UAC is not a security boundary, it is instead considered a defense-in-depth feature (aka best effort but bypassable). This is officially documented by Microsoft in multiple places. [0] https://www.microsoft.com/en-us/msrc/windows-security-servic... [1] https://learn.microsoft.com/en-us/troubleshoot/windows-serve...