工程师 - Windows下用户账户控制介绍(UAC)

说明:我在进行USB CV测试时,这个软件要求关闭系统的UAC。因此介绍一下UAC。

Windows下的UAC和Linux下的通过sudo命令提升权限来运行程序的机制是类似的。

Windows 中的用户账户控制(UAC)是一项安全功能,旨在防止对操作系统进行未经授权的更改。为实现这一功能,UAC 在允许可能影响系统运行或配置的某些类型的更改之前,会提示用户获得许可或管理员密码。以下是 UAC 的主要方面和目的:

UAC 的主要方面

  1. 权限提升: UAC 要求用户为需要提升权限的任务授予权限或提供管理凭证。这些任务包括安装软件、更改系统设置和访问某些受保护的系统文件。

  2. 用户提示: 启动需要提升权限的任务时,UAC 会通过对话框提示用户。标准用户必须输入管理员密码,而管理员必须确认其意图。

  3. 安全桌面: 在 UAC 提示期间,屏幕会变暗(切换到安全桌面),将 UAC 对话框与其他正在运行的应用程序隔离。这可以防止恶意软件模拟或干扰 UAC 提示。

  4. 以标准权限运行应用程序: 默认情况下,即使用户拥有管理权限,应用程序也会以标准用户权限运行。这样可以最大限度地降低恶意软件未经明确批准而对整个系统进行更改的风险。

用户控制目标

  1. 防止未经授权的更改: UAC 要求用户对可能影响系统的操作明确表示同意,从而有助于防止对操作系统进行未经授权的更改。

  2. 减轻恶意软件的影响: UAC 以标准用户权限运行应用程序,只有在必要时才提示提升权限,从而限制了恶意软件可能造成的损害,降低了未经授权安装软件的风险。

  3. 鼓励更安全的计算实践: UAC 可提高用户对应用程序所需权限的认识,鼓励用户审慎考虑自己批准的操作。

  4. 执行最小权限原则: UAC 支持最小权限原则,确保应用程序以必要的最低权限运行,从而降低意外或故意进行有害更改的风险。

  5. 保护系统完整性: 通过控制对系统设置和受保护文件的访问,UAC 可帮助维护操作系统的稳定性和完整性。

UAC 设置

可以自定义 UAC 设置,以调整提示级别:

  1. 始终通知: 当软件试图安装或更改计算机时,始终提示用户。
  2. 默认(仅在应用程序尝试更改时通知): 只有当应用程序(非 Windows)尝试进行更改时才会提示用户,而不是当用户更改 Windows 设置时。
  3. 仅当应用程序尝试进行更改时才通知(不调暗桌面): 与默认设置类似,但不切换到安全桌面。
  4. 从不通知: 禁用 UAC 提示,允许所有任务以管理权限运行(由于存在安全风险,不建议使用)。

UAC 如何工作

当某一任务需要管理权限时,UAC 会生成提示,请求用户许可。根据用户的账户类型,提示可能会要求输入管理员密码或仅要求确认操作。此过程包括

  • 提升提示: 对于标准用户,输入管理员密码。对于管理员,确认操作。
  • 安全桌面: 屏幕变暗,UAC 提示出现在安全桌面上,与其他正在运行的应用程序隔离。这可以防止其他应用程序干扰提示。

结论

用户账户控制是 Windows 的一项基本安全功能,通过控制对管理权限的访问,帮助保护系统免受未经授权的更改和恶意软件的侵害。通过在允许潜在的有害操作前提示用户获得权限或凭证,UAC 在维护 Windows 操作系统的安全性和完整性方面发挥着至关重要的作用。


如何在 win10 中关闭用户帐户控制(UAC)?

