User Account Control (UAC) – quick update

There’s been a ton of interest in how we have improved user account control (UAC) and so we thought we’d offer a quick update for folks. We know most of you have discovered this and picked a setting that works for you, and we’re happy with the feedback we’ve seen.  This just goes into the details on the choice of defaults.  –Steven

In an earlier blog post we discussed the why of UAC and its implications for Windows, the ecosystem, and our customers. We also talked about what we needed to do moving forward to address the data and feedback we’ve received. This blog post will provide additional detail on our response and what you can expect to see in the upcoming beta build in early 2009.

As mentioned in our previous post, and your comments supported this, the goals for UAC are good and important ones. User Account Control was created with the intention of putting you in control of your system, reducing cost of ownership over time, and improving the software ecosystem. It is important not to abandon these goals. Instead, we want to address feedback we’ve received and build on the telemetry we have using those to improve the overall experience without losing sight of the goals with which we agree.

For those of you using 6801 you have started to see the benefits of prompt reduction and our new and improved dialog designs. You also have seen our efforts to give the user greater control of their system – the new UAC Control Panel. The administrator now has more control over the level of notification received from UAC. Look for the UAC Control Panel to appear in Start Search, Action Center, Getting Started, and even directly from the UAC prompt itself. Of course, the familiar ways to access it from Vista are still present.

User Account Control control panel.

Figure 1: UAC Control Panel

The UAC Control Panel enables you to choose between four different settings:

  1. Always notify on every system change. This is Vista behavior – a UAC prompt will result when any system-level change is made (Windows settings, software installation, etc.)

  2. Notify me only when programs try to make changes to my computer. This setting does not prompt when you change Windows settings, such as control panel and administration tasks.

  3. Notify me only when programs try to make changes to my computer, without using the Secure Desktop. This is the same as #2, but the UAC prompt appears on the normal desktop instead of the Secure Desktop. While this is useful for certain video drivers which make the desktop switch slowly, note that the Secure Desktop is a barrier to software that might try to spoof your response.

  4. Never notify. This turns off UAC altogether.

We know from the feedback we’ve received that our customers are looking for a better balance of control versus the amount of notifications they see. As we mentioned in our last post we have a large number of admin (aka developer) customers looking for this balance, our data shows us that most machines (75%) run with a single account with full admin privileges.

Distribution of number of accounts per PC

Figure 2. Percentage of machines (server excluded) with one or more user accounts from January 2008 to June 2008.

For the in-box default, we are focusing on these customers, and we have chosen number 2, “Notify me only when programs try to make changes to my computer”. This setting does not prompt when you change Windows settings (control panels, etc.), but instead enables you to focus on administrative changes being requested by non-Windows applications (like installing new software). For people who want greater control in changing Windows settings frequently, without the additional notifications, this setting results in fewer overall prompts and enables customers to zero in on the key remaining notifications that they do see.

This default setting provides the right degree of change notification that a broad range of customers’ desire. At the same time we’ve made it easy and readily discoverable for the administrator to adjust the setting to provide more or fewer notifications via the new control panel (and policy). As with all of our default choices we will continue to closely monitor the feedback and data that come in through beta before finalizing for ship.

–UAC, Kernel, and Security program managers

Comments (59)

  1. Syllopsium says:

    I’m really not entirely impressed. The standard user is set to an ‘administrator’, important settings like the properties of the network adapter are not run through UAC for the default(admin) user and most importantly the admin tools are not in the slightest bit granular. I’ll grant you the network applet is doing something funky, though, as netsh refuses alterations from an unelavated command prompt even under the default ‘admin’ user.

    A non admin user cannot use the network settings dialog to see (but not alter) the settings without going through UAC entering a password.

    Undoubtedly in some cases (installation of new programs from the web springs to mind) the multiple UAC confirmations were overkill. For the remainder it’s down to poor program and user interface design. Need I mention that Microsoft’s Visual Studio Express 2005, amongst others, triggered UAC prompts in Vista due to requiring admin privilege.

    It’s not always about ‘what the customer wants’ – customers don’t care about security until the moment their system is hacked out of existance.

    More intelligent admin tool design and shims to handle misbehaving programs (dare I say it, a setuid equivalent) would remove the majority of user concerns.

