What Percentage of Consumers Have UAC Enabled on Windows Vista?

From the “doesn’t just saying it make it true?” department:

I was reading the March 2008 issue of Maximum PC (I love my Maximum PC), and while I like the real dirt and the attitude, I just don’t understand the extent of their hatred of UAC. Their Editor in Chief writes, “UAC is the worst feature ever. In fact, it’s so annoying that most users turn it off after mere moments.” (p.94)

Now, I’m a huge fan of running as a standard user. I ran as a standard user on Windows XP (which I could never have done without MakeMeAdmin). UAC makes that easier. For those who want to run as admin, yeah – you give something up. You are no longer an admin all the time. Well, let me correct that. You are still an admin on your computer. It’s just that your word processor isn’t an admin on your computer. Your web browser isn’t an admin on your computer. Every web site on the planet isn’t an admin on your computer. And so forth. And I would assert that this is good. So clearly, I don’t go into this with the same attitude towards the feature.

But it doesn’t matter. This is an assertion of fact, so why don’t we look at the real data?

We looked at data from 9 million user sessions. We stripped out all data from computers joined to a Microsoft domain, and non-RTM builds. (Us ‘Softies are a wacky bunch.) And we looked at the results. This is from the October – December 2007 data collection period.

What did we find?

UAC is enabled on 88% of consumer sessions. And that number is increasing, up from 84%.

What else did we find? Well, I didn’t get permission to share all that, so I’ll talk in vague generalities. 🙂 We’re looking at which applications are prompting the most frequently, and seeing what we can do to fix that. (We have more than our fair share, trust me.) But this is definitely a “long tail” problem. I spend a significant portion of my life shimming up applications so they no longer require admin rights, and teaching others how to do the same. I do the same thing for developers writing code. Because, in an ideal world, you would be prompted exactly one time for each time you wanted to change the global state of your machine or some other user. We’re not there yet, but we’re getting better.

I’m really happy that the numbers are that high. And Maximum PC, you’re still tied for 1st place in my list of favorite magazines (well, I also love my PC Gamer), even if your hatred blinds you sometimes. Time to let my non-admin blog editor publish this post…

Comments (27)

  1. EmJayPrice says:

    Throughout the Vista beta, every time I reinstalled the first thing I would do is turn off UAC.

    Since RTM, however I started leaving it on. I wanted to see what the average consumer experience would be like.

    UAC pops up during configuration and app install and then just mostly goes away. It really is not a big deal.

    I think the implementation has been done very well.

  2. doomer says:

    I’m using psexec -l of Mark Russinovich to run programs working with potentially dangerous contents. It’s required a small shortcut modification.

    Why do not integrate such feature into OS? So you just need to set one check box to run a program under limited rights.

    P.S. How many users from mentioned 88% know how to shut up UAC?! I suppose the most part of them just wanted modern looking OS with cool features.

  3. cjacks says:

    Hi Doomer,

    Running applications at low IL is really a power user scenario. Most apps break when you do this, so I think psexec is a pretty good home for it. What regular user scenario are you thinking of?

    Our data doesn’t indicate what users know, just what they do. But I’m guessing your question was rhetorical.

    Thanks, Chris

  4. OK, so I’m a software developer, and not exactly representative of your typical Vista user, but I run with UAC turned off. BUT, I also run almost all of the time with a standard user account (usually relying on Fast User Switching when I need admin mojo). Do you have any numbers for that scenario, either on XP or Vista?

  5. sloth says:

    I’m a software developer and think UAC is a great addition to Windows.  I run as an admin and after the initial setup of my machine I hardly ever deal with a UAC prompt.

    The only exception is that I use the Registry Editor a fair amount and because it has the requestedExecutionLevel set to "highestAvailable" it always prompts me to elevate even if I only want to view some data.  Is there a way have it run "asInvoker" without the prompts?

  6. MichaC says:

    I’d be interested to see how many people turn UAC back on if they’ve turned it off at any point. I had it up for a while, and was pretty happy with it, but I had to turn it off to get a COM server that I was developing against to register correctly and never bothered to turn it back on after that. It would be great if I could just snooze it so that after one restart it was turned off, but after the next restart it would be back on again.

