Windows 7 Feature Focus
User Account Control

No Windows feature has proven as controversial and misunderstood as User Account Control, or UAC. When it debuted in Windows Vista, tech pundits screamed far and wide about this reviled feature, spreading mistruths and misunderstandings and generally raising a lot of ruckus about nothing. If these pundits had just calmed down long enough to actually use User Account Control for longer than a single afternoon, they'd have discovered something very simple: It's not really that annoying, and it does in fact increase the security of the system. Indeed, I have argued that User Account Control is one of the few features that really differentiate modern Windows versions from the increasingly crusty XP, because there's no way to add this kind of functionality to XP, even through third-party add-on software. User Account Control is effective, and as ongoing security assessments have proven, it really does work.

Great, but what is it exactly? In order to make the operating system more secure, Microsoft has architected Windows so that all of the tasks you can perform in the system are divided into two groups, those that require administrative privileges and those that don't. This required a lot of thought and a lot of engineering work, naturally, because the company had to weigh the ramifications of each potential action and then code the system accordingly.

Windows 7 Feature Focus: User Account Control
A typical UAC prompt, which appears when some application or process needs to be temporarily elevated to administrative privileges.

The first iteration of UAC was implemented in Windows Vista with what Microsoft thought to be a decent technical compromise. In response to overwhelming user feedback surrounding the frequency of prompts, however, Microsoft modified UAC in Windows 7 to make it "less noisy" (i.e. less annoying) by default. They did this by implementing a pair of "Notify me only when..." options, letting users perform common configuration tasks, prompting only when something out of the ordinary is done (e.g. changing important configuration settings). The result is that UAC in Windows 7 is more configurable and less irritating than it was in Vista. But its even more controversial, because it's not clear that it's as secure as it used to be.


Origins of UAC: Windows Vista, sure, but Mac and Linux too

For an understanding of how User Account Control works and was originally implemented in Windows Vista, please refer to my article, Windows Vista Feature Focus: User Account Control.

Secret: Few people understand this, but UAC didn't really debut in Windows Vista. Mac OS X and Linux have utilized a UAC-type user security prompt interface for years now. Below, you can see the Mac OS X version of UAC--which debuted way back in 2001 and is, in fact, far more annoying than UAC in either Windows Vista or 7. How few people realize? Apple actually made a TV advertisement ridiculing UAC a few years back, suggesting that moving to the Mac would somehow make life easier for users. And in an infamous 2009 WWDC keynote appearance, Apple senior vice president Bertrand Serlet ranted about Vista's UAC feature, all while neglecting to mention that this functionality actually debuted on UNIX-based systems, and has appeared, unchanged, in every version of Mac OS X to date. When it comes to outright lying to the public, Apple is pathological.

Windows 7 Feature Focus: User Account Control
For most users, the Mac version of UAC is more annoying than the Windows version, because you will always need to type in your password. Always.

How UAC has changed in Windows 7

User Account Control debuted in Windows Vista to a resounding thud, for both users and reviewers. And that's too bad, because as I've noted again and again, UAC is both effective and far less annoying than many realize. But Microsoft is a customer-centric company, and when people complain, they actually listen. And sometimes, when the stars align just right, they acutally do something about it too.

In the case of UAC, this action took a number of forms. At a general level, Microsoft has dramatically lowered the number of tasks that require UAC elevation prompts. So the overall experience should be less annoying, assuming you're used to how UAC works in Windows Vista. And Microsoft has even given users a graphical interface, logically called User Account Control settings, for adjusting how UAC behaves.

You access User Account Control settings from the Action Center; there's a link in the side pane titled User Account Control settings that will trigger the UI shown below. Or, simply type user account control in Start Menu Search.

Windows 7 Feature Focus: User Account Control
This slider control lets you literally tune UAC to be less--or more--annoying.

User Account Control settings couldn't be easier: There's a simple slider control with four settings, which one might think of as "really annoying," "annoying," "less annoying." and "Windows XP." (Homeland security might consider a similar scale.)

More formally, these settings are:

Always notify. At this most heightened level, UAC will prompt you any time a software install or configuration change is detected, or whenever the user makes changes to Windows settings ? just like Windows Vista.

Notify me only when programs try to make changes to my computer. This is the default setting. Here, UAC will prompt you any time a software install or configuration change is detected. But it will not prompt when the user makes changes to Windows settings. Initial set up tasks like setting the clock, updating device drivers, and formatting partitions can now be performed speedily without having to confirm each every time.

Notify me only when programs try to make changes to my computer. This setting is almost identical to the previous setting, but with one important change: UAC does not invoke the secure desktop during prompts. This has a few ramifications. First, UAC will be less annoying (though no less frequent) than with the default setting, because you won't see that jarring flash that occurs when the secure desktop is evoked. The screen will not go dark, and the UAC prompt will not be modal, meaning that you can do other things instead of addressing the prompt immediately. (On the flipside, you can also easily lose track of the UAC prompt because it will just be one of many potential windows on screen and won't appear prominently or appear special in any way.) And finally, it will be slightly less secure: The secure desktop feature ensures that malicious software applications cannot spoof the UAC dialog.

Never notify. In this least secure setting and least recommended setting, UAC will not warn you when software is installed or changed, or when the user makes changes to Windows settings.

So. With all these choices, I know you're eagerly awaiting my opinion on what it is you should do. And that's maybe the easiest advice I've ever given: You should do nothing. In fact, you should never even visit this UI. Just leave UAC alone, and let it do its thing. UAC is there for a reason and, as noted earlier, it gets less annoying over time anyway. There is absolutely no reason to change how UAC works.

But wait, there's more...

There's a lot more going on with User Account Control, user accounts, security and other related Windows 7 topics, but you'll need to get my latest book, Windows 7 Secrets, to find more. User Account Control is discussed in Chapter 8: User Accounts and UAC. --Paul