One of the most misunderstood features of Windows Vista has been User Account Control, better know by its acronym- UAC. The purpose of the feature is to enforce users running as Standard Users rather than as Administrators and to implement the concept of Least Privileged Access. In a nutshell- the user account should only have access to files, folders, and other objects that it needs access to. Granting access to everything even when it is unneccesary just creates operational and security risks. Thankfully, you can control many aspects of how UAC works and configure it to fit your whims using these policy settings.
Determines the behavior of UAC related to privilege elevation for the built-in Administrator account.
Controls whether or not UIA (User Interface Access) applications use the secure desktop (separate virtualized instance implemented to protect the operating system) for elevation consent prompts.
This setting controls how members of the Administrators group (not the built-in Administrator account) manage prompts for elevation consent in UAC
Controls whether Standard Users received a prompt to enter Administrator credentials or if elevation consent is automatically denied.
Determines how UAC detects and responds to application installation attempts
If enabled, this setting checks to verify that executables are signed and validated before allowing them to run.
With this setting enabled, requests for UIA (User Interface Access) elevation will only be granted if the application is installed in a secure directory path.
Controls the use of Admin Approval Mode and sets Administrators to run by default as Standard Users, requiring elevation consent to execute administrative tasks
Provides backwards compatibility for poorly written legacy applications that expect to run as Administrator and have write access to system directories. This setting redirects attempts to write to restricted areas.