• Home
• Windows Vista FAQ
• Blog
• Website Feedback

An introduction to security and UAC (User Account Control) in Windows Vista

The user account

In Windows Vista, you must log in with your user account before you can accessyour computer.

Windows Vista uses your user account to determine your personal settings, such as what background to display and where your e-mail is stored. But more importantly, your user account determines what access you have to the "securable objects" (stuff) on your computer.

You can think of it as the computer assigning you a special key that you will use to access everything on your computer.

While each person has their own individual key that uniquely identifies them, there are two basic kinds of keys: administrator keys and standard keys.

What are securable objects

Securable objects are another name for the "stuff" that is on your computer. This includes files, folders, and settings.

Every securable object contains a list of people who can access it and what those people are allowed to do to it.

You can think of a securable object as having a padlock that protects it. When you try to do something to a securable object (open, delete, etc.), you use your key to try and unlock it. If the key does not fit for the type of action you are attempting to perform, it won't unlock and you will not be allowed access.

What is an administrator

Administrators are the "masters" of the computer. They can use their key to gain full access to almost every securable object on the computer. They can also choose what kind of key other users have by using the control panel.

Users that are not administrators can only use their key to access their personal stuff or the public areas of the computer (such as the Public folder). They are not allowed to change other people's stuff, install programs for other people, change computer settings, or change other people's settings.

The problems with this kind of security

Before Windows Vista, every program that was running while you were logged on also used your key to access the computer.

This caused two major problems:

• Programs that you did not actually start could use your key without you knowing about it
• Programs always have access to everything that you do, even if they do not need such access

This created a very dangerous and insecure environment while you were logged in as an administrator.

In Windows Vista, this "key-based" security design is taken a step further by allowing you to control what type of key the programs that run on your computer can use.

Copyright (C) 2008 Jimmy Brush. This page was created on 1/28/2007.