What is the User Account Control?
The Users Account Control abbreviation is UAC. It is the main component of the overall security vision of Microsoft. The end-user can use UAC to put under control any impact that malware may have on your computer system.
The interactions and process of UAC
Every app that needs the provision of the access token from the administrator needs to be prompted for consent. There is, however, an exception where parent and child processes are concerned. The child process, on its part, inherits the access token from the parent process.
Both the child and parent processes have the same levels of integrity. Windows 10 mark the level of integrity to protect the associated processes. The level of integrity of the process is used in measuring the level of trust. The higher the integrity, the more trustworthy the process is.
- An application that has a high level of integrity is one that carries out tasks capable of modifying data. An example of which is disk partitioning application.
- An application with low integrity, on the other hand, is one that carries out a task that has the potential to compromise your operating system. A good example of which is a Web browser.
- Apps that have lower levels of integrity are not capable of modifying data in applications having higher levels of integrity.
When an end-user at standard level tries to run any app that needs an administrator access token, the User Account Control expects the end-user to make available a valid administrator credential.
The logon process
In this section, we will show you how the logon process for a standard end-user differs from that of the administrator.
The administrator and the standard users access essential resources and also run apps in the security context of the standard end users. The computer system automatically creates an access token for any user the moment that the end-user logs on to that computer. The access token thus created contains helpful information regarding the access level granted to the end-user, as well as, Windows privileges and SIDs (specific security identifiers)
Two different access tokens will be generated for an end-user the moment that an administrator logs on to the computer, which are:
- An administrator access token and
- A standard user access token
Thee access token issued to the standard user contains information specific for that particular user, the same as the token issued to the administrator. However, the SIDs and administrator Windows privilege are not included. The apps unable to carry out administrative tasks can be started using the access token issued to the standard user. The apps are referred to as standard user apps.
The access token issue dot the standard user can then be used for displaying the explorer.exe desktop. The explorer.com is considered as the parent process acting as the source for every other process initiated by the end-user get its access token. Consequently, each of the apps can run as standard user apps except if an end-user gives credentials or consent for approval of an app for the full administrative access token.
If you are a member of the Administrators group as an end-user, you can easily log on the computer and carry out various activities, like reading email and browsing the web even if you are using a standard user access token.
If there is a need for an administrator to carry out a task that needs the administrator access token, Windows 10 will prompt for approval from the end user automatically. The prompt is also known as elevation prompt. Its behavior can be easily configured with the aid of b the Group Policy or the Local Security Policy snap-in (Secpool.msc).
The UAC User Experience
Any time UAC gets enabled, the experience of the user for standard users differs from the experience of the administrator in the Admin Approval Mode. The more secure method of running Windows 10 involves transforming the primary users account to a standard users account. This is also the recommended method of running Windows 10.
You can improve the security for the managed environment when you run the account as a standard user. The standard user can use the inbuilt UAC elevation component to carry out an administrative task by simply providing the valid credentials for a local administrator account. The credential prompt represents the inbuilt default UAC elevation component for a standard user.
When you want to run the account as a standard user, you can also run it as an administrator. You can do it via the Admin Approval Mode. It is possible for members of the local Administrators group to carry out an administrative task by providing approval. The Admin Approval Mode elevation component is the consent prompt.
How to turn on the User Account Control
It is very easy to turn on the Users Account Control on your Windows 10. We will also show you how to turn it off in the course this write-up. The process is straightforward and you can follow the steps below to get it done.
- First of all, navigate to the taskbar. Then click on the Search tab to bring up the search field. Type UAC in the search field. You can also access the search field by clicking on the Start button and then click on Search.
- A search result will come up. Look for Change User Account Control settings in the search result.
- Next, you can turn off the UAC. Do it by simply dragging the slider down as far as the level of the Never notify label. You can then click on OK.
- Also, you can turn on the UAC by dragging the slider all the way up. Or to any desired point of security. You can then click on OK.
For the activities above, you need to first confirm the selection. Also, you will have to provide your administrator password.
After you have done this, you can then reboot your computer so that the changes can come into effect.
You can find more information in the microsoft official site