User Account Control (UAC) is a Windows security feature that helps prevent unauthorized changes to the operating system by prompting for approval when elevated permissions are required.
- Prevents malicious software from silently making changes.
- Encourages standard user behavior rather than always running as admin.
- Adds a confirmation layer before executing high-risk operations.
- When a task requires administrative privileges, UAC displays a consent prompt.
- It asks the user to allow or deny the action.
- Admin users see a prompt to confirm.
- Standard users must enter admin credentials.
| Prompt Type |
Triggered By |
Behavior |
| Consent Prompt |
Admin user, elevation required |
Click Yes/No |
| Credential Prompt |
Standard user, elevation required |
Must enter admin password |
- Open Control Panel > User Accounts > Change UAC settings
- Available levels:
- Always notify — Maximum protection
- Notify only when apps try to make changes (default)
- Never notify — UAC disabled (not recommended)
- Installing or uninstalling software
- Changing system-wide settings
- Accessing certain Control Panel tools
- Running applications as administrator
Path:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
Key: EnableLUA
1 = UAC enabled0 = UAC disabled (requires reboot)
- Keep UAC enabled at default or higher.
- Avoid using “Run as Administrator” unless necessary.
- Use standard user accounts for daily work.
UAC is a critical part of Windows security, helping prevent unauthorized system changes, malware execution, and accidental damage. Keep it active to maintain system integrity.