    However, I suspect that due to marketing and timescales the security/UI teams currently have no option to prepare more sophisticated options. Unfortunately.

    As it is, I suppose this is an improvement on Vista, but it falls short of the ideal.

  2. Anders says:

    I would like Windows to give ME the control of my OWN computer, currently, if a program has a admin manifest, there is NO WAY for me to run it as non admin (other than turning off UAC and rebooting) I want a button in the UAC dialog that says Run non-elevated (registry hack or whatever, I guess you don’t want to confuse the noobs) I’m tired of resource hacking the manifest for stuff (Take regedit for example, what if I only want to edit HKCU, don’t force me to elevate, give ME the OPTION)

    I really want to move to W7, but if you don’t add this, I’m sticking with XP (I have my own custom UAC like solution there) or move to Linux

  3. Millerds says:

    >I want a button in the UAC dialog that says Run non-elevated


    Currently, when faced with an application that demands admin privs before it will consent to run, we have three options to get around that:

    1) Edit its manifest ourselves

    2) Install a RunAsInvoker shim using the Application Compatibility Toolkit

    3) Copy the application into a virtual machine and run it there instead

    A RunAsInvoker mode availble off the right-click menu would be nice.

  4. nickcruz says:

    This is not related to the current posting but i would like to bring it up since i know so many people out there would love this feature include in 7. I think it would be great if you guys add a Folder copy que feature that would obviously allow to create a cue when moving or copying several folders. I think this would be a killer feature that many people would make great use of it. It’s been noted recently that now Windows 7 has the feature that if a file is being used by another program it will let you know what program it is. I am hoping with my finger crossed that you guys can add a que to the copying or moving of folders.

  5. snprbob86 says:

    Too many settings!

    I’m glad the default is #2 instead of #1. The Vista behavior is overkill: I trust the control panel.

    #4 is clearly unsafe and dangerous. Hopefully, the new default will be not annoying enough to push people to #4

    Now, #2 vs #3 is far more interesting.

    If the "secure desktop" is the only difference, why not just create a secure window? Something like this already exists for email protections in Outlook…

    I say, make a #2.5 and delete this entire dialog and setting.

  6. Millerds says:

    I have mixed feelings about Windows 7’s UAC default setting.

    At least as of build 7000, a standard-token process can open the UAC settings control panel, change the setting to off, and then reboot the machine (after, presumably, first sticking something in the user’s startup list). A standard-token process can also open the user accounts control panel, create a new admin account, assign it a password, and turn on Remote Desktop.

    From this way of looking at it, Windows 7 has reverted to the XP default of every process the user runs having the ability to hijack the machine, and I feel a bit sorry for users who won’t realize that upgrading from Vista to Windows 7 means a buffer overflow exploit can now run a payload with admin privs without ever triggering a UAC prompt unless they specifically change the UAC setting themselves.

    On the other hand, the Widows 7 default setting still forces application developers (as opposed to malware developers) to code for standard user privileges just as in Vista, which means the Windows software ecosystem stays based around standard privileges, which means individuals and organizations who want real security (max UAC, or actual standard accounts) can set it up and their applications will still work the same—quite a different experience from using limited accounts in the XP days.

  7. xiphi says:

    "I would like Windows to give ME the control of my OWN computer, currently, if a program has a admin manifest, there is NO WAY for me to run it as non admin (other than turning off UAC and rebooting)" Anders, you do realize once UAC is off, EVERYTHING is ran as admin (unless you run as a standard user, then those programs that DO require admin access will be denied and there’s little you can do about it), right? Contrary to what you believe, UAC DOES give you control.

    Given what I just said. There should be a way to have the option of running a program as a standard user. Currently, it’s either "Yes" or "No" if you want to run the program. What the options really should be are "Run as Admin", "Run as Standard User", "Don’t run the application". UAC was designed with this in mind, but how come it’s not implemented in the UI?

  8. hollamon says:

    I’m curious how you are able to accurately distinguish between software controlling the mouse and a human controlling the mouse.

    For many years, the message back was that due to accessibility & tutorial/training type of technology built into windows, it wasnt physically possible to distinguish between a human controlling the mouse and a piece of software controlling the mouse.

