14 DAY TRIAL // In Windows Vista, users are limited to standard privileges by the UAC. But Microsoft has implemented the User Account Control in such a manner that it allows the user to run applications and services that require higher privileges. The UAC admin approval mode is the default setting for all members of the local administrator group.
"In this mode, every user with administrator privileges runs normally as a standard user; but when an application or the system needs to do something that requires administrator permissions, the user is prompted to approve the task explicitly. Unlike the "super user on" function from UNIX that leaves the process elevated until the user explicitly turns it off, admin approval mode enables administrator privileges for just the task that was approved, automatically returning the user to standard user when the task is completed," revealed Jim Allchin, former Microsoft Co-President, Platform and Services Division.
James Senior, a Vista Technical Specialist, delivered an explanation for the dialog boxes in Windows Vista. As you can see from the image at the bottom, courtesy of James Senior, there are four basic dialog windows for Vista UAC prompts. The colors are in strict correlation with the content the UAC is blocking.
When an application is detected by the operating system's heuristics, the User Account Control will categorize it according to its publisher. The red UAC prompt means that the publisher is blocked. If the UAC prompt is blue-green, as in the second example from the top down, Vista itself is the publisher. The gray UAC prompt is synonymous with a verified publisher, while the orange refers to an unknown publisher.
"When a user attempts to access an application or setting that requires elevated privileges to run, they are presented with a UAC prompt, the appearance of which will vary depending on the type of user they are or the type of application that is trying to run," stated Senior.
Additionally, the UAC will present users with yet another prompt, but just for those with non-administrative accounts. This UAC prompt will ask the user to enter an administrator password in order to continue.
"These prompts are protected from receiving communications from other applications so that malicious software cannot simulate the actions of users. This is obviously a problem for screenreaders or other applications that need to use UI Automation in order to provide interaction with the User Interface. This problem has a solution though," Senior added.
