deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-05-24 16:21:03 -04:00
parent c2345a0fcd
commit e9ef8b59c4
4 changed files with 25 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
windows/security/application-security/application-control/user-account-control/index.md
View File

@ -5,23 +5,24 @@ ms.collection:
- highpri
- tier2
ms.topic: conceptual
ms.date: 05/23/2023
ms.date: 05/24/2023
---
# User Account Control overview
User Account Control (UAC) is a Windows security feature designed to protect the system from unauthorized changes, reducing the impact of malicious software executions. When changes to the system require administrator-level permission, UAC notifies the user, giving the opportunity to approve the change. UAC improves the security of your device by limiting the access that malicious code has to execute with administrator privileges. UAC empowers users to make informed decisions about actions that may affect the stability and security of their device.
User Account Control (UAC) is a Windows security feature designed to protect the operating system from unauthorized changes. When changes to the system require administrator-level permission, UAC notifies the user, giving the opportunity to approve or deny the change. UAC improves the security of Windows devices by limiting the access that malicious code has to execute with administrator privileges. UAC empowers users to make informed decisions about actions that may affect the stability and security of their device.
Unless you disable UAC, malicious software is prevented from disabling or interfering with UAC settings. UAC is enabled by default and can only be disabled by a user with administrator privileges.
Unless you disable UAC, malicious software is prevented from disabling or interfering with UAC settings. UAC is enabled by default, and can be configured or disabled by a user with administrative privileges.
## Benefits of UAC
UAC allows all users to log on to their computers using a **standard user account**. Processes launched using a *standard user token* may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by opening a shortcut) also run with the standard set of user permissions. Most applications, including those that are included with the operating system, are designed to work properly in this way.
UAC allows all users to sign in their devices using a **standard user account**. Processes launched using a *standard user token* may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Any applications that are started using Windows Explorer (for example, by opening a shortcut) also run with the standard set of user permissions. Most applications, including the ones included with the operating system, are designed to work properly this way.\
Other applications, especially those that weren't designed with security settings in mind, may require more permissions to run successfully. These applications are referred to as *legacy apps*.
Other applications, especially those that were not specifically designed with security settings in mind, may require additional permissions to run successfully. These types of applications are referred to as *legacy apps*. When a user attempts to perform an action that requires administrative privileges, such as installing software, changing system settings, or modifying critical files, UAC triggers a **consent prompt**. The prompt notifies the user that a change is about to occur, asking for their permission to proceed:
When a user attempts to perform an action that requires administrative privileges, such as installing software, changing system settings, or modifying critical files, UAC triggers a **consent prompt**. The prompt notifies the user that a change is about to occur, asking for their permission to proceed:
- If the user approves the change, the action is performed with the highest available privilege
- If the user does not approve the change, the action is not performed and the application that requested the change is prevented from running
- If the user doesn't approve the change, the action isn't performed and the application that requested the change is prevented from running
:::image type="content" source="images/uacconsentprompt.png" alt-text="UAC prompt in Windows 11.":::
@ -33,6 +34,6 @@ When an app requires to run with more than standard user rights, UAC allows user
Learn more about UAC in the following articles:
- [How UAC works](how-user-account-control-works.md)
- [How User Account Control works](how-user-account-control-works.md)
- [User Account Control policy settings](user-account-control-security-policy-settings.md): you can configure UAC using group policy or MDM
- [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md): list of UAC group policy, CSP, and registry key settings that your organization can use to manage UAC