Review of the UAC in Windows Version 7

Review of the UAC in Windows Version 7 Windows 7 UAC Review

In Windows 7 the UAC (User Account Control) dialog box is much less ‘in your face’.  Microsoft has re-thought when it’s desirable fro the UAC to leap into action and inform us of a significant change to the operating system settings.  Furthermore, if you dislike Microsoft’s default settings it’s much easier to make the UAC even less intrusive.

How to Turn UAC Off in Windows 7

Just click on the Start orb, and navigate to the Control Panel, User Accounts, and select: Change User Account Settings.

How to turn off the Windows 7 UAC

Note: The settings affect all the users who logon at your Windows 7 machine.

Windows 7 Security v Ease of Use

The Windows 7 screenshot above illustrates the trade-off between security and the annoying UAC interface interrupting your configuration work.  Adjusting the computer’s clock is a case study of Microsoft’s re-design of the UAC.  The crucial issue is that changing the system time is a security concern, and it should require the UAC.  However, a user changing merely the time-zone does not compromise any of the operating system’s audit time-stamps, and thus there is no need for the UAC to annoy a user trying to adjust to a new time-zone.

Windows 7 also allows standard users to view the firewall settings, and even use Windows Update to install optional updates and drivers.  Unlike Vista, you don’t need elevated rights to adjust the display DPI, and refresh the IP address, hence clicking on these settings no longer attract the UAC dialog box.

Setting the Windows 7 UAC with Local Security Policy

In addition to the control panel method above, you can also fine-tune the UAC behavior via the Local Security Policy.  Here is how to make the Windows 7 UAC changes:

  • Click on the Start Orb.
  • In the search box type: Policy.  Launch the Local Security Policy snap-in.
  • Click on Local Policies and the expand the Security Options.
  • Scroll down, at the bottom of the list you will find 10 UAC policies.
  • Check out the ‘Explain tab’ to understand the policy, and make sure that you and the Windows 7 are in synch with the Enable or Disable UAC settings.

Windows 7 UAC Review

Windows 7 UAC and Malware

The main role of the UAC is to tell an ordinary user when a task needs the elevated rights of the Protected Administrator account.  If I could remind you that the UAC does not detect malware, for that you need anti-virus software.  Also, it’s unreasonable to expect the UAC to prevent malware getting into your system, for that you need ‘Windows Defender’ or a similar utility. 

I am trying to take a balanced view here, and the argument for turning off the UAC focuses on evidence that determined software writers can bypass the UAC.  There have been a number of public demonstrations of code-injection, whereby processes can run without triggering the UAC.  You can prevent this silent elevation of rights by setting the slider above to Always Notify, this is the old Vista setting.

Thus it seems that either you worry about when a program needs elevated privileges in which case you move the UAC slide down, or you don’t care and move the slider to Never Notify.  A consensus is emerging that say the default central positions are a fudge. 

Microsoft’s Goal for Windows 7 UAC

Microsoft’s goal is still to encourage people to logon as standard users and not with the administrator account.  To achieve this goal Windows 7 enables standard users to perform operations that previously required administrative rights.  As a result, even the default Windows 7 UAC mode reduces the number of prompts and thus makes the administration experience smoother.

Where the Protected Administrator (PA) credentials are required, the UAC appears to remind the user of the importance of the change they are about to make.  When the UAC does kick-in it’s because you selects a setting that wants to modify the file system, the registry, or call upon the Protected Administrator (PA) account.  Talking of the registry, it’s the HKEY_LOCAL_MACHINE (HKLM) part that’s a security threat, therefore applications should use the HKEY_CURRENT_USER \Software section of the registry.

Summary of the UAC in Windows 7

I find that knowledge of what the UAC is trying to do makes me more forgiving when it does appear. Also understand the goals behind the UAC makes me appreciate the improvements between Vista and Windows 7.  The UAC seems just that bit smarter in Windows 7, it only appears when a named program requires elevated rights.  Also the Control Panel provides an easy way to adjust the UAC behavior.


If you like this page then please share it with your friends


Microsoft Windows Version 7 Topics