📖 What is User Account Control (UAC)?
User Account Control (UAC) is a Windows security feature that prevents unauthorized changes to the operating system by requiring administrative approval for high-privilege tasks. When a program attempts to make a system-level change, UAC prompts the user for permission or an administrator password before proceeding.
"Student, if a user complains that they cannot install software without a prompt for a password, UAC is the feature causing this behavior."
📚 Certification: CompTIA A+ Certification Exam Core 2 (220-1102)
🔑 What are the Key Concepts of User Account Control (UAC)?
- ▸ Implements the Principle of Least Privilege by running applications with standard user permissions until administrative elevation is explicitly requested and approved.
- ▸ Distinguishes between Consent prompts for administrators, who simply click 'Yes', and Credential prompts for standard users, who must provide admin credentials.
- ▸ Utilizes the Secure Desktop feature, which dims the screen to prevent malicious software from simulating clicks or interacting with the elevation prompt.
- ▸ Offers configurable notification levels via a slider, allowing administrators to balance system security against user convenience and the frequency of prompts.
🎯 How does User Account Control (UAC) appear on the 220-1102 Exam?
You may be asked to troubleshoot a situation where a user is unable to install a legitimate driver because they lack the necessary permissions and are seeing a password prompt.
A scenario might describe a security audit where you must explain why administrative users are still prompted for permission before modifying the Windows Registry or System32 folder to prevent accidental changes.
Expect questions regarding the visual behavior of Windows, such as the screen dimming during a prompt, and identifying this as the Secure Desktop feature designed to prevent clickjacking attacks.
❓ Frequently Asked Questions
Does disabling UAC mean the user now has full administrative rights for every action?
Not exactly. Disabling UAC stops the notification prompts, but it doesn't change the user's account type. It simply allows the system to attempt actions using the user's existing token without asking for confirmation first.
Why can't I just disable UAC to make software installation easier for my users?
Disabling UAC significantly increases the risk of malware infections. Without these prompts, malicious scripts can make system-level changes, install rootkits, or modify registry keys without the user's knowledge or consent.