Windows 7 / Security and Privacy

UAC for Standard Users

Microsoft made many changes to the operating system so that standard users could perform almost any day-to-day task. Tasks that standard users can do without receiving a UAC prompt that requires administrative privileges in Windows XP include:

  • Viewing the system clock and calendar
  • Changing the time zone
  • Connecting to wired or wireless networks
  • Connecting to virtual private networks (VPNs)
  • Changing display settings and the desktop background
  • Changing their own passwords
  • Installing critical Windows updates
  • Installing device drivers that have been staged
  • Scheduling tasks
  • Adding printers and other devices that have the required drivers installed on the computer or that are allowed by an administrator in Group Policy
  • Installing ActiveX Controls from sites approved by an administrator
  • Playing or burning CDs and DVDs (configurable with Group Policy settings)
  • Connecting to another computer with Remote Desktop
  • Configuring battery power options on mobile computers
  • Configuring accessibility settings
  • Configuring and using synchronization with a mobile device
  • Connecting and configuring a Bluetooth device
  • Restoring backed-up files from the same user

Additionally, disk defragmentation is scheduled to happen automatically in the background, so users do not need privileges to initiate a defragmentation manually.

Some of the common tasks standard users cannot do include:

  • Installing and uninstalling applications
  • Installing device drivers that have not been staged
  • Installing noncritical Windows updates
  • Changing Windows Firewall settings, including enabling exceptions
  • Configuring Remote Desktop access
  • Restoring system files from a backup
  • Installing ActiveX controls from sites not approved by an administrator

Note To install ActiveX controls in Internet Explorer, start Internet Explorer by rightclicking the icon and then clicking Run As Administrator. After installing the ActiveX control, close Internet Explorer and reopen it using standard privileges. After it is installed, the ActiveX control will be available to standard users.

The Power Users group still exists in Windows Vista and Windows 7. However, Windows Vista and Windows 7 remove the elevated privileges. Therefore, you should make users members of the Users group and not use the Power Users group at all. To use the Power Users group on Windows 7, you must change the default permissions on system folders and the registry to grant Power Users group permissions equivalent to Windows XP.

[Previous] [Contents] [Next]