Windows 7 / Security and Privacy

How UAC Works

Every user, whether configured as a standard user or an administrator, can perform any of the tasks in Windows 7 that do not require administrator privileges, just as they did in Windows XP. (The problem with XP, from a security standpoint, of course, is that all tasks were denoted as not requiring administrative privileges.) You can launch applications, change time zone and power-management settings, add a printer, run Windows Update, and perform other similar tasks. However, when you attempt to run a task that does require administrative privileges, the system will force you to provide appropriate credentials in order to continue. The experiences vary a bit depending on the account type. Predictably, those who log on with administrator-class accounts experience a less annoying interruption.

Standard users receive a User Account Control credentials dialog. This dialog requires you to enter the password for an administrator account that is already configured on the system. Consider why this is useful. If you have configured your children with standard user accounts (as, frankly, you should if you're going to allow them to share your PC), then they can let you know when they run into this dialog, giving you the option to allow or deny the task they are attempting to complete.

Administrators receive a simpler dialog, called the User Account Control consent dialog. Because these users are already configured as administrators, they do not have to provide administrator credentials. Instead they can simply click Yes to keep going.

Tip By default, administrators using Windows 7 are running in an execution mode called Admin Approval Mode. This is why you see consent dialogs appear from time to time even though you're using an administrator-type account. You can actually disable this mode, making administrator accounts work more like they did in XP, without any annoying dialogs popping up (something that was not possible in Vista). However, understand that disabling Admin Approval Mode could open up your system to attack. If you're still interested in disabling this feature, or disabling User Account Control, you will learn how at the end of this section.

Tip Conversely, those running with administrative privileges who would like Windows 7 to be even more secure-and really, why aren't there more people like you in the world?-can also configure the system to prompt with a User Account Control credentials dialog (which requires a complete password) every time they attempt an administrative task. This option is also discussed shortly.

The presentation of these User Account Control dialogs can be quite jarring if you're not familiar with the feature or if you've just recently switched to Windows 7 from XP. (Vista users are very well accustomed to this effect.) If you attempt to complete an administrative task, the screen will flash, the background will darken, and the credentials or consent dialog will appear somewhere onscreen. Most important, the dialogs are modal: you can't continue doing anything else until you have dealt with these dialogs one way or the other.

The screen darkening and modal nature of the UAC prompts indicate that Vista has moved into the so-called secure desktop, which is a special, more secure display mode that Microsoft also uses during logon and when you access the Ctrl+Alt+Delete screen. It's possible to configure UAC to work without the secure desktop, but this is not recommended because UAC dialogs could be spoofed by malicious hackers if you do so. You'll examine various UAC configuration options later in this tutorial, including the removal of the secure desktop.

There's also a third type of User Account Control dialog that sometimes appears regardless of which type of user account you have configured. This dialog appears whenever you attempt to install an application that has not been digitally signed or validated by its creator. These types of applications are quite common especially when you're initially configuring a new PC. Over time, these prompts will occur less and less because you won't be regularly installing applications anymore.

By design, this dialog is more colorful and "in your face" than the other User Account Control dialogs. Microsoft wants to ensure that you really think about it before continuing. Rule of thumb: you're going to see this one a lot, but if you just downloaded an installer from a place you trust, it's probably okay to go ahead and install it.

The behavior of User Account Control has led some to describe this feature as needlessly annoying and a contributing factor to the (perceived) demise of Windows Vista. In reality, however, Windows Vista wasn't the first operating system to use this type of security feature: Mac OS X and Linux, for example, have utilized a UAC-type user interface for years now.

And unlike with other operating systems, User Account Control actually becomes less annoying over time. That's because most UAC dialogs pop up when you first get Windows 7. This is when you'll be futzing around with settings and installing applications the most; and these two actions, of course, are the very actions that most frequently trigger User Account Control. The moral here is simple: after your new PC is up and running, User Account Control will rear its ugly head less and less frequently. In fact, after a week or so, User Account Control will be mostly a thing of the past. You'll forget it was ever there.

[Previous] [Contents] [Next]