在 Windows 10 中关闭用户帐户控制 (UAC) 会降低系统的安全性,因为它会减少防止对计算机进行未经授权更改的保障措施。不过,如果您出于特殊原因需要关闭 UAC,请按照以下步骤操作:

方法 1:使用控制面板

  1. 打开控制面板

    • Windows + R 键打开 "运行 "对话框。
    • 输入 "控制面板 "并按 Enter。
  2. 导航至用户账户

    • 单击 "用户帐户"。
  3. 更改 UAC 设置

    • 单击 "更改用户帐户控制设置"。
  4. 调整滑块

    • 在 "用户帐户控制设置 "窗口中,将滑块下移至 "从不通知"。
    • 单击 "确定"。
  5. 确认更改

    • UAC 可能会提示您确认更改。单击继续。

方法 2:使用系统配置 (msconfig)

  1. 打开系统配置

    • Windows + R 键打开 "运行 "对话框。
    • 输入 msconfig 并按 Enter。
  2. 导航至工具选项卡

    • 在 "系统配置 "窗口中,转到 "工具 "选项卡。
  3. 打开 UAC 设置

    • 向下滚动并找到 "更改 UAC 设置"。
    • 选择该选项并单击 "启动"。
  4. 调整滑块

    • 将滑块下移至 "从不通知"。
    • 单击 "确定"。
  5. 确认更改

    • 如果 UAC 提示,请单击 "是 "确认更改。

方法 3:使用注册表编辑器(高级用户)

  1. 打开注册表编辑器

    • Windows + R 键打开 "运行 "对话框。
    • 输入 regedit 并按 Enter。
  2. 导航至 UAC 密钥

    • 在注册表编辑器中,转到

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

  3. 修改 UAC 值

    • 找到 EnableLUA DWORD 值。
    • 双击 EnableLUA 并将其值设为 0
    • 单击 OK
  4. 重新启动计算机

    • 关闭注册表编辑器并重新启动计算机,使更改生效。
重要注意事项

禁用 UAC 会降低系统的安全性,因为它允许程序在未经用户同意的情况下以提升的权限运行。这会使系统更容易受到恶意软件和未经授权更改的攻击。建议在完成需要关闭 UAC 的特定任务后重新启用 UAC。

要重新启用 UAC,请按照相同的步骤将设置调回默认级别或所需的通知级别。


English Version

User Account Control (UAC) in Windows is a security feature designed to prevent unauthorized changes to the operating system. UAC achieves this by prompting users for permission or an administrator's password before allowing certain types of changes that could potentially affect the system's operation or configuration. Here are the key aspects and purposes of UAC:

Key Aspects of UAC

  1. Permission Elevation: UAC requires users to grant permission or provide administrative credentials for tasks that need elevated privileges. These tasks include installing software, changing system settings, and accessing certain protected system files.

  2. User Prompts: When a task requiring elevated privileges is initiated, UAC prompts the user with a dialog box. Standard users must enter an administrator's password, while administrators must confirm their intent.

  3. Secure Desktop: During a UAC prompt, the screen dims (switches to a secure desktop), isolating the UAC dialog from other running applications. This prevents malicious software from simulating or interfering with the UAC prompt.

  4. Running Applications with Standard Privileges: By default, even if a user has administrative privileges, applications run with standard user permissions. This minimizes the risk of malicious software making system-wide changes without explicit approval.

Purposes of UAC

  1. Prevent Unauthorized Changes: UAC helps to prevent unauthorized changes to the operating system by requiring explicit user consent for actions that could affect the system.

  2. Mitigate Malware Impact: By running applications with standard user privileges and prompting for elevation only when necessary, UAC limits the potential damage from malware and reduces the risk of unauthorized software installations.

  3. Encourage Safer Computing Practices: UAC raises user awareness about the privileges required by applications, encouraging users to think critically about the actions they approve.

  4. Enforce Least Privilege Principle: UAC supports the principle of least privilege by ensuring that applications run with the minimum permissions necessary, reducing the risk of accidental or intentional harmful changes.

  5. Protect System Integrity: By controlling access to system settings and protected files, UAC helps maintain the stability and integrity of the operating system.

UAC Settings

UAC settings can be customized to adjust the level of prompting:

  1. Always Notify: The user is always prompted when software tries to install or make changes to the computer.
  2. Default (Notify Only When Apps Try to Make Changes): The user is prompted only when applications (non-Windows) try to make changes, not when the user makes changes to Windows settings.
  3. Notify Only When Apps Try to Make Changes (Do Not Dim Desktop): Similar to the default but without switching to the secure desktop.
  4. Never Notify: Disables UAC prompts, allowing all tasks to run with administrative privileges (not recommended due to security risks).

