What Is UAC Virtualization?
What is UAC virtualization? In 2007, Microsoft Windows Vista introduced a new security feature called User Account Control (UAC). UAC virtualization is an area of software management that isolates core components of an operating system from potentially disruptive changes. It refers to the level of access called “root” on Unix-like systems and administrator privileges on Windows systems.
Windows UAC rules are designed to protect installed program files and registry settings from modification or corruption by users or programs that should not be accessed; separate each user’s files and settings from other users.
By default, only users with administrator privileges can access the main machine settings. Microsoft enforces these rules by carefully restricting the default permissions for folders under the Program Files folder tree, Program Data folder tree, Windows folder tree, and Users folder tree. Additionally, permissions on registry keys are carefully restricted so standard users are not allowed to modify any settings that could affect other users.
Limitations of UAC Virtualization
To ensure that UAC virtualization works properly, there are some limitations of UAC virtualization:
- For 32-bit applications only. AMD64 compatible applications are all created after these fundamental design decisions and, by their very nature, cannot be written to address system files in the “old way” that UAC virtualization was created to solve. (IA64 applications have their own special set of problems.)
- The user must have write access to the file in the original file path. Attempting to write to any file with read-only permissions will crash the entire card library (i.e. cause the app to crash with an error code).
- UAC virtualization cannot be applied to applications run as administrators or elevated in any way – it must run in the context of a standard user.
- UAC virtualization is disabled by default – it must be explicitly enabled.
You can disable UAC virtualization in Task manager, but it is not recommended. If you disable UAC virtualization, some applications may not work for standard users. When the application tries to write to the directory, but the user does not have permission to write to the directory, it will change the path.
How to Enable UAC Virtualization in Windows 10
First, you need to check if you have enabled UAC virtualization on Windows 10. If not, you can choose enable it.
- Press the Windows + R keys together to open the Run dialog box and type secpol.msc. Then, it will open the Local Security Policy window.
- Expand Local Policies on the left-hand pane and click Security Options.
- Navigate to User Account Control: Virtualize file and registry write failures to per-user locations on the center pane.
If this option is enabled, UAC virtualization is set up on your device. If it isn’t, you can follow these 3 steps to enable UAC virtualization:
- Double-click User Account Control: Virtualize file and registry write failures to per-user locations. That opens a pop-up window
- Select the Enabled radio button
- Click OK to close the popup window. That enables UAC virtualization on your device
After setting up UAC virtualization, you can also manage its behavior and customize it to meet your preferences.
1. Always notify
This is the strictest setting. You must provide explicit permission when you or the software attempts to install, update, or change Windows Settings. All other tasks on the system will freeze until you respond with a notification popup. This setup is ideal for devices that frequently install software for testing.
2. Notify me only when programs try to make changes to my computer
This is the second most restrictive option. It is also the default UAC setting. Here, the computer will notify you when programs try to install or change Windows settings. Like the previous option, it freezes all tasks until you respond. However, this option does not generate a notification when you manually change any settings.
3. Notify me only when programs try to make changes to my computer (don’t darken my desktop)
As the name suggests, this option is non-intrusive and doesn’t freeze other tasks. It will also notify you when you manually make changes to your Windows system. Needless to say, this is a lower security option compared to the first two. Ideally, select this option only if you are the only user and the notification process is slow enough to affect your productivity.
4. Never notify
This option disables UAC virtualization, which poses a serious security risk to your device. We recommend against using this option, even if it seems convenient. All of these options are related to installing and changing software for Windows systems, especially restricted directories.