Why you need UAC (and how to enable it)

Back to Blog
30Mar2017

Why you need UAC (and how to enable it)

I don’t know why it has come to this, but here it is. Here we are. We need to review why it is that you need User Account Control (UAC), and how to go about turning it on. I know! Like, why is this even necessary, right?

I’ll tell you why.

Laziness or Ignorance?

Maybe I’m just feeling cranky today, and my view of humanity is a little less positive than normal (I tend toward optimism, really).  I’m just bothered by the fact that we have so many people who still refuse to turn on this essential protection. Is it… laziness? Like they don’t want to click through an extra security prompt now and again? Either that, or it’s an over-inflated sense of self-importance–they can’t be bothered? Or maybe they’re just ignorant?

I don’t pretend to know the reason, but whatever it is, it isn’t good, it isn’t rational, it’s super widespread, and now I need to take time out of my day to completely destroy it–forever.  I don’t take many hardline stances, but this is one of them. The problem is, I work with a good number of people who should know better, and I consider them to be smart folks overall. Yet, many of them seem to hold divergent “opinions” on UAC.

Okay. Enough introduction. Here it is: UAC is not an “optional” setting where you can have an “opinion” about whether it should be enabled. There is only one objective, correct answer: Yes–you must enable it. Every. Single. Time.

Why UAC is so important

User Account Control is a protection that prevents applications (potentially malware) from making changes to the computer without your explicit permission. UAC looks like this to an end-user:

If you are already an admin on your computer, it will just ask you to click Yes or No—the password prompt will not be necessary.

It seems too simple—like asking “Are you sure?” But it’s consequences are far-reaching, and it is VERY important that you do not forgo this notification. Basically, if you see a prompt like this, and you did not explicitly ask for something to change, you can (and should) say “No” to this prompt, and nothing further can execute.

UAC has a few different notification levels, but there is really only one that we care about: Always Notify. If it is set to anything else, that means that malware can easily elevate itself to Administrator and make changes without requiring assistance from you to do it.

People who have been long-time users of Linux and Mac operating systems have had this kind of protection for much longer than us Windows folks. In the early days of UAC in Windows (Vista), people were confused and annoyed by these types of prompts.  Worse than that, it could adversely impact some application experiences as well—to the point where some apps wouldn’t run correctly (or at all) unless the user made certain adjustments first.

For those who adopted the technology successfully, there was indeed a small learning curve to overcome, but then they got used to it. For some reason, too many of us (including IT admins) just scoffed at the technology, and pretended they were too good for it.

If that describes you, well, I’m sorry to be the one to burst your bubble, but disabling UAC doesn’t make you smarter than everyone else, it just makes you an easier target. Because you’re being ignorant.

So stop being an ignoramus, and turn this on. Right now.

How to turn it on

In the Start menu, you can start typing “UAC” and it should come up automatically in the search results.

Otherwise, you can navigate to it in one of these two ways (depending on your Control Panel’s display settings):

  1. Control Panel > System & Security > Click on Change User Account Control Settings
  1. Control Panel > Security & Maintenance > Change User Account Control Settings

Drag that little slider all the way up to Always Notify. Click OK.

There, that wasn’t so hard, was it?  If you are an IT administrator, then see more on UAC here.

Technical , , , 0 Comments
Share:

Leave a Reply

Back to Blog

Related Posts

09Nov

Migrate from Windows Server Essentials with Azure AD integration to Windows Server Standard and Azure AD Connect

I have a love-hate relationship with Windows Server Essentials. It's a great product with a lot of goodness baked in, but there are some real limits to it as well. On the one hand, Remote Web Access, Client PC backup, the Azure Recovery plugins, and... read more
07Jan

How-to Verify Your Domain with Office 365

So this is a very common task when provisioning new Office 365 accounts.  You can obtain a free trial here. I recommend the E3 trial, even if you only plan to buy the Exchange Online plan ultimately.  The licensing can be changed out seamlessly, and in... read more
01Jun

My Essential Checklist for Settting up any New Windows 10 Pro Device

This post features the things I do when setting up any (personal) Windows 10 Pro device, whether it's for myself, my family members, clients, or anyone really. I usually do these things with security / compliance in mind--but some of it comes down to preference (I think... read more
25Aug

2016 Essentials Integration: Manage SharePoint Libraries

Once you have Office 365 Integration working with Windows Server Essentials 2016, you can also manage SharePoint libraries from the Dashboard. The process is very similar to adding and managing local Server Folders. To get started, go to Storage and then SharePoint Libraries. Select Add a library... read more
24Mar

What is Advanced Threat Analytics?

Advanced Threat Analytics (ATA) is a security product from Microsoft that is included with the Enterprise Mobility Suite (EMS) subscription.  Unlike most of the other EMS components that tend to be a bit more cloud-centric, ATA is an on-premises-based security solution that helps identify Advanced Persistent Threats (APT's) and insider... read more
02Jul

An overview of the most common Office 365 subscriptions for the SMB

I get asked about this SO frequently, that I decided a post was in order. Update: Also check out my 365 Licensing Guide page. Apparently people don't find it that easy to navigate all the subscriptions which are now available via the Office 365 portal. To... read more
21Sep

Tutorial: How to Setup a Site-to-Site VPN between an Azure Virtual Network and WatchGuard Firewall, part 1

Using a Site-to-Site VPN tunnel into an Azure Virtual Network is the most common way for small businesses to begin extending the capabilities of their local network, and leveraging additional compute power and availability features in the cloud. There are many reasons one might need to... read more
27Apr

How to enable 2-factor or multi-factor authentication (2FA or MFA)

Enabling a second factor for authentication is an important (and often very easy) thing to do.  Usually this can be accomplished in just a few clicks for most websites and cloud services. It is highly recommended that you take the time to do this, especially for... read more
09May

Scripting with ISE: Adding New LUNs, part 1

In this series, we are getting familiar with Windows PowerShell ISE. My hope is that thru working in this application, more IT professionals will come to view PowerShell as a truly accessible (and indispensable) tool. Remember that the point of technology should include making your job... read more
25Jan

Manage Office 365 Mailboxes using Directory Synchronization w/o Hybrid Exchange

When you have a hybrid environment configured between Exchange 2010 or 2013 and Office 365, then you will probably have noticed that mailbox creation and management happens on-premises. For example, to create a new mailbox, you would initiate this process from the local Exchange server... read more

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me