当Windows Vista推出时，用户帐户控制^{(User Account Control)}( UAC ) 是最受批评和误解的功能。尽管它对安全至关重要，但许多人选择禁用它并将他们的系统暴露于安全问题。此功能在Windows的下一个版本中得到了改进，尽管它为操作系统^{(operating system)}的安全性增加了很多，但一些用户仍然选择禁用它。这就是为什么在本文中，我们阐明了此功能是什么、它是如何工作的以及在任何版本的Windows中保持它处于活动状态的好处：

什么是Windows中的^(Windows)用户帐户控制^{(User Account Control)}( UAC ) ？

用户帐户控制或简称 UAC^{(User Account Control or UAC)}是Windows的一项安全功能^{(security feature)}，有助于防止对操作系统^{(operating system)}进行未经授权的更改。这些更改可以由应用程序、用户、病毒或其他形式的恶意软件发起。用户帐户控制^{(User Account Control)}确保某些更改仅在获得管理员批准的情况下进行。如果更改未经管理员批准，则不会执行，Windows保持不变。就好像什么都没发生一样。UAC最初是为Windows Vista提供的，从那时起，每个新版本的Windows都对它进行了改进。

用户帐户控制^{(User Account Control)}( UAC )提示^{(prompt look)}的外观如何？它共享和请求^{(share and request)}什么？

当您双击即将对Windows进行重要更改的文件、设置或应用程序时，您会看到用户帐户控制^{(User Account Control)}( UAC ) 提示。如果您的用户帐户^{(user account)}是管理员，则提示如下面的屏幕截图所示。在那里，您可以在Windows 10（顶部）、Windows 7（中）和Windows 8.1（底部）中看到UAC 提示。^{(UAC prompt)}

UAC 提示^{(UAC prompt)}显示即将进行系统更改^{(system change)}的程序的名称，该更改需要管理员的批准、该程序的发布者和文件来源^{(file origin)}（如果您正在尝试运行文件）。管理员只需要单击或点击^{(click or tap)}Yes即可让程序或文件进行所需的更改。

如果您的用户帐户^{(user account)}不是管理员^(NOT)，则提示看起来会有所不同。例如，在Windows 10中，UAC 提示^{(UAC prompt)}请求管理员的PIN（如果已设置）或密码。

在Windows 7和Windows 8.1中，UAC 提示^{(UAC prompt)}总是要求输入管理员密码，如下所示。

发生这种情况时，您需要输入管理员的PIN 或密码^{(PIN or password)}，然后按Yes。除非执行这两个操作，否则不会进行请求的更改。

UAC 提示^{(UAC prompt)}还有一个链接，上面写着“显示更多详细信息”^{("Show more details")}（在 Windows 10 中）或“显示详细信息”^{("Show details")}（在Windows 7和Windows 8.1中）。如果单击它，您会看到更多信息，包括程序或文件^{(program or file)}在磁盘上的确切位置以及发布者的证书，其中显示了有关谁创建了您要运行的内容的更多信息。

我如何知道文件或设置^{(file or setting)}会触发UAC 提示^{(UAC prompt)}？

运行时触发UAC 提示的文件在其^{(UAC prompt)}文件图标^{(file icon)}的右下角有UAC 符号^{(UAC symbol)}，类似于下面的屏幕截图。

^{(Apps and system settings)}触发UAC 提示的^{(UAC prompt)}应用程序和系统设置在其名称附近或图标中也有UAC 符号。^{(UAC symbol)}您可以看到下面突出显示的一些示例，这些示例在控制面板^{(Control Panel)}中遇到。

记住UAC 图标^{(UAC icon)}，每次看到它时，您就预先知道您将需要管理员的批准。

用户帐户控制^{(User Account Control)}( UAC )如何工作？

在Windows中，应用程序默认运行，没有任何管理权限。他们拥有与标准用户帐户^{(user account)}相同的权限：他们不能对操作系统^{(operating system)}、其系统文件或注册表设置进行任何更改。此外，他们无法更改其他用户帐户^{(user account)}拥有的任何内容。应用程序只能更改其文件和注册表设置或用户的文件和注册表设置。

