Why you need UAC (and how to enable it)

Back to Blog

Why you need UAC (and how to enable it)

I don’t know why it has come to this, but here it is. Here we are. We need to review why it is that you need User Account Control (UAC), and how to go about turning it on. I know! Like, why is this even necessary, right?

I’ll tell you why.

Laziness or Ignorance?

Maybe I’m just feeling cranky today, and my view of humanity is a little less positive than normal (I tend toward optimism, really).  I’m just bothered by the fact that we have so many people who still refuse to turn on this essential protection. Is it… laziness? Like they don’t want to click through an extra security prompt now and again? Either that, or it’s an over-inflated sense of self-importance–they can’t be bothered? Or maybe they’re just ignorant?

I don’t pretend to know the reason, but whatever it is, it isn’t good, it isn’t rational, it’s super widespread, and now I need to take time out of my day to completely destroy it–forever.  I don’t take many hardline stances, but this is one of them. The problem is, I work with a good number of people who should know better, and I consider them to be smart folks overall. Yet, many of them seem to hold divergent “opinions” on UAC.

Okay. Enough introduction. Here it is: UAC is not an “optional” setting where you can have an “opinion” about whether it should be enabled. There is only one objective, correct answer: Yes–you must enable it. Every. Single. Time.

Why UAC is so important

User Account Control is a protection that prevents applications (potentially malware) from making changes to the computer without your explicit permission. UAC looks like this to an end-user:

If you are already an admin on your computer, it will just ask you to click Yes or No—the password prompt will not be necessary.

It seems too simple—like asking “Are you sure?” But it’s consequences are far-reaching, and it is VERY important that you do not forgo this notification. Basically, if you see a prompt like this, and you did not explicitly ask for something to change, you can (and should) say “No” to this prompt, and nothing further can execute.

UAC has a few different notification levels, but there is really only one that we care about: Always Notify. If it is set to anything else, that means that malware can easily elevate itself to Administrator and make changes without requiring assistance from you to do it.

People who have been long-time users of Linux and Mac operating systems have had this kind of protection for much longer than us Windows folks. In the early days of UAC in Windows (Vista), people were confused and annoyed by these types of prompts.  Worse than that, it could adversely impact some application experiences as well—to the point where some apps wouldn’t run correctly (or at all) unless the user made certain adjustments first.

For those who adopted the technology successfully, there was indeed a small learning curve to overcome, but then they got used to it. For some reason, too many of us (including IT admins) just scoffed at the technology, and pretended they were too good for it.

If that describes you, well, I’m sorry to be the one to burst your bubble, but disabling UAC doesn’t make you smarter than everyone else, it just makes you an easier target. Because you’re being ignorant.

So stop being an ignoramus, and turn this on. Right now.

How to turn it on

In the Start menu, you can start typing “UAC” and it should come up automatically in the search results.

Otherwise, you can navigate to it in one of these two ways (depending on your Control Panel’s display settings):

  1. Control Panel > System & Security > Click on Change User Account Control Settings
  1. Control Panel > Security & Maintenance > Change User Account Control Settings

Drag that little slider all the way up to Always Notify. Click OK.

There, that wasn’t so hard, was it?  If you are an IT administrator, then see more on UAC here.

Leave a Reply

Back to Blog

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.