Windows Vista includes the new User Account Control (UAC) security component. Even if you’re not familiar with the name, you’ve seen it in action When Vista pops up a dialog asking you to press Continue when you install a program, change system settings, or whatever other nefarious deed you’re up to.
In previous versions of Windows, when you logged on with an administrator account, your user account was granted a single access token that allowed you extensive rights and privileges throughout the system. The problem with this? Windows XP and earlier didn’t include any kind of checks to make sure that you actually wanted to perform an action that the system was trying to perform. So, it was easier for malicious programs like viruses and spyware to get themselves installed without you knowing about it.
In Windows Vista, when you log on with an administrator account, your user account is assigned two access tokens – a full administrator access token and a standard user access token. The standard access token is used to start the Vista desktop. During normal activities (such as running a program, working with files and folders, or changing innocuous system settings like the desktop background), your user account uses the standard access token.
When you try to perform an administrative task (changing system settings, installing programs, and so on), Windows Vista prompts you to make sure that the action is one you intended to take. If you give it the go ahead, your user account is elevated to administrator access and the action proceeds. This prevents administrative tasks from happening without your knowledge. Throughout Windows Vista, you’ll now see an icon with the Windows Shield applied to commands and user interface elements that require administrative privileges.