Rublon

Secure Remote Access

By

Last updated on March 3, 2025

User Access Control (UAC) is a security feature in Windows that helps prevent unauthorized changes to your computer. It does this by asking for your permission before allowing certain actions that require administrator privileges, such as installing software, changing system settings, or modifying registry entries. UAC also helps protect your computer from malware and other threats that may try to take advantage of your administrator rights.

MFA For UAC Elevation

Bolster your User Account Control’s security with multi-factor authentication with Rublon MFA for Windows Logon & RDP and more. Start for free.

Start Free Trial No Credit Card Required

In this article, you will learn what User Access Control (UAC) is, how it works, why it is important, and how to use it effectively. You will also find out how to customize UAC settings, manage UAC policies, and troubleshoot common UAC issues. By the end of this article, you will have a better understanding of UAC and how it can enhance the security and performance of your computer.

Image showing a User Account Control (UAC) prompt

How UAC Works

UAC works by creating two types of user accounts: standard user accounts and administrator accounts.

Standard user accounts have limited access to the system and can only perform basic tasks, such as browsing the web, checking email, or using apps.

Administrator accounts have full access to the system and can perform advanced tasks, such as installing software, changing system settings, or modifying registry entries.

When you sign in to your computer with an administrator account, UAC splits your account into two tokens: a standard user token and an administrator token. The standard user token is the default for most of the actions you perform on your computer. The administrator token is used only when you need to perform an action that requires administrator privileges.

When you try to perform an action that requires administrator privileges, UAC displays a prompt on your screen asking for your permission to proceed. Depending on the type of prompt, you may need to enter your password or click Yes to confirm. If you do not approve the action, it will not be performed and the app or process that requested it will not run.

MFA for UAC, Windows, and RDP

Secure your Windows endpoints with robust multi-factor authentication (MFA) for local and remote Windows logins and User Access Control elevation prompts.

Start Your Free Trial (No Credit Card Required)

What Are The Types of UAC Prompts

There are four types of UAC prompts:

  • Consent prompt. This prompt appears when you try to perform an action that requires administrator privileges using an app or process that is signed by a trusted publisher, such as Microsoft. You do not need to enter your password, but you need to click Yes to confirm.
  • Credential prompt. This prompt appears when you try to perform an action that requires administrator privileges using an app or process that is not signed by a trusted publisher or has been modified since it was signed. You need to enter your password or choose another administrator account to confirm.
  • Secure Desktop prompt. This prompt appears when you try to perform an action that requires administrator privileges using an app or process that is considered high risk, such as changing UAC settings or running an unknown executable file. The prompt is displayed on a secure desktop that isolates it from other apps and processes. You need to enter your password or choose another administrator account to confirm.
  • Elevation prompt. This prompt appears when you try to perform an action that requires administrator privileges using an app or process that has been marked as requiring elevation by its developer or by Windows. The prompt is displayed on the same desktop as the app or process. You need to enter your password or choose another administrator account to confirm.

Why UAC is Important

UAC is important because it helps protect your computer from unauthorized changes that may compromise its security, stability, or performance. By requiring your permission before allowing certain actions, UAC prevents malware and other threats from damaging your computer or stealing your data. UAC also empowers you to make informed decisions about what actions you want to allow on your computer.

UAC also benefits administrators by making it easier to manage multiple user accounts and devices in a network. By enforcing standard user rights for most of the actions performed by users, UAC reduces the risk of accidental or intentional changes that may affect the system or other users. Moreover, UAC allows administrators to configure different levels of access and control for different users and groups using UAC policies.

30 days of free multi-factor authentication for UAC →

How to Use UAC Effectively

To use UAC effectively, you should always follow these best practices:

  • Sign in with a standard user account for your daily activities and use an administrator account only when necessary.
  • Pay attention to the UAC prompts and read them carefully before approving or denying any action.
  • Verify the source and legitimacy of the app or process that requests administrator privileges before allowing it.
  • Keep your Windows and apps updated with the latest security patches and updates.
  • Use antivirus software and firewall software to protect your computer from malware and other threats.

