UAC (User Account Control) in Windows 7 has been streamlined, enhanced and optimized to give Windows 7 user better experience when using the operating system while protecting the security of the system. According to Engineering Windows 7 blog, Windows 7’s UAC undergoes the following changes:

  • Reduce unnecessary or duplicated prompts in Windows and the ecosystem, such that critical prompts can be more easily identified.
  • Enable our customers to be more confident that they are in control of their systems.
  • Make prompts informative such that people can make more confident choices.
  • Provide better and more obvious control over the mechanism.


In the User Account Control settings page, there are other options that Windows 7 users can tweak and configure UAC to their liking, such as opt to suppress more elevation consent request prompt. The settings of UAC is now configured as various levels in the slider bar. The following table describes and explains what each settings of Windows 7 UAC means, in order to help user makes better decision to implement which UAC configuration.

UAC Slider in Windows 7

Setting Description Security Impact
Always notify me when programs try to install software or make changes to my computer and when I make changes to Windows settings You will be notified before programs or you yourself make changes to your computer or Windows settings that require the permissions of an administrator. When you are notified, your desktop will be dimmed, and you must either approve or deny the request in the UAC dialog box before you can do anything else on your computer. The dimming of your desktop is referred to as the secure desktop because other programs cannot run while it is dimmed. This is the most secure setting. When you are notified, you should carefully read the contents of each dialog box before allowing changes to be made to your computer.
Default – Notify me only when programs try to make changes to my computer. Don’t notify me when I make changes to Windows settings. You will be notified before programs or a program out Windows make changes to your computer or Windows settings that require the permissions of an administrator. When you are notified, your desktop will be dimmed, and you must either approve or deny the request in the UAC dialog box before you can do anything else on your computer. The dimming of your desktop is referred to as the secure desktop because other programs cannot run while it is dimmed. However, you will not be notified if you try to make changes to Windows settings that require the permissions of an administrator. This setting has a medium level of security. It is usually safe to allow changes to be made to Windows settings done by you without you being notified. However, certain programs that come with Windows can have commands or data passed to them, and malicious software can take advantage of this by using these programs to install files or change settings on your computer.
Notify me only when programs try to make changes to my computer (do not dim my desktop). Don’t notify me when I make changes to Windows settings You will be notified before programs make changes to your computer or Windows settings that require the permissions of an administrator. You need to either approve or deny the request in the UAC dialog box to continue with that task, but you can still do other things on your computer while the UAC dialog box is open. You will not be notified if you try to make changes to Windows settings that require the permissions of an administrator. This setting is fairly secure. Because the UAC dialog box is not on the Secure Desktop with this setting, other programs might be able to interfere with the dialog’s visual appearance. This is a small security risk if you already have a malicious program running on your computer.
Never notify me or turn off and disable UAC You will not be notified before any changes are made to your computer. If you are logged on as an administrator, programs can make changes to your computer without you knowing about it. If you are logged on as a standard user, any changes that require the permissions on an administrator will automatically be denied. If you select this setting, you will need to restart the computer to complete the process of turning off UAC. Once UAC is off, people that log on as administrator will always have the permissions of an administrator. This is the least secure setting. When you turn off UAC, you open up your computer to potential security risks. If you turn off UAC, you should be careful about which programs you run because they will have the same access to the computer as you do. This includes reading and making changes to protected system areas, your personal data, saved files, and anything else stored on the computer. Programs will also be able to communicate and transfer information to and from anything your computer connects with, including the Internet.

Actually, the second and third option is rather similar, when any action by user himself or herself will not be blocked by UAC, instead will be elevated to run with administrator privileges automatically. All changes made by programs during installation or course of running still will prompt for elevation consent, only that whether the system will ‘dim’ the desktop (prevent other usage), or allowing user to continue perform job without interruption even when during elevation request.

Related Posts