How UAC Works

When a task requires administrative privileges, UAC generates a prompt asking the user for permission. Depending on the user's account type, the prompt may require entering an administrator password or simply confirming the action. This process involves:

  • Elevation Prompt: For standard users, entering an administrator password. For administrators, confirming the action.
  • Secure Desktop: The screen dims, and the UAC prompt appears on a secure desktop that isolates it from other running applications. This prevents other applications from interfering with the prompt.

Conclusion

User Account Control is a fundamental security feature in Windows that helps protect the system from unauthorized changes and malware by controlling access to administrative privileges. By prompting users for permission or credentials before allowing potentially harmful actions, UAC plays a crucial role in maintaining the security and integrity of the Windows operating system.


How to turn off the User Account Control (UAC) in win10?

Turning off User Account Control (UAC) in Windows 10 can make your system less secure, as it reduces the safeguards that prevent unauthorized changes to your computer. However, if you need to turn off UAC for specific reasons, follow these steps:

Method 1: Using the Control Panel

  1. Open Control Panel:

    • Press Windows + R to open the Run dialog box.
    • Type Control Panel and press Enter.
  2. Navigate to User Accounts:

    • Click on User Accounts.
  3. Change UAC Settings:

    • Click on Change User Account Control settings.
  4. Adjust the Slider:

    • In the User Account Control Settings window, move the slider down to Never notify.
    • Click OK.
  5. Confirm Changes:

    • You might be prompted by UAC to confirm your changes. Click Yes to proceed.

Method 2: Using the System Configuration (msconfig)

  1. Open System Configuration:

    • Press Windows + R to open the Run dialog box.
    • Type msconfig and press Enter.
  2. Navigate to Tools Tab:

    • In the System Configuration window, go to the Tools tab.
  3. Open UAC Settings:

    • Scroll down and find Change UAC Settings.
    • Select it and click Launch.
  4. Adjust the Slider:

    • Move the slider down to Never notify.
    • Click OK.
  5. Confirm Changes:

    • If prompted by UAC, click Yes to confirm your changes.

Method 3: Using the Registry Editor (Advanced Users)

  1. Open Registry Editor:

    • Press Windows + R to open the Run dialog box.
    • Type regedit and press Enter.
  2. Navigate to the UAC Key:

    • In the Registry Editor, go to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

  3. Modify the UAC Value:

    • Find the EnableLUA DWORD value.
    • Double-click on EnableLUA and set its value to 0.
    • Click OK.
  4. Restart Your Computer:

    • Close the Registry Editor and restart your computer for the changes to take effect.

Important Note

Disabling UAC reduces your system's security by allowing programs to run with elevated privileges without user consent. This can make your system more vulnerable to malware and unauthorized changes. It's recommended to re-enable UAC after completing your specific tasks that require it to be off.

To re-enable UAC, follow the same steps and adjust the settings back to their default level or a desired level of notification.

相关推荐
亽仒凣凣1 小时前
Windows安装Redis图文教程
数据库·windows·redis
炫彩@之星1 小时前
Windows和Linux安全配置和加固
linux·windows·安全·系统安全配置和加固
小奥超人2 小时前
RAR压缩算法的文件修复功能详解
windows·经验分享·winrar·办公技巧
Clockwiseee12 小时前
php伪协议
windows·安全·web安全·网络安全
唐宋元明清218813 小时前
.NET 阻止系统睡眠/息屏
windows·电源
yylの博客15 小时前
Windows通过git-bash安装zsh
windows·git·bash·zsh
进击的code16 小时前
windows 下使用WLS2 编译aosp Android14并刷机到pixle 5a
windows
染指111019 小时前
50.第二阶段x86游戏实战2-lua获取本地寻路,跨地图寻路和获取当前地图id
c++·windows·lua·游戏安全·反游戏外挂·游戏逆向·luastudio
dntktop20 小时前
Converseen:全能免费批量图像处理专家
windows
一个懒鬼1 天前
Windows脚本清理C盘缓存
windows·缓存