. You have been blocked by your system administrator from running

this program: This is a program that your administrator has specifically blocked from running on your computer. To run this program, you must contact your administrator and ask to have the program unblocked. Of course, it is recommended that you log on to your computer with a stan- dard user account most of the time. With a standard user account, you can run standard business applications such as a word processor or spreadsheet, surf the Internet, or send email. When you want to perform an administrative task, such as installing a new program or changing a setting that affects other users, you don’t have to switch to an adminis- trator account. Windows prompts you for permission or an administra- tor password before performing the task.

To help protect your computer, you can create standard user accounts for all the users who share the computer. When someone who has a standard account tries to install software, Windows asks for an administrator account’s password so that software can’t be installed without the user’s knowledge and permission.

UAC can be enabled or disabled for any individual user account. If you disable UAC for a user account, you lose the additional security protections UAC offers and put the computer at risk. To enable or disable UAC for a particular user account, follow these steps:

1. In Control Panel, click User Accounts.

2. On the User Accounts page, click User Accounts.

3. Click Change User Account Control settings.

4. Move the slider to the appropriate options, as shown in Figure 8.11 and Table 8.1.

CHAPTER 8: User Management

5. When prompted to restart the computer, click Restart Now or Restart Later as appropriate for the changes to take effect.

FIGURE 8.11 User Account Control settings.

TABLE 8.1 UAC Settings

Setting Description

Security Impact

Always notify You are notified before This is the most secure setting. programs make changes to your computer or to

When you are notified, you should Windows settings that

carefully read the contents of each require the permissions

dialog box before allowing changes of an administrator.

to be made to your computer. When you’re notified, your

desktop is dimmed, and you must either approve or deny the request in the UAC dialog box before you can do anything else on your computer. The dimming of your desktop is referred to as the secure desktop because other programs can’t run while it’s dimmed.

User Account Control

TABLE 8.1 Continued

Setting Description Security Impact

Notify me only when You are notified before It’s usually safe to allow programs try to

programs make changes to changes to be made to make changes to

your computer that require Windows settings without you my computer

the permissions of an being notified. However, certain administrator.

programs that come with Windows can have commands

You are not notified if you or data passed to them, and try to make changes to

malicious software can take Windows settings that

advantage of this by using require the permissions of

these programs to install files an administrator.

or change settings on your computer. You should always be

You are notified if a program careful about which programs outside of Windows tries to

you allow to run on your make changes to a Windows computer. setting.

Notify me only when You are notified before This setting is the same as programs try to

programs make changes to to make changes to my make changes to my your computer that require

computer, but you are not computer (do not

the permissions of an notified on the secure desktop. dim my desktop)

administrator. You are not notified if you

Because the UAC dialog box try to make changes to

isn’t on the secure desktop with Windows settings that

this setting, other programs require the permissions

might be able to interfere with of an administrator.

the dialog’s visual appearance. This is a small security risk if

You are notified if a program you already have a malicious outside of Windows tries to

program running on your make changes to a

computer.

Windows setting.

CHAPTER 8: User Management

TABLE 8.1 Continued

Setting Description

Security Impact

Never notify You are not notified before This is the least secure setting. any changes are made to

When you set UAC to never your computer. If you are

notify, you open your computer logged on as an

to potential security risks. administrator, programs can make changes to your

If you set UAC to Never notify, computer without you

you should be careful about knowing about it.

which programs you run, because they have the same

If you are logged on as a access to the computer as you standard user, any changes

do. This includes reading and that require the permissions

making changes to protected of an administrator are

system areas, your personal automatically denied.

data, saved files, and anything If you select this setting, you else stored on the computer.

need to restart the computer Programs are also able to to complete the process of

communicate and transfer turning off UAC. After UAC

information to and from anything is off, people who log on as

your computer connects with, administrator always have

including the Internet.

the permissions of an administrator.