User Access Control

With the introduction of Windows Vista and continuing with Windows 7, developers became aware of a new security model: User Access Control (UAC). The core premise of UAC is that even a user with administrative rights should normally run in the context of a reduced privilege user account. The concept is quite simply a best practice. Unfortunately, as with any situation where rights are reduced, application developers and users have spent so much time running with elevated permissions that any time the system interrupts what they want they become upset. But for security to work, sometimes its best to keep access limited and force you to recognize when you are granting access. This is what the UAC system does: it locks the access; you still have the ability to grant that access, but the system makes you pause and evaluate if that access should be granted. If you get a UAC prompt when you aren't expecting it, or realize that software you don't fully trust is attempting privileged access that you may not expect or want it to have, you are far better off than had the system not prompted you to grant that access. UAC gets a bit of a bad rap in part because it was introduced to end users as part of Vista before custom application developers, or even Microsoft developers, could get out in front of the required code changes. Thus, users were asking, “Why am I getting this prompt?” Developers, having no real good answers then, had to answer, “Because Vista changed things.” ...