User Account Control (UAC) is a feature in Windows that can help prevent unauthorized changes to your computer. UAC does this by asking you for permission or an administrator password before performing actions that could potentially affect your computer's operation or change settings that affect other users.
When you see a UAC message, read it carefully, and then make sure the name of the action or program that's about to start is one that you intended to start. By verifying these actions before they start, UAC can help prevent malicious software (malware) from installing itself or making changes to your computer without permission.
When your permission or password is needed to complete a task, UAC will alert you with one of the following messages:
- Windows needs your permission to
continue. A Windows function or program that can affect other
users of this computer needs your permission to start. Check the
name of the action to ensure that it's a function or program you
want to run.
- A program needs your permission to
continue. A program that's not part of Windows needs your
permission to start. It has a valid digital signature indicating
its name and its publisher, which helps to ensure that the program
is what it claims to be. Make sure that this is a program that you
intended to run.
- An unidentified program wants access to
your computer. An unidentified program is one that doesn't have
a valid digital signature from its publisher to ensure that the
program is what it claims to be. This doesn't necessarily indicate
malicious software, as many older, legitimate programs lack
signatures. However, you should use extra caution and only allow
this program to run if you obtained it from a trusted source, such
as the original CD or a publisher's Web site.
- This program has been blocked. This is
a program that your administrator has specifically blocked from
running on your computer. To run this program, you must contact
your administrator and ask to have the program unblocked.
Using standard user accounts
We recommend that you log on to your computer with a standard user account most of the time. You can browse the Internet, send e-mail, and use a word processor, all without an administrator account. When you want to perform an administrative task, such as installing a new program or changing a setting that will affect other users, you don't have to switch to an administrator account. Windows will prompt you for permission or an administrator password before performing the task.
To help protect your computer, you can create standard user accounts for all users who share the computer. When someone who has a standard account tries to install software, Windows will ask for an administrator account's password so that software cannot be installed without your knowledge and permission.
Using administrator accounts
Users who log on with an administrator account may still experience UAC prompts, if Admin Approval Mode is configured in Group Policy. Admin Approval Mode helps prevent malicious software from silently installing itself without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.
If Admin Approval Mode mode is configured, administrators may experience problems completing tasks from the command line. To avoid these problems, open an administrative Command Prompt window or use the Runas command-line tool to complete your task.
- Understanding and Configuring User Account Control in
- Runas (http://go.microsoft.com/fwlink/?LinkId=135920)
in the command-line tool reference