What is UAC in Windows? What is the purpose of UAC?

What is UAC in Windows? What is the purpose of UAC?

UAC is a security feature built into Windows since the days of the ill-fated Windows Vista. While its first version was considered rather annoying by most users, it has received lots of fine-tuning in the following Windows iterations. If you want to know what is the meaning of UAC, how it works, and its purpose in Windows 10 and Windows 11, read this article:

Advertisement

What is UAC or User Account Control in Windows?

UAC stands for User Account Control and is a Windows security feature that stops unauthorized changes to the operating system and the user’s files and folders. According to Microsoft, its main purpose is to prevent malware from damaging your computer or device.

A User Account Control (UAC) prompt in Windows 10

A User Account Control (UAC) prompt in Windows 10

User Account Control ensures that important system changes are made only with approval from a user account set as an administrator. These changes can be initiated by apps, users, viruses, or other forms of malware. If the administrator does not approve the changes through a UAC prompt, they are not executed, and your PC remains unaffected.

How does UAC work?

In Windows, files and apps run by default without any administrative permissions. They have the same permissions as a standard user account: they cannot change the operating system, its files, or system settings. Also, they can’t change the files of another user, other than the one running them. When UAC is turned on, Windows apps can only change their files and settings or the user’s files and settings. In case an app or file you run wants to make a system change, a UAC prompt is shown, asking for confirmation from the user.

Advertisement

If you’re logged into Windows with an account that is set as administrator, you see only two options (Yes or No), like in the screenshot below. When you press Yes, the app or file is allowed to run and receives the permissions it requires. When you choose No, it is prevented from running.

A User Account Control (UAC) prompt in Windows 11

A User Account Control (UAC) prompt in Windows 11

If you’re logged in with a user account set as a standard user, the UAC prompt looks similar to the screenshot below. As you see, you’re asked to enter the PIN or password for an account that is set as administrator. If you don’t type it, the file or app that requires administrator permissions is stopped from running and is forbidden from changing anything on your PC.

UAC can ask for the admin user and password or PIN

UAC can ask for the admin user and password or PIN

For an easier understanding of the UAC algorithm, see the process flow below:

How UAC works in Windows

How UAC works in Windows

This UAC algorithm also applies to user accounts that try to change system files or settings. For example, if you’re using an account set as a standard user, not an administrator, you see a UAC prompt asking you to enter an admin password each time you want to make system changes. If you don’t enter it, you’re blocked from making changes.

Trying to change the settings of other users from a standard user account

Trying to change the settings of other users from a standard user account

If you’re using a Windows account set as administrator, UAC prompts may not be shown when you change system settings and files, depending on how this security feature is configured. However, you will see them when you try to run files and apps that want to make system changes.

Advertisement

Which changes trigger a UAC prompt in Windows?

Many changes require administrator rights. Depending on how UAC is configured on your Windows computer, they can cause a UAC prompt to show up and ask for permission. Here are some of the actions that trigger a UAC prompt:

  • Running an app or file as an administrator
  • Changes to system-wide settings or files in the Windows or Program Files folders
  • Installing and uninstalling drivers and desktop apps
  • Viewing or changing another user’s folders and files
  • Changing, adding, or removing other user accounts
  • Changing settings to the Windows Defender Firewall
  • Changing UAC settings
  • Changing the system date and time

UAC elevation prompts: How they look and the information displayed

You are shown a UAC prompt when you access a file, a setting, or an app that is about to make important changes to Windows. If your user account is an administrator, the prompt is similar to the ones in the screenshot below.

The UAC prompt in Windows 10 (left) and Windows 11 (right)

The UAC prompt in Windows 10 (left) and Windows 11 (right)

You are asked: “Do you want to allow this app to make changes to your device?”

You are shown the name of the app, its verified publisher, and file origin. There’s also a link for Show more details. Clicking or tapping on the link shows the program location, like in the screenshot below.

You can view more information before making your decision

You can view more information before making your decision

When you try to run something from a standard user or make a system change yourself, the prompt is different as it also asks you to enter an admin user name and a password or PIN.

