Why You Shouldn’t Disable the User Access Control Feature in Windows

Why You Shouldn't Disable User Access Control Feature in Windows

If you’ve used Windows for any amount of time, then you may have noticed a prompt popping up whenever you are changing system settings or messing with system files. By default, this system prompt blocks all your activity with a transparent black screen so that you have no choice but to see and attend the prompt. This is a native Windows security feature called “User Access Control,” UAC for short, that was introduced back in Windows Vista days.

As useful as it is, some Windows users may get annoyed by these UAC prompts whenever they are installing software or making changes to system settings or files. Thus, even going as far as disabling it completely. So if you are one those who are considering disabling UAC or have already disabled it, here is why you shouldn’t do it.

When you first install Windows, the first user account you create will have administrator rights, and most likely you use that account for all your daily activities like configuring your system, installing software, browsing, etc. But the thing is you don’t need administrator rights all the time as it causes more problems than it solves.

To deal with this, Microsoft introduced UAC which enables you to run your system and other installed apps with limited privileges so that they cannot access or modify any system settings, files, registry entries, etc. Whenever there is a big system-specific change initiated, the UAC intercepts that action and asks for your permission. If you deny the permission when prompted, the changes are not executed, and your system files or settings go unchanged.

Even when you allow the changes to be made by accepting the UAC prompt, those permissions are only valid for that particular session. e.g. till the application is closed or the action is completed.

By default, all the UAC prompts are presented on a “secure desktop” so that no program can interact or manipulate the prompt (like removing the “No” button, manipulating the mouse and/or keyboard to click yes, etc.), tricking the user into clicking the “Yes” button. That is the reason why the entire screen is blocked out forcing you to either accept or deny the changes from proceeding.

windows-uac-in-action

Yes, this type of behavior can be annoying when you install and set it up for the first time. But after that you won’t have to deal with it that often as almost all the applications are compatible with UAC. Unlike the old days, the developers are not assuming their applications will have admin privileges by default.

So if you choose to disable the UAC, then you will lose all protection provided by this feature, and any application, malware, virus, etc., can execute and change anything they want at any time as there is nothing to intercept them.

Moreover, if you’ve disabled the UAC feature and installed a bunch of apps, those apps may not work properly when you’ve re-enabled the UAC. It may not be a problem for most apps, but it is still a thing to consider when you want to disable UAC.

If you still think the UAC feature is annoying, I would recommend you lower the UAC thresholds rather than completely disabling them. You can modify the UAC notification levels by searching for “User Access Control” in the start menu. That being said, only do this if you know what you are doing.

windows-uac-settings1

All in all, it is never a good thing to disable or even modify the notification levels of UAC. If anyone tells you to disable this feature on your Windows system, then please stay away from that person or website.

Do comment below sharing your thoughts and experiences about the UAC prompts on your Windows system.

10 comments

  1. um, this is not news, you are roughly saying that we should just keep the front door open and not lock it.

    • The author is saying the exact opposite joe. Problem is this leaves the user with a false sense of security and the author should have been smart enough to warn people that this is not the catch all solution to malware and viruses. Even with this enabled it is very easy for these things to circumvent your system. A better solution to this so called security feature is due diligence on the end users part and use software that is REALLY designed to help keep you safe! I personally have found this feature totally and utterly useless and I have opted instead to disable it and I disable it for my clients on request but I do not leave it at that as this article has done. I educate my clients on how to remain safe even after disabling the UAC. This article is for people that dont want to be diligent and or are not educated on how to be safe but to simply say to never disable this and not to listen to anyone that does is as ignorant as saying anything about it at all.

      • Maybe, before educating clients to be safe even after disabling UAC. We should also educate clients and users that the UAC feature is not designed to catch malware, virus, and other stuff (also, I never said this is the catch all solution). Instead, UAC feature makes it easy and secure to use the administrator account in such a way that whenever the user or an app (again it may be some malware or virus too) tries to change system settings or files, it intercepts the request and asks you permission. Simply put, UAC temporarily elevates your privileges from standard to admin level for that particular request.

