Skip to Content

What is UAC & Why You Should Never Turn it Off

Sun, 07/05/2009 - 18:32 — Ciprian

logo uacWhen Windows Vista was launched, User Account Control (UAC) has been the most criticized and misunderstood feature. Even though it is very important for security, many people have chosen to disable it and expose their systems to possible security problems. Also, lots of sites have published different 'tweaks' for this feature which render it useless and expose users to problems. Windows 7 brings further changes to this feature which have caused additional controversy. This is why I will try to bring more clarity about this feature. I will explain what UAC really is, how it works, what options you have and why you should never disable it. If you are thinking to turn it off, please read this article so that you better understand this feature and how it helps you.

What Is User Account Control (UAC) ?

UAC is a security feature of Windows Vista and Windows 7 which helps prevent unauthorized changes to your computer. These changes can be initiated by applications, viruses or other users. UAC makes sure these changes are made only with approval from the administrator of the computer. If these changes are not approved by the administrator, they will never be executed and the system will remain unchanged.

How Does User Account Control (UAC) Work ?

In Windows Vista and Windows 7, applications run by default without any administrative permissions. They have the same permission levels as a normal user would. They cannot make any changes to the system.
When an application wants to make system changes such as: modifications which affect other users, modifications of system files and folders, installation of new software, UAC prompts the user to ask for permission. An UAC prompt in Windows 7 looks similar to the one below.

User Account Control (UAC)

If the user clicks on No, the change won't be performed. If the user clicks on Yes, the application received administrative permissions and is able to make system changes. These permissions will be given until the application stops running or it is closed by the user.

For an easier understanding, the UAC algorithm is explained in the diagram below.

User Account Control (UAC)

What Changes Require Administrative Privileges ?

There are many changes which require administrative privileges and, depending on how UAC is configured, they can cause an UAC prompt to pop-up and ask for permissions. These are the following:

  • Running an application as an administrator
  • Changes to system-wide settings or to files in the 'Windows & Program Files' folders
  • Installing and uninstalling drivers & applications
  • Installing ActiveX controls
  • Changing settings to the Windows Firewall
  • Changing UAC settings
  • Configuring Windows Update
  • Adding or removing user accounts
  • Changing a user’s account type
  • Configuring Parental Controls
  • Running Task Scheduler
  • Restoring backed-up system files
  • Viewing or changing another user’s folders and files
  • Changing the system date and time

What's The Difference Between UAC Levels ?

Unlike Windows Vista, where you had only two options: UAC turned On or Off, in Windows 7 there are four levels to choose from. The differences between them are the following:

  • Always notify - at this level you will be notified before applications make changes to your computer or your Windows 7 settings that required administrative permissions. When an UAC prompt shows up, your desktop will be dimmed like in the screenshot below, and you must choose Yes or No before you can do anything else on your computer. Security Impact: this is the most secure setting but also the most annoying. If you do not like the UAC implementation from Windows Vista, you won't like this level.

    • User Account Control (UAC)

  • Notify me only when programs try to make changes to my computer - this is the default level and it notifies you only before programs make changes to your computer that require administrative permissions. If you manually make changes to Windows 7, then you will not be notified by UAC. This level is less annoying as it doesn't stop the user when making changes to the system, it only shows prompts if an application wants to make changes. When an UAC prompt is shown, the desktop is dimmed and you must choose Yes or No before you can do anything else on your computer. Security Impact: this is less secure due to the fact that there can be malicious programs created which simulate the keystrokes or mouse moves of a user and change Windows 7 settings. However, if you are using a good security solution, these scenarios should never occur.
  • Notify me only when programs try to make changes to my computer (do not dim my desktop) - this level is identical to the one above except the fact that, when a UAC prompt shows up, the desktop is not dimmed and other programs might be able to interfere with the UAC dialog window. Security Impact: this level is even less secure as it is easier for malicious programs to simulate keystrokes or mouse moves which interfere with the UAC prompt.
  • Never notify - at this level, UAC is turned off and it doesn't offer any protection against unauthorized system changes. Security Impact: if you don't have a good security solution you are very likely to have security problems with your PC. With UAC turned off it will be easier for malicious programs to infect your computer and take control of it and/or its settings.

Should I Disable UAC When I Install My Applications & Turn It On Afterward ?

The biggest annoyance level for users is when you install Windows 7 and all your daily applications. At this time you can receive lots of UAC prompts and you might be tempted to disable it temporarily, while you install all your applications and enable it back when done. In some scenarios this can be a bad idea. Certain applications, which make lots of system changes can fail to work once you turn on UAC after their installation and they will work if you install them with UAC turned on. The failures happen because, when UAC is turned off, the virtualization techniques used by UAC for all applications are inactive. This causes certain user settings and files to be installed to a different place and no longer work when UAC is turned back on. To avoid these problems, it is better to have UAC turned on at all times.

