No application will be able to brute force a password locally from under the OS, security policies will not allow, although 123 can be guessed without passwords, such passwords should not be used. UAC from under the admin account also makes sense, before performing a privileged operation, it will at least ask if you really want to perform it (unless, of course, it is configured for automatic consent).

From UAC there is little use at all, except for all sorts of interference with the user, IMHO. Perhaps the experts will disagree, but didn't DPE in the same Win XP perform a similar, but less annoying function? ..

You still need to separate UAC - this is not a mechanism to counter password brute force (it prevents you from performing such procedures, but if you allow the action to guess a password, UAC simply stops monitoring such a process until it tries to do another, previously not allowed, privileged action).
UAC is primarily a heuristic PC protection, where the mechanism determines the list of allowed low-level operations, the execution of which is allowed for everyone, and the list of prohibited operations, the execution of which requires the direct permission of the user. Those. from UAC control mechanisms and state changes - from user heuristics.
The mechanism is powerful, reliable, obvious exploits on it have not been heard for a long time, with proper configuration it performs its function well.

var value;
$sliderPTS.on("change", function() {
    var $this = $(this),
    value = $this.prop("value");
});

Try

$this.val()
// вместо
$this.prop("value")