Credits: Petri IT Knowledgebase

Discussion

Windows Vista has the built-in ability to automatically reduce the potential of security breeches in the system. It does that by automatically enabling a feature called User Account Control (or UAC for short). The UAC forces users that are part of the local administrators group to run like they were regular users with no administrative privileges.

Whenever a user that is a member of the local administrators group (or even a member of the Domain Admins group if the computer is part of an Active Directory domain) tries to perform a task that requires administrative privileges, the operating system halts the operation and prompts the user to acknowledge it prior to running the task.

Note the little shield icon next to some of the items in the above screenshot. These items, if clicked upon, will invoke the UAC prompt, and the following message is displayed:

In case the user is not a member of the local administrators group and he or she tries to perform a task that requires such privileges, they are prompted to enter the valid credentials of an administrator (similar to the Run As command in existing Windows XP/2003):

Although UAC clearly improves the security on Windows Vista, under some scenarios you might want to disable it, for example when giving demos in front of an audience (demos that are not security related, for example). Some users might be tempted to disable UAC because of the additional mouse clicking it brings into their system, however this is not recommended. Rather try to get use to it instead.