User Account Control

User Account Control (UAC) is a security feature included in Windows Vista and later, which limits applications to standard user privileges unless they are explicitly granted administrator privileges. The process of authorizing a program to run at administrator privileges is called elevation and usually involves a consent prompt that includes information that identifies the program.

The UAC prompt may also display a password prompt if the current user does not hold administrator privileges, requiring an administrator to enter their credentials in order for the elevation to succeed. This makes it similar to the  or equivalent commands in Unix-like operating systems, although Windows does not have any equivalent of a root user known from the other platforms.

Elevated processes are isolated from non-elevated processes by running at a higher integrity level, which prevents most interactions from lower levels in order to avoid privilege escalation attacks.

User Account Protection
In its early implementation User Account Control was known as User Account Protection (UAP). It could be enabled or disabled through the use of a Start menu shortcut to, rather than through the user control applet within Control Panel. However, the early UAP implementation used a different keyword for the administrator privilege request. Unlike the modern implementation, which uses the keyword, the early implementations used   instead. This leads to an inability to run modern programs within builds that used this implementation as they will produce a run-time error. It is possible to modify a program's manifest to use the older keyword to trigger the UAP prompt, in turn allowing the program to run correctly. However, programs that perform an integrity verification (such as setups) will not run due to the program's checksum no longer matching the checksum it is verified against.