Originally published in 2008

In this tutorial, I’ll discuss disabling and configuring User Account Control (UAC) on Windows Vista, along with the pros and cons of doing so.

User Account Control, or UAC as it’s often called, is arguably the most controversial feature of Windows Vista. It’s also probably fair to say that it’s Vista’s most misunderstood feature.

UAC prompts you with a ‘click-ok-to-continue’-like dialog whenever you do certain actions. This is often interpreted as “Are you sure you want to run this program?” or “Are you an administrator?”, which isn’t quite the case. This prompting behaviour can be jarring for users, as it deviates from the behaviour of previous versions of Windows. Being constantly asked to confirm your actions can be frustrating for users new to the Vista platform. Because of this, many users choose to disable the UAC system all together, and it has become a main point of criticism for Vista.

Before I explain how to configure and disable UAC, let’s discuss briefly what it actually does.

In previous versions of Windows (as late as Windows XP), we had two main types of user accounts: Limited Users and Administrators. Limited Users were restricted in what they could do with windows. Most installations, for instance, required authorization from an Administrator. The same was true for various other tasks, such as installing hardware and making system wide changes to the operating system. Administrator accounts, on the other hand, had virtually full access to Windows.

According to Microsoft, most people prefer to use Administrator accounts. This is primarily due to the default account that is created during Windows Setup being an administrator, and also to the fact that users prefer to have full control over their PC. The main security issue with this approach to user policy is that applications are run with the same privileges that the user has. That is, if the user is an administrator, the application runs with administrative privileges. This makes Windows more vulnerable to malicious software than it should be.

Windows Vista takes a different approach to user security policy by implementing the UAC system.

By default in Vista, all programs run with minimal privileges regardless of the account type the user is set to. Without administrative privileges, it is much more difficult for applications to perform potentially harmful operations. However, some applications do have legitimate use for administrative privileges. The prime example would be setup applications, as they require access to areas such as Program Files and the Windows Registry. When an application attempts to do something that requires administrative privileges, it is detected by UAC.

What UAC actually does is tells the user that the application is requesting admin privileges (and thus, higher access to the operating system). The user can then allow or deny administrative access to the application that made the request by answering the UAC prompt. If administrative privileges are granted by the user, the application retains them until it closes.

This system gives users complete control over what applications the operating system exposes itself to, which makes malware a lot less effective.

When Windows Vista was first released in January of 2007, the amount of UAC prompting for regular programs was higher than what would have been tolerable for many people. This is because a lot of Windows software at the time required administrative privileges unecessarily, due primarily to poor programming by the developers. UAC has, perhaps unintentionally, encouraged developers to rewrite their software to work without triggering UAC prompts, which Microsoft argues results in an “improved software ecosystem”. The amount of programs that trigger UAC

prompts on Windows Vista has dropped approximately 78% between August of 2007 and August of 2008, which is compelling evidence to support Microsoft’s claims.

Regardless of UAC’s beneficial features, many people still find the prompting too intrusive, and turn UAC off as a result. This can be done in the User Accounts section of the control panel, but it’s not a very good idea.

Disabling UAC causes other Windows components to behave differently, which can cause problems here and there. Since it’s only the prompting that’s the issue, it would make more sense to leave UAC on, but turn the prompting off. This can be done.

Windows Vista Ultimate and Windows Vista Business users have access to the Local Security Policy editor, also known as secpol. To run secpol, type secpol.msc in the start menu search box and hit enter (you will be prompted by UAC, go figure).

Under Local Policies > Security Options, there are a whole bunch of settings related to UAC. The two we are interested in are…

UAC elevation prompt settings in the windows Security Policy editor (secpol)

• User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode; and
• User Account Control: Behaviour of the elevation prompt for standard users

To turn UAC prompting off, change these (or the one that suits you) to Elevate without prompting.

Instead of actually turning off UAC, this elevates programs to administrative privileges as soon as they are requested, removing the prompting from the process. This will remove the prompts, but remember, it will not protect you from malware – UAC does not differentiate between good and bad software heuristically or otherwise.

If you’re a Windows Vista Home Basic or Windows Vista Home Premium user, you do not have secpol. However, most of the settings in secpol just correspond to entries in the Windows Registry, including the two UAC settings above.

To change them, open the registry editor (type regedit in the start menu search box and hit enter).

Browse to the following key:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

The prompt settings are stored here as DWORD values. They are ConsentPromptBehaviorAdmin and ConsentPromptBehaviorUser.

The possible values for both settings are as follows:

0×00000000 (0) – Elevate without prompting
0×00000001 (1) – Prompt for credentials
0×00000002 (2) – Prompt for consent