Engineering Windows 7

Welcome to our blog dedicated to the engineering of Microsoft Windows 7

User Account Control (UAC) – quick update

User Account Control (UAC) – quick update

  • Comments 59

There’s been a ton of interest in how we have improved user account control (UAC) and so we thought we’d offer a quick update for folks. We know most of you have discovered this and picked a setting that works for you, and we're happy with the feedback we've seen.  This just goes into the details on the choice of defaults.  --Steven

In an earlier blog post we discussed the why of UAC and its implications for Windows, the ecosystem, and our customers. We also talked about what we needed to do moving forward to address the data and feedback we’ve received. This blog post will provide additional detail on our response and what you can expect to see in the upcoming beta build in early 2009.

As mentioned in our previous post, and your comments supported this, the goals for UAC are good and important ones. User Account Control was created with the intention of putting you in control of your system, reducing cost of ownership over time, and improving the software ecosystem. It is important not to abandon these goals. Instead, we want to address feedback we’ve received and build on the telemetry we have using those to improve the overall experience without losing sight of the goals with which we agree.

For those of you using 6801 you have started to see the benefits of prompt reduction and our new and improved dialog designs. You also have seen our efforts to give the user greater control of their system – the new UAC Control Panel. The administrator now has more control over the level of notification received from UAC. Look for the UAC Control Panel to appear in Start Search, Action Center, Getting Started, and even directly from the UAC prompt itself. Of course, the familiar ways to access it from Vista are still present.

User Account Control control panel.

Figure 1: UAC Control Panel

The UAC Control Panel enables you to choose between four different settings:

  1. Always notify on every system change. This is Vista behavior – a UAC prompt will result when any system-level change is made (Windows settings, software installation, etc.)
  2. Notify me only when programs try to make changes to my computer. This setting does not prompt when you change Windows settings, such as control panel and administration tasks.
  3. Notify me only when programs try to make changes to my computer, without using the Secure Desktop. This is the same as #2, but the UAC prompt appears on the normal desktop instead of the Secure Desktop. While this is useful for certain video drivers which make the desktop switch slowly, note that the Secure Desktop is a barrier to software that might try to spoof your response.
  4. Never notify. This turns off UAC altogether.

We know from the feedback we’ve received that our customers are looking for a better balance of control versus the amount of notifications they see. As we mentioned in our last post we have a large number of admin (aka developer) customers looking for this balance, our data shows us that most machines (75%) run with a single account with full admin privileges.

Distribution of number of accounts per PC

Figure 2. Percentage of machines (server excluded) with one or more user accounts from January 2008 to June 2008.

For the in-box default, we are focusing on these customers, and we have chosen number 2, “Notify me only when programs try to make changes to my computer”. This setting does not prompt when you change Windows settings (control panels, etc.), but instead enables you to focus on administrative changes being requested by non-Windows applications (like installing new software). For people who want greater control in changing Windows settings frequently, without the additional notifications, this setting results in fewer overall prompts and enables customers to zero in on the key remaining notifications that they do see.

This default setting provides the right degree of change notification that a broad range of customers’ desire. At the same time we’ve made it easy and readily discoverable for the administrator to adjust the setting to provide more or fewer notifications via the new control panel (and policy). As with all of our default choices we will continue to closely monitor the feedback and data that come in through beta before finalizing for ship.

--UAC, Kernel, and Security program managers

Leave a Comment
  • Please add 4 and 3 and type the answer here:
  • Post
  • Steven,

    I think one major thing missing from UAC design is a way of white listing/black listing applications. I think if the some sort of UI, where we can add application which can run with elevation with out prompt all the time, and some which should not be running with elevation (not even a prompt) will be good. The same way how we configure windows firewall. this will satisfy most of the advanced users, and people trying to turn of UAC will be less.

  • Don't forget that the majority of the people have no any knowledge about Windows XP/Vista.

    I am sure that the rest who's complaining about UAC or have to tell something about UAC or that it's a pain in the *ss, that their handling is already above any regular user.

    A regular user to me is a user who use their pc for reading Email, do Word, want Skype and use IE to browse.

    That said, i think UAC is a very good tool to protect users that accidentally unwanted installing software. They can't help them self, really! Those people already don't know what is an Windows update, installing Skype is for them also a big issue! (according to MS, 30% of the people don't do a WIndows update). I am pretty sure they aren't aware if it of the existence of Windows update. Not because they are dump ( i know doctors having this problem), they just use XP/Vista to get their Email, do Word, Skype and Browsing.

    They are just not interested to learn, knowing or whatever Windows or apps need to make them work properly. It just have to work and I can't blame them for that (do u know what to do if u by accident put a wrong fuel in your car?)

    Although i agree that UAC for advanced users was very very very limited. In Vista, it was ON or OFF.

  • I was hoping that there would be a change in UAC to have it activated on the "SAVE" action, not "View"...

    Many times you just want to look at something, a network property, a control panel setting, with no intention of ever changing the setting.  UAC kicks in at the "looking" action, not the "save" action, which, I believe is too early.  

    Thousands of user UAC impressions would be eliminated if UAC only kicked in when you were actually changing things...

    Keep up the good work!

    Chris

  • My idea is User Account Control in Windows Seven is very very better than Windows Vista, because in Vista we couldn't to change our control access, but in Windows Seven we can moderate our user's access to each other. So Windows Seven's UAC is better than Vista's UAC.

