If you’ve had your head in the sand for the past year, or you’ve made the conscious decision to ignore Vista entirely, then you may not be familiar with what UAC actually is. Although it’s most obvious element is the much-maligned Windows needs your permission to continue prompt, there’s more to UAC than meets the eye.

In the background UAC is actually quite a bit more than that prompt. More than anything, UAC was designed as a tool to force administrators to operate as standard users as much as possible. With previous O/S versions, we were implored by Microsoft and security pundits everywhere to operate our desktops as standard users. When we needed to use our administrative powers, they suggested we elevate individual processes using tools like the command-line “runas”. By separating out our standard operating environment with the one we need to accomplish godlike tasks, our actions were less likely to cause harm across the entire network. If we accidentally brought down a virus or malware, that bad software was less likely to get distributed everywhere compliments of our credentials.

UAC accomplishes this by separating out our administrator “token”, the small piece of code that identifies our rights and privileges to the system, from that of our standard user token. When we’re typing a document in Microsoft Word or surfing the Internet in Internet Explorer we don’t need to pull out our deity membership card for access. In fact, we shouldn’t even want it for those standard activities.

But, when the situation arrives that we do, UAC can automatically elevate us without requiring a separate login. No log-out-and-log-back-in. No “runas” for each process. Simply a dialog box asking us if we’re OK with elevating our rights for this particular task. It’s a great concept that goes far in helping those who have traditionally done the right thing and run as standard users. For those that haven’t, the prompts can become the bunt of a host of bad IT jokes.

There are other reasons behind UAC’s prompting as well. By providing a visual indicator when something needs administrative access, this allows users to make more informed decisions about the actions they’re attempting to complete on the system. For administrators with vast and far-reaching privileges across the network, this prompt is also a kind of “wake up call”. Its notification helps protect us when we might have attempted an action that could have bad and far-reaching results. If you’ve ever accidentally deleted a critical system file or reset a network connection, then you’re familiar with the occasional oops that even we trained professionals are guilty of from time to time.

The concern on the part of many administrators has to do with the persistence of UAC’s reminders. Need to change an IP address? Cancel or Allow. Modify a user? Cancel or Allow. Install software? Cancel or Allow. As administrators, we’re bombarded with constant reminders that we are indeed administrators and that we’re attempting to do something administrative. It is that regular admission on the part of the operating system that we might not really want to do what we’re about to do that is the source of irritation for many who use UAC for any extended period of time.

Stay tuned for Part 2 and Part 3, coming later this week.

AND... if you want to go ahead and read my full column, check it out in Windows Administration in Realtime!