User Account Control

User Account Control
Component of Microsoft Windows
UAC Def10Logo.png
Win11UAC.png
User Account Control prompting access to Windows Terminal in Windows 11
TypeSecurity option
Introduced inWindows Vista

User Account Control (UAC) is a security feature included in Windows Vista and later, which limits applications to standard user privileges unless they are explicitly granted administrator privileges. The process of authorizing a program to run at administrator privileges is called elevation and usually involves a consent prompt that includes information that identifies the program. The UAC prompt may also display a password prompt if the current user does not hold administrator privileges, requiring an administrator to enter their credentials in order for the elevation to succeed. UAC is similar to the sudo command in Unix-like operating systems, although Windows does not have any equivalent of a root user known from the other platforms.

Elevated processes are isolated from non-elevated processes by running at a higher integrity level, which prevents most interactions initiated by lower-level processes in order to avoid privilege escalation attacks.

User Account Protection[edit | edit source]

In its early implementation, User Account Control was known as User Account Protection (UAP). It could be enabled or disabled through the use of a Start menu shortcut to toggle.exe, rather than through the user control applet within Control Panel. However, the early UAP implementation used a different keyword for the administrator privilege request. Unlike the modern implementation, which uses the keyword asInvoker, the early implementations used requireAdministrator instead. This leads to an inability to run modern programs within builds that used this implementation as they will produce a run-time error. It is possible to modify a program's manifest to use the older keyword to trigger the UAP prompt, in turn allowing the program to run correctly. However, programs that perform an integrity verification (such as setups) will not run due to the program's checksum no longer matching the checksum it is verified against.

Gallery[edit | edit source]

Windows Vista to Windows 10 November Update[edit | edit source]

Windows 10 Anniversary Update and later[edit | edit source]

Windows 11[edit | edit source]