为了更容易理解，下图解释了UAC 算法。^{(UAC algorithm)}

哪些更改会在Windows中触发UAC 提示^{(UAC prompt)}？

有许多更改需要管理权限。根据您的Windows 计算机上^{(Windows computer)}UAC的配置方式，它们可能会导致出现UAC 提示^{(UAC prompt)}并请求许可。这些是：

• 以管理员身份运行应用程序
• 更改Windows 或 Program Files 文件夹中的系统范围设置或文件^{(Windows or Program Files folders)}
• 安装和卸载驱动程序和应用程序
• 查看或更改其他用户的文件夹和文件
• 添加或删除用户帐户
• 配置 Windows 更新
• 更改Windows 防火墙的设置^{(Windows Firewall)}
• 更改 UAC 设置
• 更改用户的帐户类型
• 运行任务计划程序
• 恢复备份的系统文件
• 更改系统日期和时间
• 配置家长控制或家庭安全^{(Parental Controls or Family Safety)}
• 安装ActiveX控件（在Internet Explorer中）

Windows中的^(Windows)UAC级别有什么不同？

与Windows Vista不同，您只有两个选项：UAC打开或关闭^(Off)，在较新版本的Windows中，有四个级别可供选择。它们之间的区别如下：

• 始终通知^{(Always notify)}- 在此级别，您会在应用程序和用户进行需要管理权限的更改之前收到通知。当出现UAC 提示^{(UAC prompt)}时，桌面变暗。您必须先选择是^(Yes)或否^(No)，然后才能在计算机上执行任何其他操作。安全影响^{(Security impact)}：这是最安全的设置，也是最烦人的。如果您不喜欢Windows Vista中的^{(Windows Vista)}UAC 实现^{(UAC implementation)}，您将不会喜欢这个级别。
• Notify me only when programs/apps try to make changes to my computer- 这是默认级别^{(default level)}，UAC仅在程序进行需要管理权限的更改之前通知您。如果您手动对Windows^(Windows)进行更改，则不会显示UAC 提示。^{(UAC prompt)}此级别不那么烦人，因为它不会阻止用户对系统进行更改，它只会在应用程序或文件^{(app or file)}想要进行更改时显示提示。显示UAC 提示^{(UAC prompt)}时，桌面变暗，您必须选择是^(Yes)或否^(No)，然后才能在计算机上执行任何其他操作。安全影响：^{(Security impact:)}这不如第一个设置安全，因为可以创建恶意程序来模拟用户的击键或鼠标移动并更改 Windows 设置^{(user and change Windows settings)}。但是，如果您使用的是良好的安全解决方案^{(security solution)}，则不应发生此类情况。
• Notify me only when programs/apps try to make changes to my computer (do not dim my desktop) - 此级别与上一个级别相同，除了当显示UAC 提示^{(UAC prompt)}时，桌面不会变暗并且其他桌面应用程序可以干扰它。安全影响：^{(Security impact:)}此级别的安全性更低，因为它使恶意程序更容易模拟干扰UAC 提示^{(UAC prompt)}的击键或鼠标移动。
• 从不通知^{(Never notify)}- 在此级别，UAC已关闭，并且它不提供任何防止未经授权的系统更改的保护。安全影响^{(Security impact)}：如果您没有良好的安全套件^{(security suite)}，您的Windows 设备^{(Windows device)}很可能会遇到安全问题。关闭UAC后，恶意程序更容易感染Windows并获得控制权。

如果您想了解如何在UAC级别之间切换，请阅读并遵循本教程：如何更改Windows中的^(Windows)用户帐户控制^{(User Account Control)}( UAC ) 级别。

我应该在安装桌面应用程序时禁用 UAC，然后再打开它吗？

用户最大的烦恼是安装 Windows 和最常用的桌面应用程序^{(desktop apps)}时。在此过程中，会显示许多UAC提示，您可能会想暂时禁用它，同时安装所有应用程序并在完成后再次启用它。在某些情况下，这可能是个坏主意。一旦打开UAC ，安装后进行大量系统更改的^(UAC)桌面应用程序^{(Desktop apps)}可能无法运行。但是，如果您在打开UAC^(UAC)时安装它们，它们将正常工作。当UAC关闭时，UAC使用的虚拟化技术^(UAC)对于所有应用程序都处于非活动状态。这会导致某些用户设置和文件安装到不同的位置。当UAC^(UAC)重新打开时，它们将不起作用。为避免此类问题，最好始终打开用户帐户控制^{(User Account Control)}( UAC )。

