We've have recently been discussing UAC and its pro's and con's. We run a single domain environment. All our workstations run with MS firewall turned on, Sophos, MS Updates are current and all users run as standard (non-admin) users. We are a government entity and are required to run a myriad of different programs. Most (all) of these programs come from trusted sites but not all of them run well with UAC turned on. Some of our vendors suggest not having UAC turned on if their software is installed. Most of this software is mandatory that we run it. Our desire is to create the safest environment possible while still be practical about running needed software. My question - If 99% of the time a PC is being run by a user with Standard user permissions and we have MS firewall turn on, Sophos and our MS updates current - How much safer are we going to be by having UAC turned on? We don't have problem with logging onto a users computer as an admin to install software. We are struggling with the balance between running UAC and running our software without having constant problems. Your feedback is appreciated!