  • Please REMOVE the !insecure! UAC options. Even a child understands that the options that don't "dim screen" don't protect you at all, giving false sense of security. If any of these insecure options is used (as it is by default) malicious program can do anything. It can even disable UAC completely. The "security feature" that any malicious app can disable is useless! http://www.istartedsomething.com/20090130/uac-security-flaw-windows-7-beta-proof/

  • At the very least you should enable "always prompt" for any changes made to UAC itself. Otherwise something simple as this unelevated script will easily take a non privilieged installer, and make it possible to install itself into startup

    Set WshShell = WScript.CreateObject("WScript.Shell")

    WshShell.SendKeys("^{ESC}")

    WScript.Sleep(1000)

    WshShell.SendKeys("uac")

    WshShell.SendKeys("{ENTER}")

    WScript.Sleep(2000)

    WshShell.SendKeys("{TAB}")

    WshShell.SendKeys("{DOWN}")

    WshShell.SendKeys("{DOWN}")

    WshShell.SendKeys("{DOWN}")

    WshShell.SendKeys("{TAB}")

    WshShell.SendKeys("{ENTER}")

    Now install yourself into the uses startup and reboot. Next time around you can play havoc on the computer and reset UAC back and reboot.

    Sure it is a long shot and you will notice that something is wrong. But UAC is a first line of defence, it would be really silly to not prompt for this one particular change with the explanation that users complain to much about prompts.

    I mean how many times a day do they change their UAC?

    It should at the very least prompt when you go from any of the top 2 options to any of the bottom 2.

  • In the earlier blog post that talked about "the why of UAC and its implications for Windows, the ecosystem, and customers", it seems that all of the reason for the diminished UAC elevation prompts, was the improvement of the "ecosystem".

    I seriously doubt that ALL of that huge decrease in UAC elevation prompts was due to improved third-party and Microsoft applications.  I'll bet that a large percentage of it, larger than the article wants to admit, comes from users who gave up in frustration and searched the Internet to find out how to turn off the prompts completely.  THAT would reduce the number of prompts over time: when more and more people get frustrated with them.

    There is a mention in the article how a few intrepid souls, explorers on the farthest edges of the universe, managed to somehow turn off the UAC prompts.  Really, it's not that hard to find instructions on this, or for casual users to ask their techie friends how to do it.  

    Are there any statistics on what percentage of users have turned off the elevation prompt?  I haven't seen those numbers.

    I was disappointed to see that the Windows 7 engineers didn't seem to CONSIDER this, or admit to it as a possibility.

    And yes, I agree that too many prompts will result in users not reading them.  The user suggestions that ask for the prompts to be clearly worded, as in "Are you trying to install a new program?" would be HUGE improvements.

    David Walker

  • Well, I saw in another blog where Steven Sinofsky says that 92% of users run with UAC enabled.  Frankly, that's more than I expected.  It's good to know the percentage, though.

    One of the blog entries on UAC, which I can't find right now, says something like MS has heard the feedback: "Don't ask me if I want to do someting I just clicked on", etc.  

    However, I didn't see that MS has taken notice of the feedback that says "I trust this program -- allow it to do its thing", and don't ask me again.  That might not be desirable for Windows Explorer, but are there any other comments on this point?

  • UAC is still missing the point:

    1. If I elect to "turn it off", install a few programs (Yes, even MS products) and then slap myself "what was I thinking" and "turn it back on", some of those installed programs will no longer function.

    2. If I turn it off, I want full access to my computer including the entire registry and all folders. It should not continue to work at "some" level that restricts my use of my computer.

    3. If I had an anti-virus program, or firewall program that asked me everytime a file was scanned or attempted to transmit data if this was expected, I'd get rid of it in a heartbeat. I need the program to perform it's "security" function without interrupting my real work.

    While UAC has somewhat accomplished it's real purpose, (institutionalizing the standard "admin" user and making the user complain to programmers to stop their product from giving them prompts), it has failed at the most fundamental level of helping the user make valid security decisions and has corrupted any future use of this function.

  • Hi All,

    Can any one suggest me the behaviour of UAC shield in desktop shortcut.

    Suppose if i set UAC as "Always notify" should all desktop icons have that shield ?

    and also if i set UAC as "Never notify" should all desktop icons should be without shield ?

    I will be thankful if anyone help in this regard.

    Thanks,

    Krishna

  • I just bought a gaming pc with windows 7. I have owned it for six weeks and can not play a single new game. I have tried everything. Microsoft engineers tell me it is a driver problem eventhough I tell them about the "run as admin" which does not work. I am held at ransom for $165.00 to people that tell me my drivers are bad. Microsoft should fess up and fix their products that we purchased in good faith. Where are their ethics?

  • Bottom line, if the OS was secure and written properly this would not be needed at all. Don't see a MAC or Linux with these ridiculous programs.

  • I use the default Win 7 setting. I have one program that prompts me every day. (MS Remote Desktops admin tool - with an "s" - it's not the same as remote desktop). Why can't I just check a box so that one particular Microsoft program won't ask me and leave the rest of the protections alone??? If you google it there are a lot of people wondering the same thing. There is one ridiculous work around but nothing simple. Do I have to wait for Windows 8, or just disable it entirely and lose security?

  • my uac is not disable am click ok and not happening.

    What to do pliz help me!!!

Page 4 of 4 (59 items) 1234