mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-18 11:53:37 +00:00
Moved files, refreshed overview
This commit is contained in:
Paolo Matarazzo
@ -2,13 +2,13 @@ items:
|
||||
- name: User Account Control (UAC)
|
||||
items:
|
||||
- name: Overview
|
||||
href: ../../identity-protection/user-account-control/user-account-control-overview.md
|
||||
href: user-account-control/user-account-control-overview.md
|
||||
- name: How User Account Control works
|
||||
href: ../../identity-protection/user-account-control/how-user-account-control-works.md
|
||||
href: user-account-control/how-user-account-control-works.md
|
||||
- name: User Account Control security policy settings
|
||||
href: ../../identity-protection/user-account-control/user-account-control-security-policy-settings.md
|
||||
href: user-account-control/user-account-control-security-policy-settings.md
|
||||
- name: User Account Control Group Policy and registry key settings
|
||||
href: ../../identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
|
||||
href: user-account-control/user-account-control-group-policy-and-registry-key-settings.md
|
||||
- name: Windows Defender Application Control and virtualization-based protection of code integrity
|
||||
href: ../../threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
|
||||
- name: Windows Defender Application Control
|
||||
|
||||
|
Before Width: | Height: | Size: 25 KiB After Width: | Height: | Size: 25 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 651 KiB |
|
Before Width: | Height: | Size: 49 KiB After Width: | Height: | Size: 49 KiB |
|
Before Width: | Height: | Size: 104 KiB After Width: | Height: | Size: 104 KiB |
|
Before Width: | Height: | Size: 8.1 KiB After Width: | Height: | Size: 8.1 KiB |
@ -0,0 +1,38 @@
|
||||
---
|
||||
title: User Account Control
|
||||
description: Learn how User Account Control (UAC) helps to prevent unauthorized changes to Windows devices.
|
||||
ms.collection:
|
||||
- highpri
|
||||
- tier2
|
||||
ms.topic: conceptual
|
||||
ms.date: 05/23/2023
|
||||
---
|
||||
|
||||
# User Account Control overview
|
||||
|
||||
User Account Control (UAC) is a Windows security feature designed to protect the system from unauthorized changes, reducing the impact of malicious software executions. When changes to the system require administrator-level permission, UAC notifies the user, giving the opportunity to approve the change. UAC improves the security of your device by limiting the access that malicious code has to execute with administrator privileges. UAC empowers users to make informed decisions about actions that may affect the stability and security of their device.
|
||||
|
||||
Unless you disable UAC, malicious software is prevented from disabling or interfering with UAC settings. UAC is enabled by default and can only be disabled by a user with administrator privileges.
|
||||
|
||||
## Benefits of UAC
|
||||
|
||||
UAC allows all users to log on to their computers using a **standard user account**. Processes launched using a *standard user token* may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by opening a shortcut) also run with the standard set of user permissions. Most applications, including those that are included with the operating system, are designed to work properly in this way.
|
||||
|
||||
Other applications, especially those that were not specifically designed with security settings in mind, may require additional permissions to run successfully. These types of applications are referred to as *legacy apps*. When a user attempts to perform an action that requires administrative privileges, such as installing software, changing system settings, or modifying critical files, UAC triggers a **consent prompt**. The prompt notifies the user that a change is about to occur, asking for their permission to proceed:
|
||||
|
||||
- If the user approves the change, the action is performed with the highest available privilege
|
||||
- If the user does not approve the change, the action is not performed and the application that requested the change is prevented from running
|
||||
|
||||
:::image type="content" source="images/uacconsentprompt.png" alt-text="UAC prompt in Windows 11.":::
|
||||
|
||||
When an app requires to run with more than standard user rights, UAC allows users to run apps with their *administrator token* (that is, with administrative rights and permissions) instead of their default, standard user token. Users continue to operate in the standard user security context, while enabling certain apps to run with elevated privileges, if needed.
|
||||
|
||||
[!INCLUDE [user-account-control-uac](../../../../../includes/licensing/user-account-control-uac.md)]
|
||||
|
||||
## Next steps
|
||||
|
||||
Learn more about UAC in the following articles:
|
||||
|
||||
- [How UAC works](how-user-account-control-works.md)
|
||||
- [User Account Control policy settings](user-account-control-security-policy-settings.md): you can configure UAC using group policy or MDM
|
||||
- [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md): list of UAC group policy, CSP, and registry key settings that your organization can use to manage UAC
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 36 KiB |
@ -1,37 +0,0 @@
|
||||
---
|
||||
title: User Account Control (Windows)
|
||||
description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop.
|
||||
ms.collection:
|
||||
- highpri
|
||||
- tier2
|
||||
ms.topic: article
|
||||
ms.date: 09/24/2011
|
||||
---
|
||||
|
||||
# User Account Control
|
||||
|
||||
User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.
|
||||
|
||||
UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by double-clicking a shortcut) also run with the standard set of user permissions. Many apps, including those that are included with the operating system itself, are designed to work properly in this way.
|
||||
|
||||
Other apps, especially those that were not specifically designed with security settings in mind, often require additional permissions to run successfully. These types of apps are referred to as legacy apps. Additionally, actions such as installing new software and making configuration changes to the Windows Firewall, require more permissions than what is available to a standard user account.
|
||||
|
||||
When an app needs to run with more than standard user rights, UAC allows users to run apps with their administrator token (with administrative groups and privileges) instead of their default, standard user access token. Users continue to operate in the standard user security context, while enabling certain apps to run with elevated privileges, if needed.
|
||||
|
||||
[!INCLUDE [user-account-control-uac](../../../../includes/licensing/user-account-control-uac.md)]
|
||||
|
||||
## Practical applications
|
||||
|
||||
Admin Approval Mode in UAC helps prevent malware from silently installing without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.
|
||||
|
||||
|
||||
## In this section
|
||||
|
||||
| Topic | Description |
|
||||
| - | - |
|
||||
| [How User Account Control works](how-user-account-control-works.md) | User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware. |
|
||||
| [User Account Control security policy settings](user-account-control-security-policy-settings.md) | You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy. |
|
||||
| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Here's a list of UAC Group Policy and registry key settings that your organization can use to manage UAC. |
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user