Do you want to learn how the User Account Control works as a Security Feature in Windows 10? If you do, keep reading this post and then you will have a clear understanding of what UAC is and how it secures your Windows 10 device from the malicious software that could install themselves on it and infect it. However, you need to know what the User Account is first. The User Account is account on Windows 10 computer that uniquely identifies each person who uses it. It is an essential component in Windows 10 security that provides a personalised user experience. You, the administrator user, use user account to authorise people to use a computer and view files on it. Please note the following points about user account and user account control.
- The first account you create while setting up Windows 10 PC is the Administrator account. All user accounts you, the administrator user, create subsequently are the Standard user accounts
- Administrator account has administrator privileges. An administrator user can perform system level changes on the PC
- A Standard user has standard user privileges and can perform day to day tasks on the PC. It can’t perform a task that brings in system level changes
- The User Account Control (UAC) was introduced in Windows Vista for the first time
- UAC prevents unsafe action by a user or a program that attempts to perform a system administrator task
- User Account Control displays a prompt whenever a user, the Administrator user or Standard user, runs a program that attempts to bring in a system level change
- The prompt that displays when an Administrator user is performing a task is normally a consent prompt
- When a Standard user is performing a task, a credential prompt displays
If you have not already learnt the basics of User Account Control, you might not be familiar with what it is and how to control its settings. In that case, it will be useful for you to understand what the UAC is and how you can change its settings. And then you can proceed towards reading the contents of this post below.
Page Contents …
The User Account Control Security Feature
Prompts
Read this paragraph and the following two paragraphs very carefully. And then you will be able to understand why the UAC prompt appears on your computer screen. User Account Control Security Feature displays a prompt – consent prompt or the credentials prompt – depending on whether you sign in as an administrator or a standard user on your PC.
Before you launch a program on your PC, you first launch Windows 10 either as an Administrator user or a Standard user. Let us assume you enter your administrator user credentials – the user name and password – to start Windows 10. Now windows knows that an administrator user has signed in. Then, it creates a token that it uses to identify the privilege level of your account. You, the administrator user, get two tokens – a standard token and an administrator token. However, if you sign in as a Standard user, Windows creates only one token, the standard token.
Whether you sign in with an Administrator account or a Standard user account, Windows uses standard token to open Windows Shell. The Windows Shell launches all subsequent programs. All programs run as if a standard user account has launched them. However, certain programs request elevation to administrator privilege. That is why User Account Control prompts display.
The Consent Prompt
From the above para, you know that certain programs request elevation to administrator privileges. That means only an administrator account can run those programs. Let us assume you signed in with an administrator account and launched one of those programs. You see that this program requests elevation to administrator privileges. The User Account Control Security Feature comes in action here. It evaluates the program and the elevation request before it displays an appropriate prompt. For example, I am using an example to show the appearance of a consent prompt in Figure 1 below.
On my Windows 10 PC, I signed in with an administrator account. I tried to install a program named DriverUpdate Setup Wizard. Since this program will make changes to my PC if installed, the user account control alerts me. It says, “Do you want to allow this app to make changes to your device?“. Here, I am supposed to give my consent to allow this program or otherwise. Since I am already signed in as an administrator, Windows doesn’t ask me to provide my administrator credentials. In that case, the UAC only asks for my consent to allow or disallow this program to make changes to my PC. This is why a consent prompt appears. By default, the UAC highlights the No button. However, to go ahead to install the program, I must give my consent by clicking or tapping Yes button.
It is most likely for the UAC to display a consent prompt to an administrator user.
The Credentials Prompt
If an elevation requesting program attempts to open when a user is signed in as a standard user, the User Account Control Security Feature displays a prompt different from the consent prompt. This prompt is the credentials prompt. Now the user needs to provide the credentials of an administrator. If the standard user can provide those credentials, the program opens using the administrator token.
Figure 2 above shows a User Account Control prompt dialog box. To get to this dialog box, I
- Signed in as a standard user on my IBM PC powered by Windows 10 Home edition
- Attempted to install DriverUpdate Setup Wizard. See the Program Name in the above picture
Since I signed in as a standard user, the UAC displayed a credentials prompt wherein I am supposed to provide the administrator credentials – the user name and password. Windows displayed the administrator user name for the administrator of this PC by default. However, the standard user has to provide the password for the Administrator user account in the password box as shown above. Once he does so, or in the present example I do so, the program opens using the administrator token.
The UAC Dialog Box Displays Atop The Secure Desktop
The UAC dialog boxes shown in Figure 1 and 2 above display on a secure desktop. When the secure desktop displays, you can’t switch tasks or click on it. This secure desktop feature makes the desktop dark as soon as the UAC dialog box appears. No other program can run on this secure desktop. Thus, the desktop is protected from any malicious program that could put another dialog box in front of this dialog box. The malicious program’s dialog box could cover the UAC dialog box and the consent prompt on it. Further, it could display a message encouraging you to let the program run. The malicious program could, thus, install itself on your PC.
Caution While Clicking On The User Account Control Security Feature Prompts
Most of us are habituated of clicking through the dialog boxes without reading them. It is necessary for you to realize that
- The security risks to your PC are real
- Actions prompting the UAC to appear on the desktop are dangerous
In the light of the above, if you are very much sure and confident about what you are doing, you can click Yes to give your consent for going ahead with installing the program after a very short glance. However, you need to stop, read the information on the UAC prompt window and then click or tap it when you are not expecting it.
You Should Click Yes To Give Your Consent To Install The Program If You Are Sure You Are Doing The Right Thing
