Overview of User Account Control
User Account Control is a feature that was first introduced with the release of Microsoft Windows Vista and is now carried forward to almost all operating systems developed by Microsoft. User Account Control adds an additional layer of security to the operating systems by using administrative credentials only when users try to perform administrative tasks.
In pre-Windows Vista operating systems, like Microsoft Windows XP, when administrators used to log on using their credentials they had unrestricted access to the operating systems because of the access tokens provided to them by the OS. In such cases when the computers were connected to the Internet, malicious applications and harmful scripts were automatically downloaded and were saved at secured locations (system drives) of the computers without coming into the knowledge of the administrators. Since the access tokens used by the administrator accounts provided unrestricted access to the operating systems, it was easier for such malicious applications and scripts to get into the systems.
In Microsoft Windows Vista and above operating systems, because of User Account Control feature, two kinds of access tokens are issued to the user accounts that belong to Administrators group.
- Access Token with Administrative Privileges
- Access Token with Non-Administrative Privileges
The advantage of this is that even if an administrator account is used to log on to the computer, to perform non-administrative tasks, access token with non-administrative privileges is used. However when the logged on user tries to perform any administrative task, User Account Control displays a confirmation box asking the user to confirm if task has been initiated on purpose. If an administrator has deliberately initiated the task it can be confirmed by clicking Yes button. Benefit of this is that if malicious applications or scripts try to get into the computers’ secure locations, administrators are instantaneously informed about them because of the confirmation boxes displayed by User Account Control. When this happens they can come to know that since they did not intend to initiate any administrative task, they must deny User Account Control confirmation box, in order to prevent unwanted applications or scripts from entering into the computers.
User Account Control displays Yes or No confirmation box only if the logged-on user belongs to Administrators group. This is called Prompt for Consent. If a standard (non-administrative) user logs on to the computers and tries to perform an administrative task, User Account Control displays the confirmation box in which logged-on standard user must provide administrative credentials. This is known as Prompt for Credentials.
Disabling User Account Control
Although Microsoft strongly recommends that User Account Control should not be disabled, in home environments, if users want they can disable this feature to avoid the annoyance that it creates. Since managing User Account Control requires elevated privileges, administrator account must be used while following the steps given below:
- Log on to Windows 7 computer with administrator account.
- Click Start, and from the available menu click Control Panel.
- On the opened window, make sure that Category option is selected opposite to View by label.
- Click User Accounts and Family Safety option.
- On the next window, click User Accounts.
- On Make changes to your user account window, click Change User Account Control settings.
- On User Account Control Settings window, drag the slider to the bottom.
- Once done, click OK button and on the appeared User Account Control confirmation box, click Yes to confirm.
- Finally close all the opened windows, and restart the computer to allow the changes to take effect.