UAC or User Account Control: what it is and how it works in Windows

What is and what does UAC (User Account Control): what are its purposes and its main limitations. How to recognize the different warnings that are proposed in Windows.

How many times have you seen a message appear in the middle of the Windows screen that reads as follows: “You want to allow this app to make changes to your device?” A lot.

For the cycle back to basicslet’s talk about User Account Control (UAC) that is, the Windows security feature that helps prevent potentially dangerous or unauthorized activities.

Introduced under Windows Vista in a vastly different form than that used in more recent Windows operating systems, UAC continues to be used in Windows 10 e Windows 11.

Il operation of UAC is based on the principle of least privilege: Users and applications should always use least privileges for the tasks they perform. When a user or application tries to perform a task that requires elevated permissions, UAC steps in and asks the user to confirm the action. The idea is to enable the user to make informed decisions to prevent potentially dangerous changes to the system in use.

How UAC works

When a user or application requests to perform an operation that requires elevated permissions, UAC displays a dialog box requesting the user’s permission. The user can choose to grant or deny permission, or to request further information before making a decision.

If the user grants permission, UAC temporarily provides i higher privileges that are required of the user or application in order to perform and complete the requested operation. If permission is denied, the operation is terminated prematurely.

When using a administrator accountUAC just displays two buttons: Yes e No. The first authorizes the operation, the second allows you to block it. If the user does not make any choice, the requested operation is automatically interrupted.

Pressing Windows+I then clicking on AccountAdministrator” if you are using a user with the highest privileges.

If, on the other hand, the account in use is not of the administrative type, Windows prompts you to enter the credentials of an administrator account to approve the operation by clicking on Yes. That’s why it’s important to use a account normalewithout administrative privileges, when you usually work with Windows PCs and workstations: users in this way do not know the password of the administrator account and cannot authorize potentially destructive changes in “crucial” areas of the operating system.

Windows and its internal components use a account SYSTEM which obviously escapes UAC checks: in another article we saw the main differences between the SYSTEM account and an administrator account.

The Yes button disappears from the UAC window when there are no more accounts with administrative privileges on your system. In this case, to solve it, just enable the hidden Windows administrator account at least temporarily.

UAC window colors

Windows has long used different colors for UAC alerts: in Windows 10, for example, the dialog with a blue header warns of changes in view requested by the indicated user or application.

Yellow highlights the fact that the request for acquisition of higher privileges comes from an application made by an unknown developer (there is no known, valid digital signature).

Finally, a red UAC screen highlights the fact that the application was blocked for security reasons.

UAC or User Account Control: what it is and how it works in Windows

In the picture (source: Wikipedia) three examples of UAC screens with as many different colors as they appear in Windows 10. In the one below, it is possible to see how in Windows 11 the gray color has taken the place of blue.

UAC or User Account Control: what it is and how it works in Windows

In another article we saw which programs use administrator privileges in Windows.

When does the UAC warning appear in Windows?

We haven’t said yet when UAC can appear in Windows as a dialog in the center of the screen. Here are the most common situations:

  • Installing a program or driver.
  • Changing system settings, such as adding a new user or changing security settings.
  • Changing user account settings, such as changing your password.
  • Running an application in administrator mode.
  • Changing registry settings.
  • Changing the Windows Firewall security settings.
  • Updating the operating system or device drivers.
  • Configuring a Windows service or system feature.

It limits the UAC in Windows

UAC should be considered as one of the first lines of defense offered by the Microsoft operating system. It cannot offer complete protection because its main objective is only to verify the privileges of users and applications.

Furthermore, as repeatedly demonstrated, in some circumstances it is possible bypass UAC then run applications that require higher privileges without popping up any warnings. You can do it out of necessity: a trick that involves using theScheduler allows you to run Windows 10 and 11 programs without bringing up UAC.

Many malwarehowever, they use techniques for the bypass of UAC in order to execute malicious code on the system without the user being aware of what happened.

Un tool come UACMepublished on GitHub, collects a large list of tricks used by malware to understand how the attacks on UAC.

Redfox documents a number of bypass UAC in great detail: fortunately Microsoft Defenderalways if active and running on the system, is able to recognize and block most of these tricks.

These days some malware is back to using the old but still effective Mock Folder trick: creating directories that mimic the name of system folders (e.g. \Windows\System32) on which UAC checking is disabled, you can fool the built-in security feature of Windows.

The correct functioning of UAC also depends on its settings: turn off UAC it is strongly discouraged and improper use could compromise system security.

Typing UAC in the Windows search box then selecting Change your User Account Control settingsa configuration window appears that has remained the same since Windows 7.

UAC or User Account Control: what it is and how it works in Windows

The default that is Notify me only when an app tries to make changes to my computer is the one that should always be left selected.

Disabling UAC is never advisable because any user and application could request important changes on the system without asking for any confirmation or authorization.

Finally, UAC can do nothing compared to operating system vulnerability which allow the acquisition of higher privileges. Sometimes some security holes allow a normal user to perform operations in the context of theaccount SYSTEM: the security holes that facilitate activities of privilege escalation they are particularly serious because they make it possible to circumvent the Windows protections and execute potentially harmful code with the broadest user rights (causing damage, modifying the Windows configuration, accessing restricted areas, the contents of all users’ accounts,… ).

Leave a Reply

Your email address will not be published. Required fields are marked *