Search notes:

Windows: user account control (UAC)

The purpose of user account control is to inform a user when he or she is about to make a change that requires administrator-level permission.
UAC is not a security feature, it is a convenience feature.

Access tokens for members of the local Administrators

With UAC, members of the local Administrator group have two access tokens
The second access token is normally filtered so that a process only sees the standard user privileges.
However, if a process is run as an Administrator (elevated privilege mode), the other token is also seen.

Settings

There are 10 settings that can be individually configured for user access controls.
User account control can be disabled or enabled in the registry by setting their respective value under the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System to either 0 or 1.
These settings are:

See also

Change UAC settings with UserAccountControlSettings.exe
user accounts
The __COMPAT_LAYER environment variable.
UAC integrates with Antimalware Scan Interface (AMSI).

Index