    Has this changed in Vista & W7?  Or how is this problematic scenario handled?

  9. war59312 says:

    Still not a true security bounder. 🙁

    Until it is, it’s pretty darn useless!! Still too damn annoying!

  10. Millerds says:

    >I’m curious how you are able to accurately distinguish between software controlling the mouse and a human controlling the mouse.

    Vista and Windows 7 switch to a separate, isolated desktop (indicated visually by the screen-dim effect) to display UAC prompts, so the user’s other processes can’t interact with them.

  11. JKJK says:

    UAC is ok, but:

    – Like some mentioned. We need an easy way to run as non-elevated (as simple as an advanced settings on the popup window?

    – A simpler solution to turn of the irritating flashing secure desktop.

  12. wtroost says:

    Reading this post you’d think all they changed was a slider bar with a lower default.  But I’m using the Windows 7 beta, and it rocks.  No more double prompts and far less of them.  So far, I’m keeping UAC turned on.  I guess this post is the "PM" sales story for something the developers thought up.  Cool.

    I agree with the poster above that the difference between #2 and #3 is confusing.

  13. DibbesNL says:

    For some very strange reason though, the Gadgets don’t work when the UAC is turned off. I have to say this is very annoying. I can get it to work when replacing elements of the Win7 sidebar with elements of Vista, but this obviously isn’t a feasible workaround.

  14. domhnal says:

    I think you’re ignoring a bigger problem here.  You shouldn’t be setting up users as administrators in the first place.  The UAC should be a convenience item for non-admins.  Set up an admin account, but setup the user accounts as a non-admins; then when the UAC prompt appears then get them to enter the admin password (have the username preselected (or remember the last one used) so you don’t have to type machine or domain nameusername AND the password).  If the user does not want to elevate then the app runs with its current credentials. Be secure by default.  If the end user wants to run as an administrator, then there is not much you can do about it.  Administrators should not be bothered with UAC…except when running  IE (should be run with no privileges (similar to dropmyrights) )where the user is prompted to elevate for things like activeX installs etc.

  15. Tihiy says:

    There is a problem with one UAC scenario:

    – I can’t delete my monitor profile (it turns pictures fawny) since color management applet can’t elevate itself.

  16. JamesNT says:


    I have read the comments and I feel I must come to the defense of UAC.  Before I do, let me tell you a little story.

    In college 2 years ago, one of my friends needed to use several of the lab computers (which all ran XP) to do some graphics rendering that took hours to perform.  He would set up his program on about 5 or 6 of the machines around 10pm when no one was around and let it run.  Much to his dismay, he found that all of the machines he setup were not running his program the following morning and that all of his work, along with the rendering programs he had installed, was gone.  In fact, it appeared as though the machines reinstalled everything on themselves.  So he stayed up really late to find out what was going on.  He discovered that at 3am every morning a program called Deep Freeze rebooted the machines automatically setting them back to the original image they were installed with and wiping out any programs and files intalled by students.  So my friend wrote a little program in VISUAL BASIC 6.0 that would look for the notification window from Deep Freeze asking if it was OK to reboot and it would automatically click CANCEL before the prompt timed out.  Therefore, my friend’s program ran unfettered and he was able to finish his work and no one was the wiser.

    This story may sound funny, but I think all of us can imagine other scenarios where a program could easily trick a user into doing something harmful or could trick the system itself into doing something harmful by looking for and clicking on certain prompts.  

    Thanks to UAC there are several malicious programs that I have peronally witnessed that, while able to totally own an XP box, don’t stand a chance on Vista.  I would also like to remind everyone that you could always go back to the way you are supposed to be running your machines which is to log on as a standard user for day-to-day stuff but then LOG OFF AND BACK ON AS ADMINISTRATOR to do admin things.  To me, that is a real pain in the ass as opposed to clicking OK or CANCEL on one little dialog box after taking 3 seconds to read it.

