Abstract
I cannot find any formal discussion of the reason (though one person complained about the accelerator keys being changed from Vista to 7). However, one of the reasons is somewhat obvious while another is not.
Security
In many simple dialogs, you can press the accelerator key without holding Alt, (e.g., Yes-No dialogs, ARF dialogs (figure 1), Explorer file-copy dialogs (figure 2), etc.) but the UAC prompt is special because it has security ramifications that can be serious. Because many users have a tendency to click indiscriminately without actually looking at, let alone understanding what they are being prompted with, they disabled the ability to dismiss the UAC dialog with only Y or N and force the less convenient method of having to hold Alt to do it.
Some may argue that this minor road-bump has little effect on security and users still dismiss it without paying attention to the warning it presents, but at least the reasoning behind it is simple and somewhat sound.
Technical
In addition, there is another more technical reason. The UAC prompt is not a normal window and is not processed by the normal window manager. Notice how even with Aero Glass enabled, the UAC dialog is Aero Basic (figure 3).
Also notice that you cannot take a screenshot of it (or the screen in general) with the PrtScr key (screenshots like this are usually done with VMs). In fact, you cannot use Alt/Win+Tab, Win, Ctrl+Esc, or even Ctrl+Shift+Escape or any other Explorer/application hotkey while the UAC prompt is active; the only hotkeys that work are the ones that are handled by the CSRSS:
- Win+P
- Win+L
- Win+U
- Ctrl+Alt+Del
In older versions of Windows (e.g., Windows 3), there was a concept of a system-modal dialog box. That is, a type of dialog box that when shown, would completely block the rest of the system from running until it was dismissed. This made some sense for certain things like critical warnings, but obviously it has serious consequences and worse, can be abused. Not surprisingly, in Windows 95, they removed the system-modal style by changing it so that instead of blocking the system, it just makes the dialog topmost (always on top of all other non-topmost windows). (Technically, a system-modal dialog was impossible in 9x anyways due to it being preemptively multitasked instead of cooperatively multitasked like 3.x was.) The UAC prompt is the closest thing to a system-modal dialog in modern Windows systems, but even that it is a sort of hack similar to, but more powerful than, XP’s fading shutdown screen (figure 4).
Because the UAC prompt is meant to be system-modal, it is not handled by the window manager (which is not capable of doing that), but rather, but by lower-level systems. Because of this, it has to handle accelerators on its own instead of just letting the shell do it, so some accelerator handling (including pressing just the accelerator key without holding Alt) does not work exactly the same as it does in Explorer and other programs.
Security+Technical
There is actually a reason for this that is combination of both security and technical reasons. In the Secure Logon of Windows NT systems (figure 5), the system can be configured to require the user to press Ctrl+Alt+Delete to log on:
Windows NT is designed so that, unless system security is already compromised in some other way, only the Winlogon process, a trusted system process, can receive notification of this keystroke combination. This is because the kernel remembers the process ID of the Winlogon process, and allows only that process to receive the notification. This keystroke combination is thus called the Secure Attention Sequence. A user pressing Control-Alt-Delete can be sure that it is the operating system (specifically the Winlogon process), rather than a third party program that is responding to the key combination (i.e., Login spoofing), and that it is therefore safe to enter a password.
Security in Windows is often handled specially by having low-level, high-privilege processes handle special keys to prevent spoofing. This way, it is more difficult to for example, allow a program to send the Yes key(s) programmatically to bypass the user. Similarly, web-browsers limit how input can be done to prevent click-fraud, automated attacks, etc. so it is no surprise that Windows’ most sensitive security screen makes it accepting the prompt to run a process with administrative privileges a little more complex.
Summary
Whether it was the security design or the technical limitation that came first (bugs or features) is not known; you would have to ask the Windows design team to find out (assuming they would be able/willing to answer). Either way, there are two reasons for it, and they both accommodate each other’s needs.
Appendix
Figure 1: Abort Retry Fail dialog
Figure 2: File copy dialog
Figure 3: UAC prompt in Aero Basic over Aero Glass desktop
Figure 4: Windows XP fading shutdown screen
Figure 5: Windows 7 secure logon screen
Y
by itself to prevent people from replying in the positive willy-nilly without actually looking at and understanding what they are doing.y
does not work for me either. (ButAlt
+y
works).Run it as administrator (right click and select "Run as administrator) if you have UAC enabled, and press "y" every time you're prompted. When it says "Done", press any key to close the window.
They were being simplistic. They merely meant accepting the dialog, not literally pressing onlyY
.Alt
and pressingY
orN
requires both hands and/or uncomfortably contorting one, which takes 1-2 seconds longer than pressing just the letter. As such, that small delay should give you just enough time to mentally register what the prompt means.