  7. Mark Sowul says:

    I have it on, and in fact I like how the app virtualization keeps my settings for crap programs out of program files and now puts them under my folder where they belong.

    Major thumbs down to Valve for making the Steam folder world-writeable.  Ugh.

  8. tucan says:

    I love UAC.

    UAC is one of my favourite Vista’s features

  9. Ganesh says:

    UAC turned down? Why would anyone want to do that and compromise thier own security.

    Guess the remaining 12% are more concerned about thier ‘prompts’ than security.

  10. cjacks says:

    rlipscombe – I don’t have those numbers. But, if you are a standard user, why turn UAC off? When you’re not an admin, we’ve only given you features, and not taken anything away? It’s a bit more pure, I admit, but UAC sure does fix a lot of stuff!

    sloth – if you shim with RunAsInvoker you can override a manifest.

    MichaC – why did you have to turn UAC all the way off to register something? If you’re calling regsvr32, can’t you just run that from an elevated commmand prompt?

  11. Peter Simon says:

    I do not have UAC turned on because I learnt to control my pc ( I started pretty while ago on DOS ) and it annoyed me that popped up a lot but it is still annoying that Vista is still begging me all the time to switch it on .

    good feature though for a regular user.

  12. cjacks says:

    Peter Simon – I like to think that I have some idea of how to control my PC as well. Part of controlling my PC is ensuring that I don’t hand over full admin credentials to all of the applications I run, as well as to every web site that I browse to. UAC gives me the ability to be more selective (more conveniently) with the powers I hand to other peoples’ code so I can *really* control my PC. So, I think it’s a pretty good feature for everyone.

  13. DanG says:

    I *would* run as a standard user, but…

    Here is my monthly headache scenario.

    1. Windows Update tells me there are new updates to install.  I tell it to go ahead and install them, after looking them over to make sure they all make sense.

    2. UAC pops up, asking me if I want to run Windows Update.  Gosh, I dunno.  I just clicked on "Install Updates".  OK, so this is just annoying.

    3. The updates install.  No sweat.  Yet.

    4. I go to bed.  My wife gets up early in the morning, and tries to read her email.  Nothing happens.

    5. Wife wakes me up.  I groggily stumble out to the kitchen.  Yup, no email.  Hmmm, I can ping outside.  Argh.  OH YEAH.

    6. I switch to my account, log in, and check *my* email.  This time, Norton Internet Security (aka Norton Prevent Me From Doing Anything Useful) displays a dialog box (buried under the Windows Mail dialog, where I can’t see it at first) that says "Hey, Windows Mail has been modified since the last time you used it.  Are you sure you want to run it?"  No kidding — Windows Update modified it when I installed updates!  I click "OK, let this program run any time", switch back to my wife’s account, and let her download and read her email.

    7. Ditto for Internet Explorer.

    What’s the difference between our two accounts?  The one that gets the message window from Norton is mine — the administrator.  My wife’s is a standard user account, and she gets zero, zilch, nada.

    Whose fault is this?  As a user, I don’t care.  All I know is that if my account weren’t an administrator, I’d probably have no clue why my wife’s email wasn’t downloading.

    Of course, maybe there’s a setting somewhere, in some control panel, that’ll make the same pop-up appear for her.  But I haven’t found it — and I’ve looked.

    UAC and standard user privileges are great.  Honest.  On "that other OS", I like the fact that I have to use "sudo".  And I can usually use "Run as" (though, not always) to do what I need to from a standard account on Windows.  But it sure does get in the way of getting work done (and, once a month, in the way of my sleep).

  14. cjacks says:


    Interesting – looks like we could assist one of our partners in investigating the standard user scenario. Let me see what I can do.



  15. xGamer says:

    Windows XP never had UAC and I never have once been hacked or anything else. My router and norton 360 do a pretty good job. UAC, Windows Defender, un-needed drivers and so forth do nothing for me except use additional resources and are irratating.

