Skip to main content

Tweak User Account Control (UAC) with Security Policies

Posted December 2005 by Steve Sinchak

To cut down on malicious software applications and beginner computer users from changing critical computer settings, Microsoft has included a new feature called User Account Control, primarily known as UAC. UAC is a great step in the right direction. It can be used to prevent a beginner computer user from making changes to their computer by restricting them from accessing or even saving any changes to critical areas.  UAC is also helpful against Spyware and other malicious software because it will require the user to consent to the action, before any system changes are made.

UAC is a good feature but sometimes it is necessary to tweak it a little so that it is less annoying for more experienced users. For example, an advanced user may be overwhelmed by the number of pop up authorization they receive. By tweaking the settings they can reduce the number of those they see as well as completely disable UAC.  Although I do not recommend you completely disable UAC, you can fine tune it to be easier to get along with.

  1. To get started, open up the Local Security Settings MMC to show the local security policies by running secpol.msc.

  2. Navigate through Local Policies and Security Options.

  3. Scroll through the list on the right of the various security settings until your reach the User Account Protection settings. Refer to the list below of the various settings, to change them, just right click and select Modify. Items in bold are the default values.

  • User Account Control: Admin Approval Mode for the Built-in Administrator account
    • Enabled
    • Disabled* User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
    • Elevate without prompting
    • Prompt for credentials
    • Prompt for consent* User Account Control: Behavior of the elevation prompt for standard users
    • Automatically deny elevation requests
    • Prompt for credentials* User Account Control: Detect application installations and prompt for elevation
    • Enabled+ Disabled* User Account Control: Only elevate executables that are signed and validated
    • Enabled
    • Disabled* User Account Control: Only elevate UIAccess applications that are installed in secure locations
    • Enabled+ Disabled* User Account Control: Run all administrators in Admin Approval Mode
    • Enabled+ Disabled* User Account Control: Switch to the secure desktop when prompting for elevation
    • Enabled+ Disabled* User Account Control: Virtualize file and registry write failures to per-user locations
    • Enabled+ Disabled

Related Posts

If you own a Google Chromecast streaming device, you can easily share a browser tab in Chrome browser or even your entire desktop.  This can be very useful when presenting from your laptop or if you just want to watch something on a big screen that is only on your PC.  The only requirement is you must be on the same network as your Chromecast...

Read More

If you are a fan of minimalist desktop experiences, hiding the desktop icons are an easy way to clean up the Windows interface.  Instead of saving everything to your desktop, use the default profile folders such as downloads and documents.  Actually hiding all the icons on your desktop is a very simple customization hidden in the right-click context menu.  Just right-click on the desktop, select View...

Read More

Google security researchers have published details about a major security flaw found in the SSL protocol that is used to encrypt data transferred between your browser and a web server. SSL is typically used in situations where logon credentials are validated...

Read More

Enabling two-factor authentication is a great way to add an additional level of protection to your Microsoft account.  Even if your password is stolen, your account is still protected because two-factor authetication requires an additional level of verification to log in. Microsoft calls their version of two-factor authentication "two-step verification" and it works by providing you with a random code...

Read More