User Account Control (UAC) is bound to be one of the more talked about features of Vista because it has a tendency to ‘get in your face’ with dialog windows every time you try to change or install something (see image below). Administrators will be quickly annoyed by this and likely look to disable it all together. Though it is easily turned off, before doing so, it’s best to know what the different options are, because you’ll want to find a balance between security and convenience.
UAC is a security system that tries to reduce the exposure to viruses and malware by having all users run in ‘standard user mode’, where they don’t have rights to install software by default. As a large percentage of virus and malware problems stem from a user knowingly or unknowingly installing something they shouldn’t have, preventing these installations helps keep the user safe. The concept isn’t new; in Windows XP users could be given ‘user’ rights, which prevented them from installing software as well. UAC basically gives more control over what a user can and cannot do, and makes it easier for an administrator to step in and assist in installing an approved application or a change to system.
There are a few ways to get to the settings that control UAC, all of them will require you be logged in with administrative privileges, the easiest is probably the ‘Local Security Policy’ editor. Click on the Start Menu, and in the search box type
secpol.msc and hit enter. This will result in UAC asking you for permission to start the application, which you will of course want to approve. When the window opens, you’ll want to go to the following location:
Security Settings/Local Policies/Security Options
Scroll to the bottom of the right-side window and you’ll see a number of entries that begin with ‘User account Control’. Here’s what they all do:
- Admin Approval Mode for the Built-in Administrator account
- To help protect administrators while doing non-administrative operations, the Windows Vista team has devised the Admin Approval Mode feature. This feature allows administrators to perform normal day-to-day tasks such as checking e-mail or browsing the Web while running with a standard user token. If administrator privileges are needed for an operation, the administrator will be notified and asked to provide either consent or credentials, depending on system policy settings. This is disabled by default for the built-in administrator account. ((http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx))
- Behavior of the elevation prompt for administrators in Admin Approval mode
- When a task that requires elevated privileges arises, an Admin by default is prompted for consent for the task to continue (simply asked to approve or deny the action). This behavior can be changed to ‘Elevate without prompting’, where no warning is presented, or ‘Prompt for credentials’, where the admin password is required to be entered.
- Behavior of the elevation prompt for standard users
- When a task that requires elevated privileges arises, an standard user is given an ‘access denied’ error in the enterprise version. This can be changed to be prompted for credentials for the task to continue (default for home version).
- Detect application installations and prompt for elevation
- Enabled by default in the home version, and disabled in the enterprise version, any time an application installation starts, the user will be prompted whether to allow it or not.
- Only elevate executables that are signed and validated
- Disabled by default, this policy will enforce PKI signature checks on any interactive application that requests elevation of privilege. Enterprise administrators can control the admin application allowed list thru the population of certificates in the local computers Trusted Publisher Store. ((http://blogs.msdn.com/uac/archive/2006/01/22/516066.aspx))
- Only elevate UIAccess applications that are installed in secure locations
- Enabled by default, only applications launched from the %Programfiles% or %windir% locations will be given privileges to run as the permissions in this location prevent the executables from being user-modifiable, and therefore more safe.
- Run all administrators in Admin Approval Mode
- To help protect administrators while doing non-administrative operations, the Windows Vista team has devised the Admin Approval Mode feature. This feature allows administrators to perform normal day-to-day tasks such as checking e-mail or browsing the Web while running with a standard user token. If administrator privileges are needed for an operation, the administrator will be notified and asked to provide either consent or credentials, depending on system policy settings. This is enabled by default (note the first setting was to disable it for the built-in administrator account). ((http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx))
- Switch to the secure desktop when prompting for elevation
- By default when User Account Control prompts appear, the rest of the screen is darkened. The prompts are being displayed in the Secure Desktop mode. The same mode you see when you log on or press CTL+ALT+DELETE. Displaying User Account Control elevation dialogs on the Secure Desktop helps protect the user from unknowingly allowing a program to run with elevated privileges without their consent. Without this protection, it is much easier to create malware that tricks the user into approving an elevation request prompt that they really wanted to deny. The Secure Desktop helps protect against this because other software running on the machine is blocked from interacting with the user’s interface. ((http://technet.microsoft.com/en-us/windowsvista/aa906021.aspx))
- Virtualize file and registry write failures to per-user locations
- Enabled by default, this policy allows non-Vista compliant applications to run properly by redirecting registry and file system writes that assume administrative access.
Since UAC is there to try and protect you, it’s probably best to only disable those features that you really must. Again, this is a balancing act between security and convenience, so simply disabling them all doesn’t take advantage of the extra protection you can gain by having them in place. Weigh your options carefully, as they may either give you or save you from headaches in the future!