In Windows Vista, Microsoft introduced User Account Control (UAC), which is designed to mitigate the impact of malware by locking down the desktop (the Secure Desktop feature) and displaying a notification dialog box that warns you of a possible unauthorized operation and prompts you to confirm or deny the operation.
This system will prevent unauthorized applications from automatically installing as well as prevent users from inadvertently making detrimental changes to system settings.
In Vista, UAC is very strictly controlled -- you either have it on and in full-force protection mode or you disable it completely and fend for yourself; there is no middle ground. This extreme level of security is often mentioned as a big source of users' extreme dislike of Vista.
In order to improve UAC's image while still providing this type of security, Microsoft has modified UAC in Windows 7 Beta to give more control to the user when deciding how UAC works. In this Windows Vista Report, I'll take a closer look at the new UAC features shown in Windows 7 Beta.Note: Keep in mind that this is a Beta version and that the look and features of UAC that I will discuss here may very well change between now and the time that Windows 7 is actually released.
This blog post is also available in PDF format in a TechRepublic download.
User Account Control settingsIn the Windows 7 Control Panel, you can find a new tool called User Account Control Settings that is accessible from both the Action Center and User Accounts. (The Action Center is essentially a combination of Vista's Security Center and a new Maintenance interface that includes backup and troubleshooting tools.) When you access User Account Control Settings, as shown in Figure A, you'll see that the main control is a slider bar that allows you to choose one of four different UAC levels. Let's begin by looking at the default setting.
The new Windows 7 User Account Control Settings allow you to choose one of four different UAC levels.
The Default levelAs you can see here, the Default setting is on the second level down. At this level, UAC notifications and the Secure Desktop will appear only when programs try to make changes to your computer that require administrator-level permissions. You will not see UAC notifications when you try to make changes to Windows settings that require administrator-level permissions. This setting provides a medium level of security and will more than likely be satisfactory to most users. For example, at this level I can open and run such things as Computer Management or Disk Defragmenter without encountering a UAC. However, when I launched the AVG antivirus and the installation program launched, Windows 7 displayed the UAC notification shown in Figure B, and the Secure Desktop locked down the system -- the desktop dimmed and was inaccessible.
At the new default UAC level, notifications will appear when programs try to make any changes to your computer that require administrator-level permissions.
The Always Notify levelThe first level is labeled Always Notify and is shown in Figure C. Of course this level represents the default setting used in Windows Vista. At this level, UAC notifications and the Secure Desktop will appear when either programs or you try to make changes to your computer that require administrator-level permissions.
The Always Notify level is like the default UAC in Windows Vista.
The Notification-Only levelThe third level, as shown in Figure D, is called Notification-Only and works similarly to the default level except that the Secure Desktop is disabled. In other words, when programs try to make changes to your computer that require administrator-level permissions, UAC notifications will appear, but the desktop will not be locked down -- no dimming will occur and the desktop will be accessible. You will not see UAC notifications when you try to make changes to Windows settings that require administrator-level permissions.
This level disables the Secure Desktop.
The Never Notify levelAt the fourth level setting, designated as Never Notify, as shown in Figure E, UAC is completely disabled. You will never receive UAC notifications nor encounter the Secure Desktop.
You can disable UAC completely.
Administrator account neededIf you are logged on with a Standard user account and access the User Account Control Settings interface, you will only be able to select and enable the Always Notify level. If you select either the third or fourth levels, you'll see a warning message at the bottom of the window, as shown in Figure F. You'll also notice that the OK button is not accessible.
When logged on with a Standard user account, you cannot select the third or fourth levels in User Account Control Settings.
What's your take?
If you've used Vista, chances are that this is the type of UAC that you've always wanted. What's your take on UAC?
TechRepublic's Windows Vista Report newsletter, delivered every Friday, offers tips, news, and scuttlebutt on Vista development, as well as a look at new features in the latest version of the Windows OS. Automatically sign up today!
Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.