14 DAY TRIAL // The final version of the User Account Control that made its way into Windows Vista is in fact a relaxed variant. While UAC has gotten its fare share of criticism for being to chatty for the frequency of users prompts, Microsoft's original design was much worse.
Initially, Windows Vista prompted the user for administrative authorization in order to perform actions with elevated privileges. "When we first designed this functionality in Windows Vista, we required that the user enter the CONTROL-ALT-DELETE (C-A-D) sequence (known as a secure attention sequence due to its capability to resist interception) prior to prompting the administrator for their username and password," revealed Jim Allchin, Microsoft Co-President, Platform and Services Division.
Allchin explained that this functionality was designed to guarantee to the user that it was the operating system asking for their credentials by bringing up the Secure Desktop, a restricted mode in which only the operating system could run.
With the creation of the UAC admin approval mode, Microsoft gave up on the C-A-D sequence due to the fact that it was confused with bringing up the Task Manager and because of the high frequency of UAC prompts. However, C-A-D is only disabled by default in Windows Vista and it can always be enabled if you believe that the OS is not nagging you enough.
"In the end, while we left the C-A-D integration with UAC in the system, we disabled it by default. If a user wants to require the C-A-D sequence for UAC elevations, they can easily turn it on via group or local policy. Network administrators can also mandate C-A-D for UAC elevations via group policy. So, if you want to be more secure than the Windows Vista default, just turn on C-A-D for UAC elevations," added Allchin.