User Account Control

The big news for Vista is user account control (UAC). It is possibly the most talked about feature of Vista because it most directly affects you in an in-your-face manner. You can turn it off, of course, but that could be counterproductive because UAC really does serve some useful purposes, which you'll find in this article.

If you have been using Windows Vista for more than a couple of days, you are probably familiar with the user account control window:

user account control

When you tune the UAC properly and run only standard applications, you should see it very seldom. UAC isn't meant as an annoyance or a time-robbing Vista feature, it's supposed to warn you when someone is doing something they shouldn't with your machine.

In general, if you're like most users and don't need to perform administrative tasks every day, you'll gain significantly more than you'll lose by running UAC on your machine.

If you're an administrator, user account control can actually prevent you from getting work done.

Turning Off user account control

You have a number of options for turning off UAC. It's possible to get rid of the most obnoxious features by making a single change. Choose Start -> Control Panel, select the User Accounts and Family Safety link and then select the UAC Panel link. Near the bottom of the "Make Changes to Your User Account" window, click the Turn UAC On or Off link, clear the Use UAC to Help Protect Your Computer option, and click ok.

Vista may not always tell you to reboot your system after a security change, but you must reboot your system for the changes to take effect.

Another way to turn off user account control, this time with far greater ramifications, is to disable the User Account Control entries in the Local Security Policy console. These settings affect far more than the UAC settings that Vista tracks through your user account and the changes are more dangerous from a security perspective.

Some administrators tune UAC to meet their specific needs. I think it's not a good idea to turn off user account control completely - even administrators make mistakes and a little safety net doesn't hurt anyone. That said, you still might want to change the UAC configurations when working with certain applications, especially those that change the system setup in some way. Or older applications that don't always follow the rules.

All of the settings you need are found in the Local Security Policy console. To invoke it, click Start -> Control Panel, select Classic View, double-click the Administrative Tools folder, and then double-click Local Securit Policy. You'll find the settings in the Security Settings\Local Policies\Security Options folder. The user account control options appear near the end of the list.

User Account Control

Admin Approval Mode for Built-in Administrator account
This feature isn't defined by default because it only affects the administrator account. When enabled, it sets the admin approval mode for the administrator account, which means that the administrator doesn't need to manually provide permission to perform activities that user account control would normally request permission to perform.

Behaviour of the elevation prompt for administrators in admin approval mode
The setting determines the kind of prompt that someone in the administrators group receive to perform administrator tasks. The default setting merely asks the user to approve of the action. However, you can also tell UAC not to prompt the user at all or to request a name and password. Disabling the prompt means that the activity will normally fail.

Behaviour of the elevation prompt for standard users
This setting determines the kind of prompt that a standard user gets when performing administrative tasks. The default setting asks the user for an administrator account name and password. You can also change this setting so user account control doesn't prompt the user at all, which means that the task will always fail.

Detect application installations and prompt for elevation
This feature detects any kind of application installation and requests permission to perform it. Since application installation is a somewhat rare task after a system is set up, you should probably keep this setting enabled because it helps you detect unwanted or unauthorized application installations.

Only elevate executables that are signed and validated
Enabling this feature means that you won't be able to install most applications that aren't signed and validated. A signed application is one that has a valid digital certificate that identifies the application vendor. If you can ensure that all of your applications are signed, then enabling this feature is probably a good idea. However, since few applications are signed today, you'll probably want to retain the default disabled setting.

Only elevate UIAccess applications that are installed in secure locations
This feature detects any application that wants to interact with the user interface of another application. For example, an application might provide accessibility support for all of the applications run on a certain machine. The accessibility feature may request interaction with these other applications to determine what information their user interface provides. Since this feature could be used to make virus actions appear as part of another application, it's a security hazard. This setting tells user account control to ensure that any cross-application user interface access only takes place from secure locations. Using this setting won't affect the performance of bona fide accessibility applications such as JAWS.

Run all administrators in admin approval mode
Enabling this feature ensures that anyone in the administrator group is prompted before performing an administrative task. The prompt acts as a safeguard because it ensures that someone can't perform an administrator level task without the user's knowledge and permission. However, this setting can also be a productivity drain. You could disable it before you perform a series of administrator leve tasks, and then reenable it later to maintain the safety it provides.

Swith to the secure desktop when prompting for elevation
Use this feature to make all elevation prompts appear in the secure desktop environment. When you use this feature, you'll notice that the desktop darkens and you can't do anything else. The purpose of the secure desktop environment is to make it a lot harder for someone to trick the user into providing permission to run an errant program. Since only the prompt appears, someone can't place text in front of the prompt that makes it appear the user is granting permission for another application.

Virtualize file and registry write failures to per-user locations
Some older applications attempt to write file and registry information to the wrong location. These applications assume that they have full access to the system and can write anywhere at any time. Vista emphasizes keeping application interaction with the file system and registry controlled. Virtualizing access means that Vista controls where the actual file and registry writes go, making it harder for older applications (and viruses) to write to locations that they shouldn't access.

To the top of this user account control article

Windows Tips and Tricks (Homepage)

Add to My Yahoo! Add to My MSNAdd to Google