使用者 Account 控制概觀User Account Control Overview

使用者 Account 控制 (UAC) 是 Microsoft 的整體安全性辨識基本元件。User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC 可以協助您減少的惡意程式影響。UAC helps mitigate the impact of a malicious program.

描述的功能Feature description

UAC 可以讓所有的使用者來登入他們的電腦使用標準帳號。UAC allows all users to log on to their computers using a standard user account. 使用標準使用者權杖啟動處理程序可能會使用執行工作存取權限授與一般的使用者。Processes launched using a standard user token may perform tasks using access rights granted to a standard user. 例如,Windows 檔案總管] 就會自動繼承標準使用者層級權限。For instance, Windows Explorer automatically inherits standard user level permissions. 此外,使用 Windows 檔案總管會執行任何程式 \ (例如,即可 double\ 應用程式 shortcut) 也執行一般設定使用者權限。Additionally, any programs that are executed using Windows Explorer (for example, by double-clicking an application shortcut) also run with the standard set of user permissions. 許多應用程式,包括隨附本身作業系統設計可正常運作,這種方式。Many applications, including those that are included with the operating system itself, are designed to work properly in this way.

其他應用程式,尤其不是專門的安全性設定改變心意,通常需要額外的權限順利執行。Other applications, especially those that were not specifically designed with security settings in mind, often require additional permissions to run successfully. 這類程式被指傳統應用程式。These types of programs are referred to as legacy applications. 此外,動作,例如安裝新的軟體和設定變更程式,例如 Windows 防火牆,需要更多比標準使用者過去可用的權限。Additionally, actions such as installing new software and making configuration changes to programs such as Windows Firewall, require more permissions than what is available to a standard user account.

當使用多個標準使用者權限來執行應用程式需求時,UAC 可以權杖還原其他使用者群組。When an applications needs to run with more than standard user rights, UAC can restore additional user groups to the token. 這可讓使用者有明確控制其電腦或裝置的系統層級變更進行的程式。This enables the user to have explicit control of programs that are making system level changes to their computer or device.

實用的應用程式Practical applications

在 UAC 的系統管理員核准模式可以協助防止惡意程式無訊息方式執行安裝,而不需要系統管理員身分知識。Admin Approval Mode in UAC helps prevent malicious programs from silently installing without an administrator's knowledge. 這也有助於保護的非故意 system\ 層級的變更。It also helps protect from inadvertent system-wide changes. 最後,它可以用來執行較高的相容性,系統管理員必須積極同意或每個系統處理程序提供的認證。Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.