2.2 Given a scenario, configure and apply basic Microsoft Windows OS security settings.
📘CompTIA A+ Core 2 (220-1202)
What is User Account Control (UAC)?
User Account Control (UAC) is a security feature in Microsoft Windows that helps prevent unauthorized or accidental system changes.
UAC works by:
- Limiting applications and users from running tasks that require administrator privileges
- Prompting the user for permission before allowing important system-level changes
UAC helps protect Windows from:
- Malware
- Unauthorized software installation
- Accidental configuration changes
Exam keyword: UAC = Privilege elevation control
Why UAC Is Important for Security
In Windows:
- Not all tasks should run with administrator rights
- Malware often tries to run with full system access
UAC:
- Enforces the principle of least privilege
- Allows users to work normally with limited rights
- Requires confirmation before using administrator permissions
This reduces:
- System damage
- Malware infections
- Unauthorized changes to Windows settings
How UAC Works (Behind the Scenes)
When a user logs in:
- Even administrator accounts run most tasks with standard user permissions
- Administrator privileges are disabled by default
When an action requires admin rights:
- Windows pauses the action
- UAC displays a confirmation prompt
- The user must approve or deny the request
Only after approval are administrator privileges temporarily granted.
Common Actions That Trigger UAC
UAC prompts appear when attempting to:
- Install or uninstall software
- Modify system files or folders
- Change Windows security settings
- Install device drivers
- Modify the Windows Registry
- Run tools like Command Prompt or PowerShell as administrator
- Change user account settings
Exam tip: UAC prompts = system-level changes
UAC Prompt Types
1. Standard User Prompt
- Appears when a standard account attempts an admin task
- Requires administrator username and password
- Without credentials, the task is blocked
2. Administrator Prompt
- Appears for users logged in as Administrator
- Requires clicking Yes or No
- No password needed unless configured
UAC Secure Desktop
By default:
- UAC prompts appear on a secure desktop
- The screen dims
- Other applications are temporarily paused
This:
- Prevents malware from interacting with the prompt
- Ensures only the user can respond
Exam keyword: Secure Desktop = higher security
UAC Notification Levels
Windows provides four UAC levels. These control when and how often prompts appear.
1. Always Notify (Highest Security)
- Prompt for every system change
- Prompt when:
- Apps try to install or make changes
- User changes Windows settings
- Most secure, but more interruptions
2. Notify When Apps Try to Make Changes (Default)
- Prompt when:
- Applications make system changes
- No prompt when:
- User changes Windows settings
- Uses Secure Desktop
Exam tip: This is the default UAC setting
3. Notify Without Secure Desktop
- Same as default
- Secure Desktop is disabled
- Less secure
4. Never Notify (Lowest Security)
- UAC is effectively disabled
- No prompts shown
- Applications run with full privileges
Exam warning: This setting is not recommended
How to Access UAC Settings
UAC settings can be accessed using:
- Control Panel
- Control Panel → User Accounts → Change User Account Control settings
- Search
- Search for “UAC” or “User Account Control”
The slider is used to adjust notification levels.
UAC and User Account Types
Standard User Account
- Cannot approve admin tasks
- Must enter administrator credentials
- Best for daily work
Administrator Account
- Can approve or deny UAC prompts
- Still restricted until approval is given
- More secure than older Windows versions
Exam focus: Even admins are restricted by UAC
UAC vs Administrator Account (Important Exam Point)
| Feature | Administrator Account | UAC |
|---|---|---|
| User type | Account role | Security control |
| Privilege control | Full access | Temporary elevation |
| Purpose | System management | Prevent misuse |
| Works together | Yes | Yes |
UAC does not replace administrator accounts — it controls how admin rights are used.
Benefits of UAC
- Prevents unauthorized system changes
- Reduces malware damage
- Protects system files and settings
- Enforces least privilege
- Improves overall Windows security
Limitations of UAC
- Does not block all malware
- User can approve malicious prompts
- Less effective if disabled or set too low
Exam tip: UAC is a security layer, not antivirus software
Best Practices (Exam-Relevant)
- Keep UAC enabled
- Use default notification level
- Use standard accounts for daily tasks
- Only approve trusted actions
- Do not disable UAC unless required for troubleshooting
Key Exam Points to Remember
✔ UAC prevents unauthorized system changes
✔ UAC prompts for permission before admin tasks
✔ Even administrators are restricted by UAC
✔ Secure Desktop increases protection
✔ Default UAC setting prompts for app changes
✔ Disabling UAC reduces system security
Quick Exam Summary
User Account Control (UAC) is a Windows security feature that:
- Limits administrator privileges
- Prompts users before system-level changes
- Protects against malware and accidental damage
- Enforces least privilege
Understanding how UAC works, when prompts appear, and UAC levels is essential to pass CompTIA A+ Core 2 (220-1202).