    Honestly, I think some of you are just playing into your annoyances with having to break old habits instead of giving UAC a fair chance and realizing what it does.  And for those of you who want to see less UAC prompts, do yourself a favor:  Instead of bitching to Microsoft all day, try contacting your third party application vendors and demand to know why their checkbook or other little program requires admin rights to run.  You guys know who I’m talking about, right?  The third party vendor whose software you paid more for to run on a dozen machines than all the copies of Windows you run on all your machines put together costs?  The one who you pay $1200 a year for tech support to and they only support a version of their product for two years while MS supports Windows for 10?  Yeah, that guy.


  17. JamesNT says:


    There is nothing wrong with the way UAC is implemented and it is secure by default.  Users that log on with Administrator rights are given two tokens – the admin token and a standard user token.  Anytime the admin token is required you get the UAC prompt.  This is a major convenience as it allows you to make a decision by simply interacting with one prompt that has two buttons instead of having to type in your password every damn time (which I would find to be very annoying).  

    If you want to type in the admin password whenever elevation is needed you can configure Windows to do so by using Group Policy.


  18. JamesNT says:


    "Given what I just said. There should be a way to have the option of running a program as a standard user. Currently, it’s either "Yes" or "No" if you want to run the program. What the options really should be are "Run as Admin", "Run as Standard User", "Don’t run the application". UAC was designed with this in mind, but how come it’s not implemented in the UI?"

    I would assume because if a program requires admin rights to run, then it will not run without those rights.  In fact, most programs I have seen that require admin rights to run, if you try to use them logged on as a standard user, just crash leaving some weird error message that confuses users.  Also, what sense does "run as standard user" make for a program that was clearly designed to run as admin because it performs some admin task?

    Bringing everything down to a simple yes or no makes things easier for users.


  19. Yert says:

    Honestly, UAC has been a godsend to LUA wanting users the world over, which is hillarous when people who claim that running as Admin all the time is a crime, but turn around and say UAC is annoying. Try using XP as a limited account for a week. Then tell me UAC is annoying. It also works better then sudo imo, as it prompts when you need the access rather then telling you access denied, then reminding you to use it.

    Still, the major annoyance anyone had was of course duplication prompts, such as from IE asking if you want to open a file, then UAC asking if you want to give access to that executable, even though IE just asked you about it twice (once to download, once to open). A good solution will fix these problems before touching UAC. But I’m sure the Win7 dev team knows this already.

  20. spivonious says:

    I’d just like to say that I’ve been using the Win7 Beta for almost a week now, and I love the new UAC.  I’ve kept it on the default setting, and I’m only prompted when an application needs to elevate.  Changing system settings, copying files to the desktop, deleting files, all run with no prompts.

    Fantastic job on reworking a misunderstood (but needed) Vista feature.

  21. Kosher says:

    The setting second to the last feels about right.  I really like how it just feels like any confirmation dialog now.  I can’t figure out how to make it never prompt for certain things, like running a new shell as admin.  It would be nice to be able to just have it do that for me. Overall it has really gotten out of the way and makes the Vista experience much better 😉

  22. Anders says:

    @xiphi: clearly, when turning off UAC, I’m not running as admin user

    @JamesNT: Thats not my feeling, take installers made by NSIS for example, Vista detects them as installers that need admin access, no matter what. Inno Setup installers are also very admin happy, after unpacking by hand, most of this stuff works 100% as non admin

  23. Anders says:

    @xiphi: just to make it clear, when UAC is on, yes you have the option of running something or not, but HOW it’s run is up to the programmer that made the program, not me. If I want to deny write access to HKLM and no drivers etc. that should be MY choice (and also my fault if the program does not work)

  24. dosulliv91 says:

    Been testing the Windows 7 beta myself for a few days and UAC seems to be much improved over Vista. Not that I had any real issue with UAC in Vista to begin with, but the less prompts I see, the easier my life is.

    That is based on the assumption of course that the protection provided by UAC has not been scaled back in anyway! Assuming the controls are not too onerous, I’ll take better security over convenience any day.

  25. nwoolls says:

    I’ve already submitted this via Send Feedback, but running regedit with UAC setting #2, which should only prompt for non-Microsoft software such as installs, displays a UAC prompt.

  26. says:

    Can you please add "Run as Admin" in the context menu of BAT, CMD, MSI, MSP, VBS, JS, WSH and WSF extensions besides EXE? For file types that are considered executable and in situations where they aren’t called by a .EXE, things break with UAC turn on.