Standard users need the admin user and password

Standard users need the admin user and password

How do I know that a file, app, or setting will trigger a UAC prompt?

Files that trigger a User Account Control prompt when you run them have the UAC symbol on the bottom-right corner of their file icon, similar to the screenshot below.

The UAC symbol next to a file

The UAC symbol next to a file

Apps and system settings that trigger a UAC prompt also have the UAC symbol next to their name or in their icon. You can see an example as soon as you open the Control Panel. The “Change account type” link takes you to a window where you can modify other user accounts. Therefore, you need administrator permissions for such activities, and a standard user is not allowed access without entering the admin username and password (or PIN) in the UAC prompt.

The UAC symbol next to a link in Control Panel

The UAC symbol next to a link in Control Panel

The difference between UAC settings in Windows

In Windows 10 and Windows 11, the User Account Control security feature works similarly.

If you want to check the status of UAC on your Windows PC, open the Control Panel and go to System and Security. In the Security and Maintenance section, click or tap the “Change User Account Control settings” link.

Where to check the UAC status

Where to check the UAC status

You’ll see the User Account Control Settings window, where you can adjust it to work in one of four ways:

Advertisement
  • Always notify - at this level, you are notified when apps and users (including yourself) make changes that require administrative permissions. When the UAC prompt shows up, the desktop is dimmed. This is the most secure and annoying setting because it generates the highest number of prompts.
  • Notify me only when apps try to make changes to my computer (default) - UAC notifies you only when apps and files try to make changes that require administrator permissions. If you manually make changes to Windows and you are an administrator, a UAC prompt is NOT shown. This level is less annoying as it doesn’t stop the user from making changes to the system; it only shows prompts if an app or file wants to make changes. When a UAC prompt is shown, the desktop is dimmed, and you must choose Yes or No before you can do anything else. This setting is less secure than the first because malicious apps can simulate a user’s keystrokes or mouse movements and change Windows settings. However, such situations should not occur if you use a good security solution.
  • Notify me only when apps try to make changes to my computer (do not dim my desktop) - this level is the same as the previous one, except that when a UAC prompt is shown, the desktop is not dimmed, and other desktop apps can interfere with the UAC window. This level is even less secure as it makes it easier for malicious apps to simulate keystrokes or mouse moves that interfere with the UAC prompt.
  • Never notify - at this level, UAC is turned off and doesn’t offer any protection. The files you run, the apps you start, and other user accounts can easily make system changes without specific approval. If you don’t have a great security suite installed, you will likely encounter security issues with your Windows device. With UAC turned off, it is much easier for malicious items to infect Windows and take control.

The User Account Control Settings window

The User Account Control Settings window

Is it OK to disable UAC?

The short answer is: No, disabling UAC is not a good idea. However, if you really want to do this, you can. Follow our guide on changing the User Account Control (UAC) level, and set it to Never Notify. However, remember that making this choice significantly lowers the security of your Windows computer or devices, making it much easier for malware, hackers, and other types of threats to infect your PC.

Disabling UAC is easy

Disabling UAC is easy

The biggest annoyance in keeping UAC turned on is when installing desktop apps. If you install programs like antivirus software, VPN services, drivers, and other apps that make system changes requiring administrator permissions, you’ll deal with several UAC prompts. You might be tempted to disable UAC temporarily while installing the apps you want and enabling it again when done. In some situations, this can be a bad idea. Desktop apps that make system changes can fail to work once UAC is turned on, after their installation. However, they will function properly if you install them when UAC is turned on. When UAC is disabled, the virtualization techniques used by UAC for providing enhanced security are inactive. This causes certain user settings and files to be installed in a different place. They will not work when UAC is turned back on. To avoid such problems, it is always better to have User Account Control (UAC) enabled.

How did you configure UAC on your Windows PC?

You’ve reached the end of this tutorial, and by now, you should know the meaning of UAC, its purpose, and how it works. Hopefully, my explanations helped you understand this security feature well and convinced you not to disable it, even if you may find it annoying. Before closing, comment using the options below and tell me how you configured UAC. Did you leave its default setting untouched, or you went for a more or less secure setting?

Discover: Security Recommended System and Security Tutorials Windows