program that's not part of Windows needs your permission to start. It has a valid digital signature indicating its name and its publisher, which helps to ensure that the program is what it claims to be. Make sure that this is a program that you intended to run.
An unidentified program wants access to your computer. An unidentified program is one that doesn't have a valid digital signature from its publisher to ensure that the program is what it claims to be. This doesn't necessarily indicate malicious software, as many older, legitimate programs lack signatures. However, you should use extra caution and only allow this program to run if you obtained it from a trusted source, such as the original CD or a publisher's Web site.
This program has been blocked. This is a program that your administrator has specifically blocked from running on your computer. To run this program, you must contact your administrator and ask to have the program unblocked.
Using standard user accounts
We recommend that you log on to your computer with a standard user account most of the time. You can browse the Internet, send e-mail, and use a word processor, all without an administrator account. When you want to perform an administrative task, such as installing a new program or changing a setting that will affect other users, you don't have to switch to an administrator account. Windows will prompt you for permission or an administrator password before performing the task.
To help protect your computer, you can create standard user accounts for all users who share the computer. When someone who has a standard account tries to install software, Windows will ask for an administrator account's password so that software cannot be installed without your knowledge and permission.
Using administrator accounts
Users who log on with an administrator account may still experience UAC prompts, if Admin Approval Mode is configured in Group Policy. Admin Approval Mode helps prevent malicious software from silently installing itself without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.
|If Admin Approval Mode mode is configured, administrators may experience problems completing tasks from the command line. To avoid these problems, open an administrative Command Prompt window or use the Runas command-line tool to complete your task.|
Understanding and Configuring User Account Control in Windows Vista (http://go.microsoft.com/fwlink/?LinkID=79026)
Runas (http://go.microsoft.com/fwlink/?LinkId=135920) in the command-line tool reference