User Account Control

Before the introduction of User Account Control (UAC), when a user was logged on as an administrator, that user was automatically granted full access to all system resources. While running as an administrator enabled a user to install legitimate software, the user could also unintentionally or intentionally install a malicious program. A malicious program installed by an administrator can fully compromise the computer and affect all users.

With the introduction of UAC, the access control model changed to help mitigate the impact of a malicious program. When a user attempts to start an administrator task or service, the User Account Control dialog box asks the user to click either Yes or No before the user's full administrator access token can be used. If the user is not an administrator, the user must provide an administrator's credentials to run the program. Because UAC requires an administrator to approve application installations, unauthorized applications cannot be installed automatically or without the explicit consent of an administrator.

This section contains the following topics: