UAC or User Account Control what it is and how it works in Windows
UAC or User Account Control what it is and how it works in Windows
How many times have you seen a message appear in the middle of the Windows screen that reads the following: ” Do you want to allow this app to make changes to your device ?” Many.
For the back-to-basics cycle, let’s talk about User Account Control (UAC) or the Windows security function that helps prevent potentially dangerous or unauthorized activities.
Introduced under Windows Vista in a vastly different form than that used in newer Windows operating systems, UAC continues to be used in Windows 10 and Windows 11 as well.
The operation of UAC is based on the principle of least privilege: users and applications should always use the least privileges for the activities they perform. When a user or application tries to perform an activity that requires elevated permissions, UAC steps in and asks the user to confirm the action. The idea is to enable the user to make informed decisions to prevent potentially dangerous changes to the system in use.
How UAC works
When a user or application requests to perform an operation that requires elevated permissions, UAC displays a dialog box requesting the user’s permission. The user can choose to grant or deny permission, or to request further information before making a decision.
If the user grants permission, UAC temporarily grants the elevated privileges that are required of the user or application in order to perform and complete the requested operation. If permission is denied, the operation is terminated prematurely.
When using an administrator account, UAC just shows two buttons: Yes and No. The first authorizes the operation, the second allows you to block it. If the user does not make any choice, the requested operation is automatically interrupted.
By pressing Windows+I and then clicking on Account, the wording ” Administrator ” appears below the account name if you are using a user with the highest privileges.
If, on the other hand, the account in use is not of the administrative type, Windows requires you to enter the credentials of an administrator account to approve the operation by clicking on Yes. This is why it is important to use a normal account, without administrative privileges, when working routinely with Windows PCs and workstations: users in this way do not know the password of the administrator account and cannot authorize potentially destructive changes in “crucial” areas of the operating system.
Windows and its internal components use a SYSTEM account which obviously escapes UAC checks: in another article, we have seen the main differences between the SYSTEM account and an administrator account.
The Yes button disappears from the UAC window when there are no more accounts with administrative privileges on your system. If this is the case, simply enable the hidden Windows administrator account at least temporarily to fix it.
UAC window colors
Windows has long used different colors for UAC alerts: in Windows 10, for example, the dialog with a blue header warns of changes in view requested by the indicated user or application.
Yellow highlights the fact that the elevation request is coming from an application built by an unknown developer (there is no known, valid digital signature).
Finally, a red UAC screen highlights the fact that the application has been blocked for security reasons.
In the image (source: Wikipedia ) three examples of UAC screens with as many different colors as they appear in Windows 10. In the one below, it is possible to see how in Windows 11 the gray color has taken the place of blue.
In another article, we have seen which programs use administrator privileges in Windows.
When does the UAC warning appear in Windows?
We have not yet said when UAC can appear in Windows as a dialog box in the center of the screen. Here are the most common situations:
Installing a program or driver.
Changing system settings, such as adding a new user or changing security settings.
Changing user account settings, such as changing your password.
Running an application in administrator mode.
Changing registry settings.
Changing the Windows firewall security settings.
Updating the operating system or device drivers.
Configuring a Windows service or system feature.
The limits of UAC in Windows
UAC should be considered as one of the first lines of defense offered by the Microsoft operating system. It cannot offer complete protection because its main objective is only to verify the privileges of users and applications.
Furthermore, as repeatedly demonstrated, in some circumstances, it is possible to bypass UAC and then run applications that require higher privileges without causing any warning to appear. You can do this out of necessity: a trick involving using Task Scheduler allows you to run Windows 10 and 11 programs without bringing up UAC.
Many malware, however, uses UAC bypass techniques to execute malicious code on the system without the user being aware of what has happened.
A tool like UACMe, posted on GitHub, collects a large list of tricks used by malware to understand how UAC attacks work.
Redfox documents a series of UAC bypasses in great detail: fortunately Microsoft Defender, always active and running on the system, is able to recognize and block most of these tricks.
These days some malware is back to using the old but still effective trick of Mock Folders: by creating directories that mimic the name of system folders (for example \Windows\System32 ) on which UAC checking is disabled, it is possible to draw deceive the built-in security feature in Windows.
The correct functioning of UAC also depends on its settings: disabling UAC is strongly discouraged and improper use could compromise system security.
Typing UAC into the Windows search box and then selecting Change User Account Control settings brings up a configuration window that has remained the same since Windows 7.
UAC or User Account Control: what it is and how it works in Windows
The default which is Notify me only when an app tries to make changes to my computer is the one that should always be left selected.
Disabling UAC is never advisable because any user and application could request important changes on the system without asking for any confirmation or authorization.
Finally, UAC is powerless against vulnerabilities in the operating system that allow the elevation of privileges. Sometimes some security flaws allow a normal user to perform operations in the context of the SYSTEM account: the security flaws that facilitate privilege escalation activities are particularly serious because they allow precisely to circumvent the Windows protections and execute potentially harmful code with rights wider users (causing damage, modifying the Windows configuration, accessing restricted areas, the contents of all users’ accounts,…).
