Thu 1 May 2008
One of the features Vista’s UAC lacks is a way to temporary disable it without reboot. Under Linux you can just run the su command if you to have to accomplish several tasks that need root privileges. Vista and Windows Server 2008 don’t have such a feature. The only way to get rid of the UAC prompts temporarily is to logon with a domain administrator account. But sometimes this is very inconvenient. This is where a nice workaround, which I found in the Windows IT pro magazine (April 2008, p. 10) can be quite useful.
The trick is to elevate the desktop shell (explorer.exe), temporarily. Any tool that is launched from an elevated application will run with administrator rights. And best of all, UAC will not display its disturbing prompts from then on. The downside of this solution is that you have to kill the explorer process, first. You can just imagine the problems, it might cause. So I would recommend using this workaround with caution.
Here is how it goes. Create a batch file with the extension cmd with these two lines
Taskkill /F /IM explorer.exe
start C:\Windows\explorer.exe
/F means that the task is killed forcefully, and /IM stands for the image name, i.e. the file name of the process. Be careful with the second line. I had a typo in it which left me with an empty desktop. In such a case you can launch explorer.exe with the Task Manager (CTRL+ALT-DEL -> File -> New Task (Run…)).
You have to run this batch file with admin privileges (right click on it and navigate to “Run as administrator”). The UAC prompt will just be displayed once. After that you won’t see it again in this session. Note that not only those applications where its icon contains a UAC shield will be launched automatically with admin privileges, but also those programs which should never be elevated (Internet Explorer for example).
Well, this is like in the good old XP times. You will again be the absolute master of your machine. What I find interesting is how easy it is to trick UAC. If malware manages it somehow to entice you to click just once on a UAC prompt, it will be the master of your computer from then on.
Unfortunately there is no easy way to switch back to standard user rights like under Linux. After you finished your administrative tasks you have to logoff and logon again. Please, let me know if you know of any other way.
Another option to turn off UAC is the TweaUAC. I could have sworn that before SP1, rebooting Vista wasn’t required. But when I tried it today, this didn’t work anymore.
Newsletter: 
Loading ...
I didn’t try it, but wouldn’t killing explorer.exe again and relaunching it from the task manager work?
That should also work.
Perhaps make use of Runas?
I’ve UAC partially disabled, so I’m not annoyed by prompts yet still run IE in protected mode (that’s all I really care about)
Lukas, Slam, this was also my first idea, but it didn’t work. I must admit I don’t know why.
Leonardo, I think Runas won’t help here because one has to get rid of the elevated explorer.exe.
[...] A creative way to get around Vista’s UAC temporarily without having to reboot. Elevate Explorer! See the original post at: 4sysops - Temporarily disable Vista UAC without reboot [...]
Michael: I meant, using Runas to start up the User-Mode Shell…
Killing the elevated explorer.exe is no problem…
Thing is, starting explorer as in the example below yields some mutated partial UAC and the classic “Where’s my systray crap?”:
(Usage, run once for elevate, run again for failure)
=========================
@echo off
if exist “%temp%\exbat.tmp” goto undo
Taskkill /F /IM explorer.exe
start C:\Windows\explorer.exe
echo 1 > “%temp%\exbat.tmp”
goto end
:undo
del “%temp%\exbat.tmp”
Taskkill /F /IM explorer.exe
runas /trustlevel:0×20000 C:\Windows\explorer.exe
:end
=======================
My ADD and the voices in my head have notified of my loss of interest (been a couple hours, messing with services & registry keys)… I’m secpoling things back to normal .
You should do a small amount of research before posting hacks like this. You don’t need to crash the desktop shell, just tell explorer to create a separate process when new instances are launched:
reg.exe add “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced” /v SeparateProcess /t REG_DWORD /d 1 /f
If that value is set, anytime an elevated administrator session launches explorer.exe, it will create a new process without UAC enabled.
And how do this tip even compare to su on Linux? Does su replace your desktop shell when you run it? Two different tasks going on here. And if you want su on Windows, Micrsoft has made several versions that are free, or there’s the built-in runas.exe (but it won’t allow you to pipe in a password from stdin) or there’s many 3rd party tools like PsExec.exe or su alternatives, etc. etc.
For best security, your normal day-to-day user account should not be a member of the local Administrators group, even if you have UAC enabled. You should logon interactively with a standard user account, and then open your favorite command ptompt with a different ser account, one that is a member of the local Administrators group.
There is lots of good info already been written on this topic, for example:
http://blogs.msdn.com/aaron_margosis/
[...] 4sysops - Temporarily disable Vista UAC without reboot A creative way to get around Vista?s UAC temporarily without having to reboot. Elevate Explorer! [...]
@Marty - Where’s the fun in using 3rd party apps when I can screw around for hours, find a partial solution and then abandon the whole project as if I was just killing time?
You are correct in the implication that this is not the medium for such screwing around, though.
Leonardo,nice idea, but the problem is that you can’t run explorer.exe with runas under Vista. I suppose, there is a registry setting for this, too.
Marty, thanks a lot for the hint. For the copy-and-pasters: The command works without the quotation marks:
reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v SeparateProcess /t REG_DWORD /d 1 /f
Then you run start C:\Windows\explorer.exe without taskkill. Windows Explorer will pop-up then. If you want to switch back to the shell with standard rights, you just have to close this Windows Explorer window.
As to the su command. I think one can compare runas to sudo, but not to su. I compared this tip with su because it is very similar from the user’s point of view. After you launched explorer.exe this way, you get a new Windows shell (not just a command prompt) with no restrictions. I know of no other solution that is able to do this. Do you?