您是否打开 UAC？

现在您了解了有关Windows中的^(Windows)用户帐户控制^{(User Account Control)}( UAC )及其在保护您的系统中的作用的所有重要信息。在结束本文之前，请与我们分享您是否选择保持打开状态。评论表可在下方访问。

What is UAC (User Account Control) and why you should never turn it off

When Windows Vіsta was launched, User Accoυnt Control (UAC) was the most criticized and misunderstood feature. Even though it is essential for security, many people have chosen to diѕable it and expose their systems to security рroblems. This feature has been improved in the next versions of Windows and, even though it adds a lot to the safety of the operating system, some uѕers still choosе to disable it. That's why, in this article, wе clarify what this feature is, hоw it works and the benefits of keeping it active, in аny version of Windоws:

What is User Account Control (UAC) in Windows?

User Account Control or UAC for short is a security feature of Windows which helps prevent unauthorized changes to the operating system. These changes can be initiated by applications, users, viruses or other forms of malware. User Account Control makes sure certain changes are made only with approval from the administrator. If the changes are not approved by the administrator, they are not executed, and Windows remains unchanged. It is as if nothing happened. UAC was first made available for Windows Vista, and since then it was improved with each new version of Windows.

How does a User Account Control (UAC) prompt look and what does it share and request?

When you double-click on a file, a setting or an app that is about to make important changes to Windows, you are shown a User Account Control (UAC) prompt. If your user account is an administrator, the prompt looks like in the screenshot below. There you can see the UAC prompt in Windows 10 (top), in Windows 7 (middle) and Windows 8.1 (bottom).

The UAC prompt displays the name of the program that is about to make a system change that requires the approval of an administrator, the publisher of that program and the file origin (if you are trying to run a file). All it needs from the administrator is a click or tap on Yes, to let the program or the file do the changes that it wants.

If your user account is NOT an administrator, the prompt looks different. For example, in Windows 10, the UAC prompt requests for the administrator's PIN (if it has set one) or password.

In Windows 7 and Windows 8.1, the UAC prompt always requests the administrator's password, as shown below.

When this happens, you need to enter the administrator's PIN or password and press Yes. Unless both actions are performed, the changes that are requested are not made.

The UAC prompt also has a link that says "Show more details" (in Windows 10) or "Show details" (in Windows 7 and Windows 8.1). If you click on it, you see more information including the exact location on the disk of the program or file and the publisher's certificate, which shows you more information about who created what you want to run.

How do I know that a file or setting will trigger a UAC prompt?

Files that trigger a UAC prompt when run have the UAC symbol on the bottom-right corner of their file icon, similar to the screenshot below.

Apps and system settings that trigger a UAC prompt also have the UAC symbol near their name or in their icon. You can see some examples highlighted below, that are encountered in the Control Panel.

Remember the UAC icon and each time you see it, you know beforehand that you are about to need the administrator's approval.

How does User Account Control (UAC) work?

In Windows, applications run by default without any administrative permissions. They have the same permissions a standard user account has: they cannot make any changes to the operating system, its system files or registry settings. Also, they cannot change anything that's owned by other user accounts. Applications can change only their files and registry settings or the user's files and registry settings.

For an easier understanding, the UAC algorithm is explained in the diagram below.

Which changes trigger a UAC prompt in Windows?

There are many changes which require administrative privileges. Depending on how UAC is configured on your Windows computer, they can cause a UAC prompt to show up and ask for permission. These are the following:

• Running an app as administrator
• Changes to system-wide settings or files in the Windows or Program Files folders
• Installing and uninstalling drivers & applications
• Viewing or changing another user's folders and files
• Adding or removing user accounts
• Configuring Windows Update
• Changing settings to the Windows Firewall
• Changing UAC settings
• Changing a user's account type
• Running Task Scheduler
• Restoring backed up system files
• Changing the system date and time
• Configuring Parental Controls or Family Safety
• Installing ActiveX controls (in Internet Explorer)

What is different between UAC levels in Windows?