    So using vLite, I took out 80% of what I didn’t need. The full install also only uses about 4.5GB of space and resources / memory usage is less than before too. However, I still have Aero plus I use TweakVI (for processor caching) and VistaGlazz as well.



    (No, there is no gamer edition.. I made that just for fun)

    Removing most of the unneeded stuff also improved file copy issues as well. Overall, It’s like using Win XP but it just looks prettier. I’ve done tons of tweaking since I mostly play games but until MS will develop a Vista Ultimate x64 strickly for gamers, I guess we just have to do it ourselves.


  16. Jason Spicer says:

    I would’t mind dismissing Yet Another Popup, if it would have the decency to pop up already.  UAC takes for-freaking-ever to ask my permission to do something I just told the computer to do.  If it happened right away, it would be no biggie, but I frequently have to wait 20, 30, 40 seconds (sometimes way, way longer–about 30 minutes for a game download and install once) before the UAC prompt on the secure desktop.  This is why I want to turn the damn thing off–because of its horrible performance!  And it’s all well and good to blame this on ill-behaved apps, but who owns UAC?  That’s right, Windows.  I suspect for most users UAC is just another reason why Vista comes across as one of the clunkiest Windows releases ever.

  17. orchidpop says:

    Hi. Not sure if we can ask for things to be shimmed, but TaxAct (desktop version) has this need. If you allow it to check for new versions online at startup or if you force it, with UAC on, it prompts you every time. I contacted the vendor on a few occasions, but they didn’t seem concerned about this.

  18. cjacks says:

    Hi orchidpop,

    There isn’t really a shim to fix that – updating program files does require elevation. But the design itself could obviously be improved. They should be able to check for updates non-elevated, and even download them. Then, they could start a small elevated process that installs these updates. However, for all I know, they are already doing that. (I know I use a competing tax application, and it finds updates every single time it runs.) The alternative design would be to have a per-user install and not require admin rights ever. Either way, the app is behaving correctly afaik.

    Do you think a per-user install is a good thing? (This is frequently a matter of debate – that’s the approach I would use here, but some would disagree.)


  19. From the "doesn’t just saying it make it true?" department: I was reading the March 2008 issue of Maximum PC (I love my Maximum PC), and while I like the real dirt and the attitude, I just don’t understand the extent of their hatred of UAC.

  20. ABC says:


    If we are applying the RunAsInvoker shim, we can take some what relax for that application. But I could see there are lot of other shims which will do the same job as like RunAsInvoker.

    Please could anyone clear my confusion among these.




    please I need this urgent.

  21. cjacks says:

    ForceAdminAccess – always say you’re an admin, even if you are not.

    RunAsHighest – use the highest token available. If you’re a standard user, you only have 1, so no change. If you’re an admin, then use the elevated token.

    RunAsInvoker – Run as whoever you are.

    These are all documented in the help – open up act.chm (the help topics function in CompatAdmin is broken so you may have to browse there directly).

  22. ABC says:

    So, If I am applying the "RunAsAdmin", only admin rights will be applied to the particular application or to whole system?….

    Is it the correct process applying RunAsAdmin. I heared it’s not the best practice, is it?…

  23. cjacks says:

    RunAsAdmin flags that application as requiring admin rights. If you have UAC enabled and are not already running as full administrator, then it will prompt you for elevation of that particular application.

    It’s not typically the preferred solution, because most organizatons (eventually) want to get to a standard user desktop (if they aren’t today), and so using this flag basically says that their standard users won’t be able to use that application.

  24. ABC says:

    Let me clear from my side,So what I understood from ur post is, So if we are applying the RunAsHighest, it does not make any sense to resolve the standrard user issues.

    Then without applying the shim also the behaviour is same right. So what is the need of this shim then?..

  25. cjacks says:

    There is almost never a good reason to use RunAsHighest – the two I use are RunAsAdmin and SpecificNonInstaller (if it’s elevating because we falsely detected it as an installer – better to do this than RunAsInvoker).

    I first try to fix the issue that causes the app not to run as a standard user. If and only if I am unable to do anything to fix it will I use RunAsAdmin, but it’s always a last resort.