Help Desk

Computing & Information Services

Windows Vista User Account Control:

Why you need it, What it does and why it might make life difficult at first.

In the beginning: 

In the old days of Windows, the first user account created was the Administrative account, and, despite Microsoft's best intentions, this was often the only account people used.  Constantly running as the Administrative user meant that any virus you acidentally acquired had Administrative permissions to do whatever it liked to the operating system.

At the same time, with the knowledge that all use was Administrative, legitimate programs were coded specifically for the Administrative, rather than standard, user. Even workers are Microsoft are guilty of this transgression.

 Unfortunately, giving viruses and mal-ware such broad powers meant that about one-third of the time the only way to fix the system was to wipe and re-install the Windows OS. Clearly, this was rather inconvenient.  Thus, in an effort to stop these problems before they start, User Account Control (UAC) was born. 

A Star Is Born 

The fudamental idea that the first user created is the Administrative User has not changed. Instead, UAC creates another level of protection between the System and the User by making even the Administrator run as a Standard User.  Unlike old versions of Windows where you had to physically switch users to change your access level, UAC creates prompts which do the switching for you.  What that means is anytime you download something that will effect the entire system (for example, Adobe Flash Player 8), UAC tells you.  That way if you downloaded malware and it is trying to launch itself, you can shut that virus down. This also applies to cases where malware tries to turn your Antivirus off so it can kill your computer and steal your identity quietly. 

 To make sure you can tell the difference between a real UAC prompt and a fake one created by some virus to trick you into letting it run, the UAC prompt has a few distinct features. The most noticeable of these features causes the entire screen to go dark around the prompt, activating the Secure Desktop, in which only the prompt itself can be addressed. After you address the prompt, normal computing will resume.

The other useful element of the UAC is the color-coding of the prompts. Part of what UAC does is read the code and look for a specific sort of signature. Windows Apps will have a Windows-colored top bar and the language of the prompt will be pleasant. 

UAC Prompt at the lowest level.

 In an ideal world, UAC prompts would only appear when evil and insidious mal-ware was trying to destroy

your safe-computing bubble. However, since UAC is rather new this idealized experience has not yet occurred. As things stand, many applications might give a UAC Prompt of some sort as they evolve to be Vista-Compatible. The chart below offers an example of each sort of prompt and why it might occur.

An image from Microsoft of how their prompting works.

For more information on what causes which prompt and how to best configure UAC to suit your needs see Microsoft's Technet (the source of the above chart).

For a more visual experience, try this interview with UAC's Architect and Technical Program Manager

Contact Us