I have received multiple questions today regarding whether or not we will be enabling or disabling UAC when we deploy Windows 7 Enterprise some time this year...and by deploy I actually mean a very gradual rollout (when someone needs re-imaged or we order a new PC). First of all, when doing some testing on some new VDI clients we have set up for a proof of concept, we had 2 separate users logging in to an Oracle system at the same time on 2 different VMs, and both had an issue with Java. I could have swore it had nothing to do with Java trying to update...is there any way it would be popping up JUST to RUN the JRE? Today I only saw one or two mentioning Java wanting to update, but it obviously didn't stop them from logging in to the Oracle system. The issue is, our intent is that one day we will only be giving users local user rights, no more local administrative rights. So, does UAC really do us any good in this case? Also, if they are only local users any way, the UAC prompt will never do them any good any way, right? What are you doing in your enterprise environment?

Hi, UAC really only applies if the user has administrative permissions on the system. If they do, then they have two authentication tokens, one as a regular user and one as an administrator, but UAC filters the administrative token until a process requires an action to be done with administrator permissions. That said, it probably won't do you a lot of good if all of the users are limited to being regular users, but it can help if administrators are working on the system since the security will be a little better since administrative actions need to be approved by the administrator. We typically leave it enabled on our clients and servers unless we are troubleshooting. -- Mike Burr