Windows Internals

Guided path: Security deep dive

Step 5 of 5

Path complete
intermediate

UAC, integrity levels, and secure desktop

Why elevation prompts exist, what filtered tokens are, and how MIC constrains writes.

Related labs

Hands-on exercises for this area — in the browser or on a Windows machine.

ACL & SDDL Lab

Paste SDDL or pick samples, then see owner, DACL, SACL, and ACE meaning in plain language.

Open lab
View all labs

Official Microsoft docs

Closest official references related to this topic on Microsoft Learn.

Microsoft Learn

How User Account Control works

learn.microsoft.com

Microsoft Learn

User Account Control overview

learn.microsoft.com

Microsoft Learn

Mandatory integrity control

learn.microsoft.com

Why it matters

UAC and MIC explain a huge amount of modern Windows behavior: why prompts appear, why services can't show UI, and why a process can't just write anywhere even if ACLs look permissive.

Mental model

Windows separates 'who you are' from 'what level you're running at'. UAC creates filtered vs elevated contexts, and MIC enforces trust boundaries using integrity labels.

Windows building blocks

Names and paths you can look for in Task Manager, Explorer, or documentation.

  • Processconsent.exe

    UAC elevation prompt on secure desktop

Go one level deeper

Extra detail for readers who want more precision before opening a child topic.

  • Split token: standard user gets a filtered admin token until elevation.
  • UIPI blocks lower-integrity windows from sending messages to higher-integrity HWNDs.

How it works

  1. 1Standard user operations run with a standard token; admin operations require an elevated context.
  2. 2UAC prompts are shown on the secure desktop to reduce prompt tampering.
  3. 3MIC uses integrity labels in tokens and object SACLs to prevent lower-integrity writes to higher-integrity targets.

Key terms

UAC
User Account Control, the elevation/consent system for admin operations.
MIC
Mandatory Integrity Control, integrity-based restrictions beyond DACLs.
Secure desktop
A protected desktop used for elevation prompts and sensitive UI.

Why a browser can't write to system locations

Even if a path has permissive ACLs, MIC and integrity policy can still prevent a lower-integrity process from writing to higher-integrity objects.

Common misconception

UAC is not 'a popup'. It is a security design that changes token/elevation behavior and uses MIC and secure desktops for isolation.

You should read next

Ranked from your current topic, related links, branch depth, and any active guided path.

intermediate

Security descriptors & ACLs

Owners, DACL/SACL, ACE ordering, and the object-side policy Windows enforces.

Related topic

expert

Access checks & Security Reference Monitor

How Windows actually decides allow/deny using tokens, descriptors, and SRM routines.

Natural next depth in this branch

intermediate

Window stations & desktops

The session-side objects that organize visible desktops, input, and GUI isolation.

Related topic

Related topics

Window stations & desktops

The session-side objects that organize visible desktops, input, and GUI isolation.

Winlogon, LogonUI, and session sign-in

The visible and semi-visible path from secure attention to a fully signed-in session.

Security descriptors & ACLs

Owners, DACL/SACL, ACE ordering, and the object-side policy Windows enforces.

Previous

Access checks & Security Reference Monitor

How Windows actually decides allow/deny using tokens, descriptors, and SRM routines.