📄️ User Account Control (UAC)
User Account Control (UAC) is a Windows security feature that prevents unauthorized changes by requiring administrative approval for certain actions. It helps mitigate malware infections by running processes with standard privileges unless explicitly elevated. UAC prompts appear when a program requests elevated permissions, ensuring user awareness of system modifications. Disabling UAC reduces security, making the system more vulnerable to privilege escalation attacks.
📄️ Always Install Elevated
AlwaysInstallElevated is a Windows policy setting that allows MSI installers to run with elevated (admin) privileges. It is configured via Group Policy or registry keys. While useful for deploying software enterprise-wide, it poses a serious security risk if misused, as attackers can exploit it to gain system-level access. It is recommended to disable this setting unless absolutely necessary.
📄️ Weak Permissions
SharpUP can audit for weak ACLs easily in one run.