        If you click on the button Yes then the changes will proceed and if you deny, there will be no changes made. Now, for any user who automatically clicks on the Yes button, this feature is useless. However, if you completely disable UAC then the user is not going to know and will have no control when there are admin level changes to the system.

        Moreover, UAC is nothing new, even MAC and Linux OSes have similar feature even before Windows where the user should elevate themselves to make any admin level or system changes. Maybe, you also find them as “totally and utterly useless” and disables them.

        • You are preaching to the choir here Vamsi. For what I use the computer for and for what 98% of the people that read the posts on this site use it for UAC just hinders us. Perhaps you would find your article better received on a site where computer ignorance prevails. You are not talking to computer novices here and the people that would benefit from this conversation do not come to this site and to be quite honest they would not read it anyway, they are ignorant for a reason and beside, you are wasting your time trying to teach an ignorant person anyway because they insist on learning the hard way!

          To clear the air, yes MAC and Linux have a level of UAC but they also have something called sudo so that users that know what they are doing can easily get around the totally retarded way that Microsoft setup UAC, treating everyone like total morons. In fact the whole idea that they created admin level access without ever giving admin level control fries my shorts!

  2. Good advice… For the totally ignorant.

    For savvy users who prefer REAL protection, by using independently created antivirus, anti malware, anti phishing apps and general common sense, it IS just a nuisance.

    What is unfortunate with this so-called protection, just like any mafia racket out there, is that it does ABSOLUTELY NOTHING to protect you against the much more pervasive threat of adware and malware coming in as innocuous ‘updates’, ‘convenient’ installers, system ‘optimizers’ and ‘useful’ toolbars, among others, that literally open the door to much more severe threats. But no one would DARE speak against them, as this is what brings in the money.

    • Again, UAC is not designed to protect you from malware, adware or viruses. Instead, it asks you permission to temporarily elevates your privileges from standard user to admin level for that particular request. If you disable the UAC then you are not going to know or have control when there are admin level changes to your system.

      If a software you are installing has some sort of adware or malware included, then it is not the fault of UAC or Windows but the developers who created the said software.

      However In Windows 10, Microsoft is trying to block these kinds of bundled software(adware). For instance, when I try to install Comodo Firewall, Windows 10 blocks the installer from executing as it comes with additional software like geekbuddy, etc. I don’t know how successful it will be for other software, though.

      • I can tell you what Windows 10 is successful at doing. Alienating anyone that wants to use a computer to compute. Along with adding more and more big brother utility it also thinks it knows the best drivers and refuses to let me install the software and drivers I want and need. Microsoft just lost me and many others like me that are sick and tired of the software thinking it knows best. Windows 8 was the very last OS I will be using from this bloated company that in their own ignorance thinks they are smarter than the users that purchase and use their software. For the average Joe and OEMs what they are doing will be OK, but for system builders and those of us that work on and with computers for a living, or just want to be the one in control they have created five to may blockers that have made Windows a totally useless OS!

  3. I am still using Win 7 Pro 64Bit OS. I don’t need the User Access Control, since, I am the only one using my PC. I understand why it is in the PRO version of Windows so, that some nimrod in a corporation doesn’t mess up the whole system on their PC access. I have enough protection to sink a battleship, yet, some really crappy stuff, still gets through, ever so often. I don’t think there hasn’t been a geek who hasn’t had a major malware invasion, once in a blue moon.

    A Blue Moon is when there a 2 Full Moons in one month and they occur approximately once every 2 1/2 years. Just a bit of trivia, to show how often malware hits a geek’s PC. :)

  4. Hmm. Interesting… Speaking of problems that entail users with a false sense of security, maybe a post about the very real dangers/possibilities thereof involved with blindly entrusting MS with automatic updates. .. and how things like UAC and anti-virus programs are useless when those same concerns comes to/from them . Thank you.

  5. Disabling UAC is one of the first things what I do after a Clean Windows Install on my PC.
    I believe this is intended for amateurs and not for power users who know what they are doing!!!

Comments are closed.

Sponsored Stories