Why is User Account Control necessary?
Applies To: Windows Server 2008 R2
The most important rule for controlling access to resources is to provide the least amount of access privileges required for users to perform their daily tasks. Many tasks do not require administrator privileges. However, because previous versions of Windows created all user accounts as administrators by default, users logged on to their computers with an administrator account. Without User Account Control (UAC), when a user is logged on as an administrator, that user is automatically granted full access to all system resources.
However, most users do not require such a high level of access to the computer. Often users are unaware that they are logged on as an administrator when they browse the Web, check e-mail, and run software. While logging on with an administrator account enables a user to install legitimate software, the user can also unintentionally or intentionally install a malicious program. A malicious program installed by an administrator can fully compromise the computer and affect all users.
With the introduction of UAC, the access control model changed to help mitigate the impact of a malicious program. When a user attempts to start an administrator application, the User Account Control dialog box asks the user to click Yes or No before the user's full administrator access token can be used. If the user is not an administrator, the user must provide an administrator's credentials to run the program.
Because UAC requires an administrator to approve application installations, unauthorized applications cannot be installed automatically or without the explicit consent of an administrator.