How to Customize UAC Settings

You can customize UAC settings to adjust the level of protection and notification that UAC provides. To do this, follow these steps:

  1. Go to Start and open Control Panel.
  2. Select System and Security.
  3. Under Security and Maintenance, select Change User Account Control settings.
  4. Move the slider to one of the following levels:
    • Always notify. This level notifies you every time an app or process tries to make changes to your computer, whether it is signed by a trusted publisher or not. You need to enter your password or choose another administrator account to confirm. This level provides the highest level of protection, but it may also cause frequent interruptions and compatibility issues with some apps.
    • Notify me only when apps try to make changes to my computer (default). This level notifies you only when an app or process tries to make changes to your computer that require administrator privileges. You do not need to enter your password, but you need to click Yes to confirm. This level provides a balanced level of protection and convenience, and it is recommended for most users.
    • Notify me only when apps try to make changes to my computer (do not dim my desktop). This level is the same as the previous one, except that it does not display the prompts on a secure desktop. This level may be faster and less disruptive, but it may also be less secure, as other apps or processes may interfere with the prompts.
    • Never notify. This level does not notify you when any app or process tries to make changes to your computer. You do not need to enter your password or click Yes to confirm. This level provides the lowest level of protection, and it is not recommended for most users.
  5. Select OK to save your changes.
  6. Select Yes when prompted to confirm the changes.
Image showing changing User Access Control (UAC) settings on Windows

How to Manage UAC Policies

You can manage UAC policies to define different rules and settings for different users and groups on your computer or network. To do this, you need to use the Local Security Policy tool or the Group Policy Management Console. These tools allow you to configure various aspects of UAC, such as:

  • The behavior of the elevation prompt for standard users and administrators
  • Applications that are allowed or denied elevation
  • Trusted publishers and file hash rules for UAC
  • Applications that are automatically elevated without prompting
  • Applications that are compatible with UAC

How to Troubleshoot Common UAC Issues

Sometimes, you may encounter some issues with UAC, such as:

  • User Access Control (UAC) prompts are not displayed or are displayed incorrectly
  • UAC prevents some apps from running or functioning properly
  • UAC causes performance issues or errors on your computer

To troubleshoot these issues, you can check the following::

  • UAC settings. Make sure they are set appropriately for your needs and preferences.
  • Antivirus software and firewall software. Make sure they are not blocking or interfering with UAC.
  • Windows and app updates. Make sure they are up to date with the latest security patches and updates.
  • Compatibility of your apps with UAC. Make sure they are designed to work with UAC. If not, you may need to contact the app developer or vendor for support or updates.

How Hackers Can Exploit User Access Control (UAC)

UAC alone may not be enough to protect your computer from malicious hackers who may try to bypass or exploit UAC using various techniques, such as:

  • Brute-forcing or guessing your password or PIN
  • Phishing or tricking you into revealing your password or PIN
  • Keylogging or capturing your keystrokes when you enter your password or PIN
  • Mimicking or spoofing the UAC prompt to make you approve a malicious action
  • Injecting or running malicious code in the context of an elevated process

How to Make User Access Control (UAC) More Secure

To make UAC more secure, you can use Rublon MFA for Windows Logon and RDP. It is a connector that integrates with Microsoft Windows client and server operating systems. Rublon’s connector adds Multi-Factor Authentication (MFA) to your UAC elevation prompts.

MFA is a security measure that requires you to provide two or more distinct pieces of authentication to verify your identity and approve an action. For example, you may need to enter your password and then approve a notification on your phone.

By enabling Rublon MFA for UAC, you can add an extra layer of protection to your computer and prevent hackers from gaining access to your system even if they manage to obtain or bypass your password or PIN. Rublon MFA for UAC supports various authentication methods, such as Mobile Push, Email Link, Mobile Passcode (TOTP), and YubiKey OTP, to name a few.

Image portraying using Rublon Multi-Factor Authentication (MFA) for User Access Control (UAC)

To use Rublon MFA for UAC, you need to install the Rublon MFA for Windows Logon and RDP connector on your Windows machine and configure it according to your preferences. For more information on how to install, configure, and use Rublon MFA for UAC, see Rublon MFA for Windows Logon and RDP.

You can also start a Free Trial of Rublon MFA and enjoy an unlimited number of users and an unlimited number of protected applications for 30 days, no credit card required!

Start Free Trial

User Account Control (UAC): Conclusion

In this article, you have learned about User Access Control (UAC). It is a security feature in Windows that helps prevent unauthorized changes to your computer. You have also learned how UAC works, why it is important, how to use it effectively, and how to make it more secure.

UAC is a powerful tool that can enhance the security and performance of your computer. It does that by asking for your permission before allowing certain actions that require administrator privileges. UAC can also protect your computer from malware and other threats that may try to take advantage of your administrator rights.

However, UAC alone may not be enough to protect your computer from malicious hackers. Unfortunately, cybercriminals may try to bypass or exploit UAC using various techniques. To make UAC more secure, you use Rublon MFA

We hope that this article has helped you understand User Access Control.