UAC protects computers by requiring privilege elevation for all users, even users who are members of the local Administrators group. UAC prompts you for permission when you perform a task that requires privilege elevation. This prevents malware from silently launching processes without your knowledge.

Elevated Privileges for Users

By default, local administrators are logged on as standard users. When administrators attempt to perform a task that requires privilege escalation, they are prompted for confirmation by default. You can require administrators to authenticate when performing a task that requires privilege escalation by changing the User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode policy setting to Prompt For Credentials. On the other hand, if you don't want UAC to prompt administrators for confirmation when elevating privileges, you can change the policy setting to Elevate Without Prompting.

Nonadministrator accounts are called standard users. When standard users attempt to perform a task that requires privilege elevation, they are prompted for a password of a user account that has administrative privileges. You cannot configure UAC to automatically allow standard users to perform administrative tasks, nor can you configure UAC to prompt a standard user for confirmation before performing administrative tasks. If you do not want standard users to be prompted for credentials when attempting to perform administrative tasks, you can automatically deny elevation requests by changing the User Account Control: Behavior Of The Elevation Prompt For Standard Users policy setting to Automatically Deny Elevation Requests.

The built-in Administrator account, though disabled by default, is not affected by UAC. UAC will not prompt the Administrator account for elevation of privileges. Thus, it is important to use a normal user account whenever possible and use the built-in Administrator account only when absolutely necessary.

Elevated Privileges for Executables

You can also enable an executable file to run with elevated privileges. To do so, on a one-time basis, you can right-click a shortcut or executable and select Run As Administrator.

But what if you need to configure an application to always run with elevated privileges for a user? To do so, log in as an administrator, right-click a shortcut or executable, and select Properties. On the Compatibility tab, select the Run This Program As An Administrator check box. If the check box is unavailable, the program is blocked from permanently running as an administrator, the program doesn't need administrative privileges, or you are not logged on as an administrator. Many applications that are installed on a Windows 7 machine need to have access to the Registry. Windows 7 protects the Registry from nonadministrator accounts.