Comment by wolrah

> It is more of a warning than an actual security mechanism though. Similar to Mark of the Web.

It's both a warning and an actual security mechanism.

Obviously its most visible form is triggered when an application tries to write to system-level settings or important parts of the filesystem, and also when various heuristics decide that the application is likely to want to do so (IIRC "setup.exe" and "install.exe" at the root of a removable disk are assumed to need elevation).

Because Microsoft knew that a lot of older software wrote to system areas just because it predated Windows being a multi-user system UAC also provided a partial sandboxing mechanism where writes to these areas could be redirected to user-specific folders.

The warning was also a tool in itself, because the fact that it annoyed users finally provided the right kick in the ass to lazy software developers who had no need to be writing to privileged areas of the system and could easily run under a limited user but hadn't bothered to because most non-corporate NT users were owners and thus admins and most corporate environments would just accept "make users local admin". A portion of the reason we saw UAC prompts a lot less in later versions of Windows is because Microsoft tweaked some things to make certain settings per-user and to reorganize certain dialogs so unprivileged settings could be accessed without escalation, but a lot of it is because applications that had been doing it wrong for as long as NT had existed finally got around to changing their default paths.