  27. Anders says:

    @nwoolls: regedit might be a MS program, but if it did not prompt, people could do evil things by importing .reg files. The whole manifest approach is wrong IMHO, regedit can only know at runtime if it should elevate or not (I guess this could be worked around by giving it a asInvoker manifest and restarting itself with ShExec(.."RunAs"..) and a special param when a write access to HKLM/HKCR is needed)

  28. mvadu says:


    UAC documentation never states any thing about Microsoft or Non Microsoft software.

    Prompting (or like double cheking with the user) for RegEdit is a safe thing to do. It will take me a day at the max to write a bot to launch regedit, do all harmful things and close it, even faster than a user can notice it..

  29. mvadu says:

    I second people asking for an option to run any software asking for admin rights (thus evoking UAC prompt) as a standard user rights. As Anders puts that, if the program fails then its users headache.

    But user should get a chance to run it as standard user until the actual developer (or company) updates the software to run in both modes.

  30. says:

    UAC in Windows 7 beta 1 is ALOT more better than UAC in Vista. One notification – not two.

    One issue with compatibility is that Windows soes not notify when a program tries to do things it is not allowed to (Because of UAC), and therefore the program crashes.

    I don’t like that we must restart our computer to disable/enable UAC.

    But, the UAC is much more improoved and not so much anoying like in Windows Vista.


  31. gss4w says:

    I’m also interested to know how Windows differentiates between mouse and keystrokes coming directly from a user and those coming from a program.

    In Vista it did not matter since every action that triggered UAC switched to the secure desktop, so only something running in the secure desktop could acknowledge the UAC prompt.  However, in Win7 many things that would trigger UAC in Vista no longer do.  For example you can create a new administrator without triggering a UAC prompt.

    However, I noticed that the sendkeys method in VBscript does not seem to work with mmc for example.  I think that is good, but I’m curious how it was done.  Also what are the risks of someone being able to bypass UAC in Win7 by simulating user input.

    Overall I’m pleased with the improvements in UAC.  This is probably what people were hoping for when they complained about UAC prompts being too intrusive in beta 1 of Vista.

  32. teoh.hanhui says:

    "It also works better then sudo imo, as it prompts when you need the access rather then telling you access denied, then reminding you to use it."

    "One issue with compatibility is that Windows does not notify when a program tries to do things it is not allowed to (Because of UAC), and therefore the program crashes."

    Why not show a UAC prompt when the running program requires admin rights to continue? For example, when the administrator wants to save the changes to a text file in another user’s Documents. Instead of coming up with an error, why are programs not given a way to request for admin rights when they need it? It could be in the same way like how Windows prompts you about writing into a restricted folder.

  33. locolorenzo says:

    I think the UAC and secure desktop are a  great idea, but I ama little more adept at working with computers than some of the people that I deal with.

    As a MS partner I understand the need for security, but face it even the most adept small buisness owner does not want to answer prompts to run a peice of software.

    Please make it so I can continue selling MS Solutions, I actually have a customer who wants to switch to Apple because of UAC.

    And as far as the Average User…wow they just want to do those things that impower the repair industry.

    As far as that goes, a lot of software is not written correctly as to allow user to install in an elevated state, but I do not think that re-writting all the software that does work in Windows 7 would be economically viable for most developers and software companies in at least the immediate future, maybe you could include a dialog to allow the installation with elevated privledge, because if Joe User happens to modify the Local Security Policy that person will be put at risk and also Windows 7 may not be successful.

  34. Asesh says:

    Just like in Vista why does UAC in Windows 7 Build 7000 block the entire screen when displaying it’s dialog box? that’s the most annoying part of UAC. Rather than doing so, UAC’s dialog box should act a child window of the application that requested elevated privileges. If it was meant to prevent hackers from bypassing then it’s of no use as it can be done by using SendInput and keybd_event APIs.

  35. steven_sinofsky says:

    @Asesh — you can read more about the secure desktop and learn more about the process/security model of the secure desktop.

  36. CowboyJMB says:

    Good work with the UAC so far, but I do have some concerns.

