User Account Control Overview for IT Professionals

  • Article

Applies To: Windows Server 2008 R2

User Account Control (UAC) helps prevent malicious programs, sometimes called malware, from damaging a computer and helps organizations deploy a better-managed desktop environment.

With UAC, applications and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the computer. UAC can block the automatic installation of unauthorized applications and prevent inadvertent changes to system settings.

How does UAC work?

There are two levels of users: standard users and administrators. Standard users are members of the Users group and administrators are members of the Administrators group on the computer.

Both standard users and administrators access resources and run applications in the security context of standard users by default. When a user logs on to a computer, the system creates an access token for the user. This access token contains information about the level of access that the user is granted, including specific security identifiers (SIDs) and Windows privileges. When an administrator logs on, two separate access tokens are created for the user: a standard user access token and an administrator access token. The standard user access token contains the same user-specific information as the administrator access token, but the administrative Windows privileges and SIDs are removed. The standard user access token can start standard user applications but cannot start applications that perform administrative tasks.

When the user needs to run applications that perform administrative tasks (administrator applications), the user is prompted to change or elevate the security context from a standard user to an administrator. This default user experience is called Admin Approval Mode. In this mode, applications require specific permission to run as an administrator application.

Note

The behavior of the UAC message can be changed by using Group Policy.

When designing an application, the software developer should identify the application as either an administrator application or a standard user application. If an application is not identified as an administrator application, Windows treats it as a standard user application. However, administrators can also mark an application to be treated as an administrator application.