A: In Windows 7, Microsoft made changes that improve users' User Account Control (UAC) experience but don't decrease the overall security posture of UAC. They increased the number of tasks that a standard account user can perform and that don't prompt for administrator approval in Windows 7. For example, standard account users can now install updates from Windows Update and reset network adapters without receiving a UAC prompt. In Windows 7, Microsoft disabled the built-in administrator account by default. The admin account also can't log on to a computer in Safe Mode.

A very visible Windows 7 UAC change is the new User Account Control Settings dialog box, which is available from the User Accounts Control Panel applet. This dialog box lets an administrator account user configure the UAC experience with settings ranging from Always notify to Never notify. Windows 7 includes four UAC configuration levels. Windows Vista offers only two options: UAC is either on or off.

Finally, in Windows 7, Microsoft provides additional Group Policy Object (GPO) options to let administrators change the behavior of the UAC messages for privileged-account users and for limited-account users.