User Account Control (UAC) is a Windows security feature that helps prevent unauthorized changes to the system by requiring administrative approval for actions that could affect system security.
How UAC works:
- Standard user context: Users run with standard user privileges by default
- Elevation prompt: Administrative actions trigger an elevation prompt
- Admin approval mode: Even administrators run with standard privileges until elevation
- Secure desktop: Elevation prompts run on a secure desktop to prevent spoofing
UAC levels:
- Always notify: Prompt for all administrative actions
- Notify when apps try to make changes: Default setting, prompts for unknown applications
- Notify when apps try to make changes (no dimming): Same as above but without secure desktop
- Never notify: UAC disabled (not recommended)
Benefits: Reduces impact of malware, prevents accidental system changes, promotes principle of least privilege.