Where To Find UAC & How To Change Its Level ?

We have covered this topic in one of our previous articles, called How To Change User Account Control (UAC) Levels. There you will find a complete guide with all the information you need.

Conclusion

Microsoft has listened to the feedback they received from Windows Vista users and have seriously tweaked UAC. We now have many options to choose from. These new settings provide a pretty good balance between security and usability. For those of you who are still not satisfied with the usability level of UAC, we will continue to look for additional tips and tricks which can tweak it further without compromising your security. If you already have some tips, don't hesitate to share them with us using the comments form below.

Related articles:

How To Change User Account Control (UAC) Levels
Windows 7 vs Windows Vista: The UAC Benchmark
How to Edit User Accounts
How to Create or Delete User Accounts
How to Work with the Action Center
The Control Panel - Switching Between the Classic & Category View

Share/Save

Comments

I would turn UAC back on if

Anonymous (not verified) - 08/04/2009 - 23:07

I would turn UAC back on if it would stop causing Windows Stop errors

I always found the UAC in

Anonymous (not verified) - 08/04/2009 - 23:36

I always found the UAC in Vista sorta annoying, but not enough to actually complain about it, in fact, i turned up the setting in Windows 7, cause I'm paranoid like that

I would like to add some apps

Alex (not verified) - 10/26/2009 - 22:36

I would like to add some apps to the UAC "control files", like we do with Firewall (when adding an .exe for example).

Everytime i boot win7, UAC asks for permission for the Rivaturner, i disabled UAC only for this incovenience, i'd like to put rivaturner as a 'safer' application inside UAC...

Try to follow this

Ciprian - 10/27/2009 - 10:15

Try to follow this guide:
http://www.vista4beginners.com/Disable-UAC-for-certain-applications

It is for Windows Vista but it should work on Windows 7 too.

Gonna try it when i'm in

Alex (not verified) - 10/27/2009 - 19:28

Gonna try it when i'm in home.

Thank you !

Meh =( It didn't worked for

Alex (not verified) - 10/28/2009 - 04:32

Meh =(

It didn't worked for me.

It messed a little with my Win7 (I could not load RT anymore), uninstalled and re-installed it to get it back 2 work. I uninstalled the MS Compatibility soft as well, since it 'll be here for nothing.

Gonna keep UAC ON this time and try live with it... :)

Hopefully we will publish a

Ciprian - 10/28/2009 - 10:04

Hopefully we will publish a solution in the coming weeks.

Actually, i think i've found

Alex (not verified) - 10/30/2009 - 17:06

Actually, i think i've found a little trick to bypass UAC while it's state is ON.

All i had to do was:

1- Create a Task inside Task Scheduler

2- Create a shortcut linked to the one inside Task Scheduler -> schtasks /run /tn "Rivaturner"

3- Unchecked the checkbox "Start with Windows" in Rivaturner

4- Moved that shortcut i created (schtasks /run /tn "Rivaturner") into the folder StartUp in All Programs

And voilá!

Everytime windows boots, it does not ask for permission to run rivaturner anymore.

If you try to run rivaturner.exe, it will fail and windows will show that annoying UAC window. All your calls to rivaturner MUST be done though that shortcut.

Sorry for my English, i did my best to help some "troublemakers" as I here =) ^^

Cheers from Brazil!

For more detailed help in how to creat a task in Task Scheduler, visit this topic (It's in portuguese and you must be registred to see the image examples (The text in the images are in English, so it may be good to register there and do the procedure following the images))

http://www.babooforum.com.br/forum/Executando-programas-sem-o-prompt-da-...

PS. DONT FORGET, all your calls to Rivaturner (Or any other program you desire) must be done though the SHORTCUT !!!! If you run the program by it's .exe it will trigger UAC.

PS2. Uncheck the "Run as Adm" in file properties too...

UAC and MagiColor 2300 DL

Ken (not verified) - 10/29/2009 - 22:35

UAC and MagiColor 2300 DL Printer. Currently I'm using VISTA, but will be upgrading my computer this month to Win 7. That said, I suspect the issue I have with my Magicolor 2300 DL printer will be encountered in Win 7. ISSUE: If you don't disable UAC it takes three minutes to print. You never get the UAC popup. Does anyone know a workaround without having to cut off UAC?

I have found that when the

Anonymous (not verified) - 01/18/2010 - 12:49

I have found that when the UAC level is changed from Never to any other of the three settings, a restart is needed but no warning is given! If Action Center is viewed, it can be seen that it is needed.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options



Theme by Dr. Radut.