My
![2Cents :2cents:](./images/smilies/2cents.gif)
contribution:
Simple Explanation (from a Windows Forum):
When you log on, Windows creates an access token. This identifies you, the groups you are a member of, and your privileges. And note that whether a user is an administrator or not is determined by whether the user is a member of the Administrators group.
Without UAC, when you run a program it gets a copy of the access token, and this controls what the program can access.
With UAC, when you run a program it gets a restricted access token. The is the original access token with "Administrators" removed from the list of groups (and some other changes). Even though your user is a member of the Administrators group, the program can't use Administrator privileges.
When you select "Run as Administrator" and your user is an administrator the program is launched with the original unrestricted access token. If your user is not an administrator you are prompted for an administrator account, and the program is run under that account.
"Run as Aministrator" is just a command, enabling the program to continue some operations that require the Administrator privileges, without displaying the UAC alerts.
Even if your user is a member of administrators group, some applications need the Administrator privileges to continue running, because the application is considered not safe, if it is doing some special operation, like editing a system file or something else. This is the reason why Windows needs the Administrator privilege to execute the application and it notifies you with a UAC alert. Not all applications need an Administrator account to run, while some applications do need the Administrator privileges.
If you execute the application with 'run as administrator' command, you are notifying the system that your application is safe and doing something that requires the administrator privileges.
Additional
easy reading article
A mammoth document about the
Windows Integrity Mechanism Design