    I don’t know if this has been mentioned before, but there needs to be a checkbox to "remember this program" for the UAC prompts.

    I use a program called EVGA Precision which increases the speed of my fan on my videocard. This program is set to automatically start when windows starts. However, I get a UAC prompt every time the program wants to start.

    IMO the UAC needs a whitelist like a firewall, or even Microsoft’s own popup blocker does in IE. This way the UAC can still be turned on, but then lets the programs in the whitelist run with no problem.

  37. JamesNT says:

    I trust everyone here recognizes the fact that almost none of you will get UAC to do what you want it to do.  MS must design and implement UAC with security for the masses in mind – that means your pet idea for how UAC would not annoy you may never happen.


  38. Xepol says:

    It is an interesting step forward, but it isn’t too hard to make the system think code initiated the action instead of the user.  

  39. marcinw says:

    1. when I click "Run as administrator" and run some application, I don’t have later clear info, that this application has got admin privileges (it would be good to have something like "(Admin mode)" added to window title)

    2. when I run cmd and later chkdsk, it displays, that, that needs admin privileges. Can’t it simply display disk info only then ?

    3. can’t Run window in Start menu have "Run as administrator" option ?

    4. there are 4 levels of UAC in 7. But still: what exactly actions are blocked or not on each one ? how does system know, that something was initiated by user or not ?

    5. Explorer – it displays the same info, when you try to enter link directory (C:documents and settings) and when you try to enter directory, where you don’t have access (c:system volume information"). BTW, it a very funny for me, that Explorer is not able to enter link directory….

  40. marcinw says:

    6. there is great SysInternals Suite available on MS page. You have such tool like ProcessExplorer there. I was very surprised, that it’s still not used instead of Task Manager. And I’m very surprised – when ran it in limited mode, it can display some info about all processes (at least exe names, cpu usage, etc.). Task Manager needs clicking button "show processes from all users". could you fix it ?

  41. marcinw says:

    7. I hear a lot about increasing security here. But:

    * Windows 7 doesn’t allow user to see, if there is some traffic over concrete network interface (yes, in XP it was possible to display animated icon for each card)

    * Windows 7 doesn’t have option "Disable all network interfaces" in menu for Network Sharing Center displayed near clock

    * Windows 7 doesn’t display clear, what servers and what ports should be opened for good system work (for example – user doesn’t know, if this OK or not, when Windows Update contacts server…)

  42. says:

    UAC in Windows 7 is much better than in Vista, that is true.

    But one thing I did not understand in Vista, that still does not work in Windows 7 Beta is inability to do drag&drop between a non-elevated app and elevated one.

    For example, if I run Visual Studio as elevated user, I cannot drag files from Windows Explorer in it. At the same time, the same files are easily (not so easily as with drag&drop though) opened via the File->Open command.

    Clipboard is also accessible by both elevated and non-elevated processes.

    What is so secure in disabling drag&drop?

  43. manicmarc says:

    What’s the big deal about UAC? It takes 1 second to click "OK" yet gives many hours of piece of mind!

  44. Eghost says:

    UAC is annoying sob, so I turn it off, but that’s my choice. I’m glad it’s there, it keeps people who don’t know what they are doing from doing harm. I take full responsibility for my own actions, if I screw up my system it’s my fault, because I have it set that way. It’s real simple, the only gripe I still have with windows 7 is not being a true administrator, that should be an option along with turning off UAC. I should not have to right click to run as a administrator if I so desire.  Microsoft could have a little disclaimer stating that I understand that I am responsible for this action.   Great job keep up the work.  

    P.S. Allow access to the tool bars, menu bars, command bar has nothing to do with UAC, just would like to see Microsoft allow this control like we had in XP  

  45. Jalf says:

    There are still a few unresolved niggles about UAC. Yes, Win7 makes it much more pleasant to use, but it doesn’t really fix the most obvious security problem with it.

    People are perfectly capable of clicking ‘yes’ out of habit without even noticing that there was a popup, much less what it actually said.

    That’s why the trial version of WinZip shuffles the position of the "yes" and "no" buttons every time you launch it, to force the user to stop and pay attention.

