A new User Account Control (UAC) function enables those whose accounts possess administrator-level privileges (or who log on using the Administrator account) to perform actions unavailable to other types of user accounts. Those who lack such rights will be informed that they lack the privileges necessary to run the program, and that they should execute it under a different account instead. This doesn't mean logging out and then logging back in is strictly necessary, though, because those who have access to privileged account information can always use the "runas" command to access more privileged credentials.

The guiding idea behind this technique is called the "principle of least privilege". Under this doctrine, users who normally work on a Windows machine should log in using ordinary user accounts, so that if they contract a virus or other malware, that unwanted software is a lot less able to do serious damage than if they routinely log in using administrative privileges. But Microsoft hasn't taken this principle entirely to heart, either. The first user defined during installation is automatically granted administrative privileges. Worse yet, the reserved account named Administrator is not required to have a password to log into the machine!

Any question from the User Account Control program is displayed on a secure desktop. By darkening all other application windows at the same time, this special Window pops immediately into view.

Another example of a UAC query.

Any time you enter a password or manage user or group rights or privileges, Windows Vista switches to a secure desktop. This prevents a keylogger from sniffing out passwords or other sensitive data, and makes remote control of this window from other applications impossible.

The User Account Control program is an excellent security feature, though many power users know what they're doing and might prefer to skip its bothersome challenge-response queries. There are two ways to block this program from forcing such queries upon users: through the local security policy, or by using the msconfig tool.

Any program with administrative privileges that launches a process, confers the same privileges on all of its child processes. While this isn't new to Windows, the warning message is a welcome addition.

If the Security Center is deactivated, it can be reactivated without having to restart it, using the Services tool in the Control Panel.