Unlike Windows Vista, where you had only two options: UAC turned On or Off, in newer versions of Windows there are four levels to choose from. The differences between them are the following:

• Always notify - at this level you are notified before applications and users make changes that require administrative permissions. When a UAC prompt shows up, the desktop is dimmed. You must choose Yes or No before you can do anything else on the computer. Security impact: this is the most secure setting and the most annoying. If you did not like the UAC implementation from Windows Vista, you wouldn't like this level.
• Notify me only when programs/apps try to make changes to my computer - this is the default level, and UAC notifies you only before programs make changes that require administrative permissions. If you manually make changes to Windows, then a UAC prompt is not shown. This level is less annoying as it doesn't stop the user from making changes to the system, it only shows prompts if an app or file wants to make changes. When a UAC prompt is shown, the desktop is dimmed, and you must choose Yes or No before you can do anything else on your computer. Security impact: this is less secure than the first setting because malicious programs can be created to simulate the keystrokes or mouse movements made by a user and change Windows settings. However, if you are using a good security solution, such situations should not occur.
• Notify me only when programs/apps try to make changes to my computer (do not dim my desktop) - this level is identical to the previous except the fact that, when a UAC prompt is shown, the desktop is not dimmed and other desktop apps can interfere with it. Security impact: this level is even less secure as it makes it even easier for malicious programs to simulate keystrokes or mouse moves that interfere with the UAC prompt.
• Never notify - at this level, UAC is turned off, and it doesn't offer any protection against unauthorized system changes. Security impact: if you don't have a good security suite you are very likely to encounter security issues with your Windows device. With UAC turned off it is much easier for malicious programs to infect Windows and take control.

If you want to learn how to switch between UAC levels, read and follow this tutorial: How to change the User Account Control (UAC) level in Windows.

Should I disable UAC when I install desktop apps and turn it on afterward?

The biggest annoyance for users is when they install Windows and their most used desktop apps. During this procedure, lots of UAC prompts are shown, and you might be tempted to disable it temporarily, while you install all applications and enable it again when done. In some situations, this can be a bad idea. Desktop apps that make lots of system changes can fail to work once UAC is turned on, after their installation. However, they will function properly if you install them when UAC is turned on. When UAC is turned off, the virtualization techniques used by UAC for all applications are inactive. This causes certain user settings and files to be installed to a different place. They will not work when UAC is turned back on. To avoid such problems, it is better to have User Account Control (UAC) turned on at all times.

Do you leave UAC turned on?

Now you know everything that is important about User Account Control (UAC) in Windows and its role in securing your system. Before closing this article, share with us whether you chose to keep it turned on or not. The comments form is accessible below.

Related posts

• 如何在 Windows 10 中更改用户帐户控制 (UAC) 级别

• 6种方法退出Windows 11

• 在Windows 11和Windows 10中打开Control Panel的17种方法

• 如何重置我的Microsoft account密码？

• 您应该在 Windows 10 中使用本地帐户还是 Microsoft 帐户？

• 凭据管理器是 Windows 存储密码和登录详细信息的地方。以下是如何使用它！

• 如何在Safe Mode中启动Windows 11（8种方式）

• 使用 Windows 任务计划程序在没有 UAC 提示和管理员权限的情况下运行应用程序

• 在 Windows 10 中切换用户的 7 种方法

• 如何讲述我有哪些Windows（11种方式）

• 如何创建USB Windows 10 recovery drive？

• 如何关闭Windows 11（9种方式）

• 什么是System Restore和4种方法使用它

• 5种方法来卸载Windows 11更新

• 如何在USB memory stick or flash drive管理BitLocker

• 在Windows 11中打开Settings的17种方式

• 如何读取Windows存储的密码，哪些密码容易破解

• Windows 7 与 Windows Vista：UAC 基准测试

• 如何使用密码重设盘更改 Windows 密码

• 使用 Google Authenticator 为您的 Microsoft 帐户设置两步验证