1. Technology
You can opt-out at any time. Please refer to our privacy policy for contact information.

UAC (User Account Control) Policy Settings Explained

Understanding UAC Policy Settings in Windows Vista Local Security Policy


One of the most misunderstood features of Windows Vista has been User Account Control, better know by its acronym- UAC. The purpose of the feature is to enforce users running as Standard Users rather than as Administrators and to implement the concept of Least Privileged Access. In a nutshell- the user account should only have access to files, folders, and other objects that it needs access to. Granting access to everything even when it is unneccesary just creates operational and security risks. Thankfully, you can control many aspects of how UAC works and configure it to fit your whims using these policy settings.

1. Admin Approval Mode for the Built-in Administrator Account

Determines the behavior of UAC related to privilege elevation for the built-in Administrator account.

2. Allow UIAccess Applications to Prompt w/o Secure Desktop

Controls whether or not UIA (User Interface Access) applications use the secure desktop (separate virtualized instance implemented to protect the operating system) for elevation consent prompts.

3. Behavior of Elevation for Administrators in Admin Mode

This setting controls how members of the Administrators group (not the built-in Administrator account) manage prompts for elevation consent in UAC

4. Behavior of the Elevation Prompt for Standard Users

Controls whether Standard Users received a prompt to enter Administrator credentials or if elevation consent is automatically denied.

5. Detect Application Installations and Prompt for Elevation

Determines how UAC detects and responds to application installation attempts

6. Only Elevate Executables That are Signed and Validated

If enabled, this setting checks to verify that executables are signed and validated before allowing them to run.

7. Only Elevate UIAccess App Installed in Secure Locations

With this setting enabled, requests for UIA (User Interface Access) elevation will only be granted if the application is installed in a secure directory path.

8. Run All Users, Including Administrators, as Standard Users

Controls the use of Admin Approval Mode and sets Administrators to run by default as Standard Users, requiring elevation consent to execute administrative tasks

9. Virtualizes File and Registry Write Failures to Per-User

Provides backwards compatibility for poorly written legacy applications that expect to run as Administrator and have write access to system directories. This setting redirects attempts to write to restricted areas.
  1. About.com
  2. Technology
  3. Internet / Network Security
  4. Basic Security
  5. Secure Your Windows PC
  6. User Account Control (UAC) Policy Settings Explained: Understanding User Account Control (UAC) Policy Settings in Windows Vista Local Security Policy

©2014 About.com. All rights reserved.