User Account Control

It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorises an increase or elevation.

In this way, only applications trusted by the user may receive administrative privileges and malware are kept from compromising the operating system.

This helps prevent spoofing, such as overlaying different text or graphics on top of the elevation request, or tweaking the mouse pointer to click the confirmation button when that's not what the user intended.

[14] In earlier versions of Windows, Applications written with the assumption that the user will be running with administrator privileges experienced problems when run from limited user accounts, often because they attempted to write to machine-wide or system directories (such as Program Files) or registry keys (notably HKLM).

[5] UAC attempts to alleviate this using File and Registry Virtualization, which redirects writes (and subsequent reads) to a per-user location within the user's profile.

The color, icon, and wording of the prompts are different in each case; for example, attempting to convey a greater sense of warning if the executable is unsigned than if not.

As such, it effectively runs in a sandbox, unable to write to most of the system (apart from the Temporary Internet Files folder) without elevating via UAC.

A manifest can specify dependencies, visual styles, and now the appropriate security context: Setting the level attribute for requestedExecutionLevel to "asInvoker" will make the application run with the token that started it, "highestAvailable" will present a UAC prompt for administrators and run with the usual reduced privileges for standard users, and "requireAdministrator" will require elevation.

[30] Stefan Kanthak presented another proof of concept for arbitrary code execution as well as privilege escalation via UAC's auto-elevation and binary planting.

[20] Yankee Group analyst Andrew Jaquith said, six months before Vista was released, that "while the new security system shows promise, it is far too chatty and annoying.

"[34] By the time Windows Vista was released in November 2006, Microsoft had drastically reduced the number of operating system tasks that triggered UAC prompts, and added file and registry virtualization to reduce the number of legacy applications that triggered UAC prompts.

For example, by default users are not prompted to confirm many actions initiated with the mouse and keyboard alone such as operating Control Panel applets.

In a controversial article, New York Times Gadgetwise writer Paul Boutin said "Turn off Vista's overly protective User Account Control.

User Account Control in Windows 10
User Account Control "Windows Security" alerts in Windows 11 in light mode. From top to bottom: blocked app , app with unknown publisher, app with a known/trusted publisher.