7.31. User Account Control (UAC) issues

Windows® Vista has introduced a number of enhancements to the traditional Windows® NT security model one of which is called “User account control” (UAC). UAC prevents members of the local administrators group from accidentally using their full administrative power by running their programs with an unprivileged user token with privileges stripped off by default.

In order to make administrative changes, a member of the local administrators group first has to elevate to a full administrator, which is done by consciously accepting the elevation request in a dialog on a secure desktop. UAC is of importance in two areas of IDERI note, where there is the potential that UAC either requires you to elevate or where you should keep UAC issues in mind. These two areas are covered in the next few subsections.