Windows 7 / Security and Privacy

UAC for Standard Users

Microsoft made many changes to the operating system so that standard users could perform almost any day-to-day task. Tasks that standard users can do without receiving a UAC prompt that requires administrative privileges in Windows XP include:

  • Viewing the system clock and calendar
  • Changing the time zone
  • Connecting to wired or wireless networks
  • Connecting to virtual private networks (VPNs)
  • Changing display settings and the desktop background
  • Changing their own passwords
  • Installing critical Windows updates
  • Installing device drivers that have been staged
  • Scheduling tasks
  • Adding printers and other devices that have the required drivers installed on the computer or that are allowed by an administrator in Group Policy
  • Installing ActiveX Controls from sites approved by an administrator
  • Playing or burning CDs and DVDs (configurable with Group Policy settings)
  • Connecting to another computer with Remote Desktop
  • Configuring battery power options on mobile computers
  • Configuring accessibility settings
  • Configuring and using synchronization with a mobile device
  • Connecting and configuring a Bluetooth device
  • Restoring backed-up files from the same user

Additionally, disk defragmentation is scheduled to happen automatically in the background, so users do not need privileges to initiate a defragmentation manually.

Some of the common tasks standard users cannot do include:

  • Installing and uninstalling applications
  • Installing device drivers that have not been staged
  • Installing noncritical Windows updates
  • Changing Windows Firewall settings, including enabling exceptions
  • Configuring Remote Desktop access
  • Restoring system files from a backup
  • Installing ActiveX controls from sites not approved by an administrator

Note To install ActiveX controls in Internet Explorer, start Internet Explorer by rightclicking the icon and then clicking Run As Administrator. After installing the ActiveX control, close Internet Explorer and reopen it using standard privileges. After it is installed, the ActiveX control will be available to standard users.

The Power Users group still exists in Windows Vista and Windows 7. However, Windows Vista and Windows 7 remove the elevated privileges. Therefore, you should make users members of the Users group and not use the Power Users group at all. To use the Power Users group on Windows 7, you must change the default permissions on system folders and the registry to grant Power Users group permissions equivalent to Windows XP.

[Previous] [Contents] [Next]

In this tutorial:

  1. Windows 7 Client Protection
  2. Understanding the Risk of Malware
  3. User Account Control in Windows 7
  4. UAC for Standard Users
  5. UAC for Administrators
  6. UAC User Interface
  7. Secure Desktop
  8. How Windows Determines Whether an Application Needs Administrative Privileges
  9. How to Control UAC Using Application Properties
  10. How UAC Examines the Application Manifest
  11. UAC Heuristics
  12. UAC Virtualization
  13. UAC and Startup Programs
  14. Compatibility Problems with UAC
  15. How to Configure UAC
  16. Group Policy Settings
  17. Control Panel
  18. Msconfig.exe
  19. How to Configure Auditing for Privilege Elevation
  20. Other UAC Event Logs
  21. Best Practices for Using UAC
  22. AppLocker
  23. AppLocker Rule Types
  24. Auditing AppLocker Rules
  25. DLL Rules
  26. Custom Error Messages
  27. Using AppLocker with Windows PowerShell
  28. Using Windows 7 Defender
  29. Understanding Windows Defender
  30. Automatic Scanning
  31. Real-Time Protection
  32. Windows Defender Alert Levels
  33. Understanding Microsoft SpyNet
  34. Configuring Windows Defender Group Policy
  35. Configuring Windows Defender on a Single Computer
  36. How to Determine Whether a Computer Is Infected with Spyware
  37. Best Practices for Using Windows Defender
  38. How to Troubleshoot Problems with Unwanted Software
  39. Network Access Protection
  40. Forefront