    And arguably, requiring a password, rather than a "ok" would have something of the same effect – which leads me to wonder why Win7 creates an admin account by default. Wasn’t the entire point in UAC that this would no longer be necessary?

    And yet, Win7 still puts everyone in an admin account, and merely asks you to click "ok" to any UAC prompt. Which people obviously do, because why wouldn’t they? How would they know when to click no? Why would they even take the time to read the prompt, when they’re used to clicking "ok" anyway?

    And the other problem: You really need an option 2.5 in the above list, and it could easily replace both 2 and 3.

    Yes, it’s a good thing that software can not tamper with the UAC prompt. That’s a point in #2’s favor. But no, switching desktop is a pain. Locking me out of every other app I’m using is absolute overkill. Those are points in #3’s favor.

    So what you need is a secure popup. Not an entire desktop, but a way to ensure that the windows belonging to this particular process can not be tampered with. That means I can continue using my web browser or whatever other aps I’m running, even when something comes up with a UAC prompt. Even if it asks me for a password and the sysadmin isn’t around to provide it.

    It also means we get rid of the delay in switching desktops.

    The whole "secure desktop" deal just seems like a badly thought out hack. "We need security. We already have the ability to have multiple desktops. I guess we’ll hijack another desktop then, and switch to/from that".

    Great, it saved you a fair bit of work in Vista, which was plenty delayed already. But it’s not really a good solution in the long run.

  46. mvadu says:


    I think one major thing missing from UAC design is a way of white listing/black listing applications. I think if the some sort of UI, where we can add application which can run with elevation with out prompt all the time, and some which should not be running with elevation (not even a prompt) will be good. The same way how we configure windows firewall. this will satisfy most of the advanced users, and people trying to turn of UAC will be less.

  47. sokolum says:

    Don’t forget that the majority of the people have no any knowledge about Windows XP/Vista.

    I am sure that the rest who’s complaining about UAC or have to tell something about UAC or that it’s a pain in the *ss, that their handling is already above any regular user.

    A regular user to me is a user who use their pc for reading Email, do Word, want Skype and use IE to browse.

    That said, i think UAC is a very good tool to protect users that accidentally unwanted installing software. They can’t help them self, really! Those people already don’t know what is an Windows update, installing Skype is for them also a big issue! (according to MS, 30% of the people don’t do a WIndows update). I am pretty sure they aren’t aware if it of the existence of Windows update. Not because they are dump ( i know doctors having this problem), they just use XP/Vista to get their Email, do Word, Skype and Browsing.

    They are just not interested to learn, knowing or whatever Windows or apps need to make them work properly. It just have to work and I can’t blame them for that (do u know what to do if u by accident put a wrong fuel in your car?)

    Although i agree that UAC for advanced users was very very very limited. In Vista, it was ON or OFF.

  48. I was hoping that there would be a change in UAC to have it activated on the "SAVE" action, not "View"…

    Many times you just want to look at something, a network property, a control panel setting, with no intention of ever changing the setting.  UAC kicks in at the "looking" action, not the "save" action, which, I believe is too early.  

    Thousands of user UAC impressions would be eliminated if UAC only kicked in when you were actually changing things…

    Keep up the good work!


  49. freedownloadir says:

    My idea is User Account Control in Windows Seven is very very better than Windows Vista, because in Vista we couldn’t to change our control access, but in Windows Seven we can moderate our user’s access to each other. So Windows Seven’s UAC is better than Vista’s UAC.

  50. Fduch says:

    Please REMOVE the !insecure! UAC options. Even a child understands that the options that don’t "dim screen" don’t protect you at all, giving false sense of security. If any of these insecure options is used (as it is by default) malicious program can do anything. It can even disable UAC completely. The "security feature" that any malicious app can disable is useless!

  51. niclas.lindgren says:

    At the very least you should enable "always prompt" for any changes made to UAC itself. Otherwise something simple as this unelevated script will easily take a non privilieged installer, and make it possible to install itself into startup

    Set WshShell = WScript.CreateObject("WScript.Shell")












    Now install yourself into the uses startup and reboot. Next time around you can play havoc on the computer and reset UAC back and reboot.

    Sure it is a long shot and you will notice that something is wrong. But UAC is a first line of defence, it would be really silly to not prompt for this one particular change with the explanation that users complain to much about prompts.

    I mean how many times a day do they change their UAC?

    It should at the very least prompt when you go from any of the top 2 options to any of the bottom 2.

  52. DWalker says:

    In the earlier blog post that talked about "the why of UAC and its implications for Windows, the ecosystem, and customers", it seems that all of the reason for the diminished UAC elevation prompts, was the improvement of the "ecosystem".

    I seriously doubt that ALL of that huge decrease in UAC elevation prompts was due to improved third-party and Microsoft applications.  I’ll bet that a large percentage of it, larger than the article wants to admit, comes from users who gave up in frustration and searched the Internet to find out how to turn off the prompts completely.  THAT would reduce the number of prompts over time: when more and more people get frustrated with them.

    There is a mention in the article how a few intrepid souls, explorers on the farthest edges of the universe, managed to somehow turn off the UAC prompts.  Really, it’s not that hard to find instructions on this, or for casual users to ask their techie friends how to do it.  

    Are there any statistics on what percentage of users have turned off the elevation prompt?  I haven’t seen those numbers.

    I was disappointed to see that the Windows 7 engineers didn’t seem to CONSIDER this, or admit to it as a possibility.

    And yes, I agree that too many prompts will result in users not reading them.  The user suggestions that ask for the prompts to be clearly worded, as in "Are you trying to install a new program?" would be HUGE improvements.

    David Walker

  53. DWalker says:

    Well, I saw in another blog where Steven Sinofsky says that 92% of users run with UAC enabled.  Frankly, that’s more than I expected.  It’s good to know the percentage, though.

    One of the blog entries on UAC, which I can’t find right now, says something like MS has heard the feedback: "Don’t ask me if I want to do someting I just clicked on", etc.  

    However, I didn’t see that MS has taken notice of the feedback that says "I trust this program — allow it to do its thing", and don’t ask me again.  That might not be desirable for Windows Explorer, but are there any other comments on this point?

  54. mhonzell says:

    UAC is still missing the point:

    1. If I elect to "turn it off", install a few programs (Yes, even MS products) and then slap myself "what was I thinking" and "turn it back on", some of those installed programs will no longer function.

    2. If I turn it off, I want full access to my computer including the entire registry and all folders. It should not continue to work at "some" level that restricts my use of my computer.

    3. If I had an anti-virus program, or firewall program that asked me everytime a file was scanned or attempted to transmit data if this was expected, I’d get rid of it in a heartbeat. I need the program to perform it’s "security" function without interrupting my real work.

    While UAC has somewhat accomplished it’s real purpose, (institutionalizing the standard "admin" user and making the user complain to programmers to stop their product from giving them prompts), it has failed at the most fundamental level of helping the user make valid security decisions and has corrupted any future use of this function.

  55. krishnakumartry says:

    Hi All,

    Can any one suggest me the behaviour of UAC shield in desktop shortcut.

    Suppose if i set UAC as "Always notify" should all desktop icons have that shield ?

    and also if i set UAC as "Never notify" should all desktop icons should be without shield ?

    I will be thankful if anyone help in this regard.



  56. Morris says:

    I just bought a gaming pc with windows 7. I have owned it for six weeks and can not play a single new game. I have tried everything. Microsoft engineers tell me it is a driver problem eventhough I tell them about the "run as admin" which does not work. I am held at ransom for $165.00 to people that tell me my drivers are bad. Microsoft should fess up and fix their products that we purchased in good faith. Where are their ethics?

  57. Beauford says:

    Bottom line, if the OS was secure and written properly this would not be needed at all. Don't see a MAC or Linux with these ridiculous programs.

  58. Mike says:

    I use the default Win 7 setting. I have one program that prompts me every day. (MS Remote Desktops admin tool – with an "s" – it's not the same as remote desktop). Why can't I just check a box so that one particular Microsoft program won't ask me and leave the rest of the protections alone??? If you google it there are a lot of people wondering the same thing. There is one ridiculous work around but nothing simple. Do I have to wait for Windows 8, or just disable it entirely and lose security?

  59. milan says:

    my uac is not disable am click ok and not happening.

    What to do pliz help me!!!