Subscribe via e-mail: 
Yesterday, I described how to start an application at an elevated level, i.e. with Administrator privileges under Vista. Unfortunately, this won’t prevent UAC (User Account Control) prompts from getting on your nerves. Every time a user or an Administrator runs an application requiring Administrator rights, UAC will prompt you for confirmation to proceed. Microsoft calls this “Secure Desktop Prompting“. These UAC prompts only distract you from your current task and bring no extra security. Therefore, I recommend disabling this feature.
It is supposed to prevent malware from getting started with Administrator rights. It is obvious that malware running with Administrator privileges can do more harm to your system than with standard user rights.
However, in my view, a warning of a possible security breach is only useful, if there is a relatively low chance for false positives, i.e. cases where you get a confirmation prompt without a security breach. I think, the false positive rate for security pop-ups should not be higher than 90%. This means that at least one out of 10 confirmation prompts has be to a security breach. Another important condition is that pop-ups shouldn’t show too often during your daily work.
Now you might object that if UAC prevents you, even only once from malware damaging your system, it has already done its job. For this, you accept the need to always confirm these UAC prompts. This is what Microsoft’s security experts must have had in mind. However, I think that this argument is totally wrong.
It is a technical solution to a security problem. However, it can’t work on psychological grounds. Security is mostly a psychological problem, not a technical one. Most of the so-called security experts often oversee this point. In this case, it is quite obvious that these permanent UAC pop-ups will make Administrators blind for any security-related prompts. It is a matter of fact that they will click on them automatically once they get used to them.
This way, UAC will decrease security because Administrators will lose their sensitivity for dangerous situations. If you are doing Administration work on a Vista machine, then you will get these UAC pop-ups the whole day, however, the probability of a UAC prompt rescuing you from the pitfalls of malwares during your entire career as a sysop, is not very high. If UAC would be smarter, acting like many spyware tools for XP, these prompts would make sense. But the only heuristics, UAC knows, is to prompt users whenever they access a security relevant part of the operating system.
Imagine, the sirens of your house’s alarm system wailing every time someone enters the house, comes close to your safe or touches a knife. Do you think any neighbor would care, once the sirens wail because thieves are entering your house? Well, this is exactly how UAC prompting works.
Therefore, I highly recommend turning it off. Don’t confuse this with disabling UAC, altogether. If you only disable UAC prompting for Administrators, Vista will just automatically run administration tools at an elevated level without prompting for confirmation. However, this only works for apps where Vista already knows that they need Administrator rights. Please read my article how to deal with UAC in case of legacy administration tools .
To disable the UAC elevation prompts, start the Local Security Policy tool (Just enter its name at the Program search prompt). Then, go to Local Policies/Security Options. There, you will find this option: “User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode” If you set it to “Elevate without prompting” UAC won’t get on your nerves in the future, anymore.
If you want to do this for all the computers where system administrators work, you can use Group Policy to change this setting for the corresponding Active Directory container. For this, you have to run GPMC (Group Policy Management Console) on a Vista machine which is a member of a Windows Domain. Just type in gpmc.msc at the Program search prompt. Then, you disable UAC prompting the same way as with the Local Security Policy tool.
Quite a bit of an arrogant attittude, don’t you think?
Would you call the confirmation on final file deletion useless as well, because the “false positive chance” is so high?
And obviously you don’t possess a house alarm, otherwise you would’ve know about pre-alarms that do actually sound each time you open the front door.
Most people seem to forget that the same technology exists in MacOSX and Linux (especially Ubuntu) for many years now, and has proven to be very fine there. Haven’t read a single word of bashing that in years. And now that it’s in Vista, it suddenly got bad?
Sure, MacOSX and Linux apps are often coded better (Apple started publishing books on software design for its OS right along with the OS, first MacInside volumes from 1987 or something, and Linux users are paranoid about security by default
)… but this feature could at least force Windows developer a bit to become more careful. Telling people to disable this will in the end lead to still no one caring… yeah sure, gets you less clicks, but keeps the software bad.
Hell, did sudo “decrease” security on Linux machines ???
If we KEEP this warnings, maybe more developers will start to wonder if they actually need admin rights, and adjust their apps.
Unbekannter Kommentator, you should not get insulting just because someone doesn't share your opinion.
I am not sure if I get your argument. But your point seems to be that because similar features for Mac OS X and Linux improved security, it will do the same for Windows. I don’t know about Macs, but sudo in Linux works differently than UAC prompting. It is more comparable with the runas command which is available for older Windows versions. It is something very different from a psychological point of view if an admin tells the OS explicitly to run a command with root privileges, especially if he has to authenticate with a password. On a Linux box I also have the su command. So I can logon as admin without much hassle If I have to do several things which need root privileges.
My argument is that these UAC prompts will decrease security because sysops will just forget to think of them as warnings and become used to clicking on them. They will just see this prompt “Windows wants your permission to continue”. Of course, I always want to continue. Why not? So, I click on it. This is dangerous because there are security related prompts which make sense. But if you train admins like rats, clicking all day on security prompts, they will confirm them even in cases where it is not advisable do so. That’s why I say that security related prompts with such a high rate of false-positives don’t address this problem.
As to your argument about file deletion: You know what I like most about Linux? If I type “rm * -r” it will just do what I want without bugging me with “Linux wants your permission to continue”. That is what I call a low false positive rate.
Sudo is a useful tool. There is no doubt about it. Parts of UAC, too. But UAC prompts for admins are not. This is a psychological argument, not a technical one.
[...] Why and how to disable the UAC elevation prompts (Secure Desktop Prompting) [...]
As this article points out, asking an administrator for consent to do tasks that require root access serves no purpose. It is dumb for someone who administrates a computer (let alone a regular user), to even login to the machine with an account that has root access in the first place because it’s not necessary…at least it’s not on Linux. Root/administrator logins should be completely disabled. This is why we have sudo on Linux.
It looks like the only similarity between UAC for non-administrator users and sudo is getting a prompt. Other than that, UAC for non-administrator users seems like su or runas. There is no Linux equivalent to UAC for administrators, because well, as this article points out, such a feature is not really useful.
[...] To disable the prompts, you can do it the Local Security Policy tool way, or the registry entry way. They do the same thing, so it’s up to you. [...]
DON’T DISABLE THE UAC
[...] start the Local Security Policy tool [...]
To do so, run this command:
%SystemRoot%\system32\secpol.msc /s
I have to agree with Michael.. I have been using Vista for only a couple days now, and already I am swearing when my screen blacks out and blindly clicking the ok button.
And as far as calling wolf too many times… when was the last time you heard a car alarm going off in the middle of the night and did anything besides hope the owner would turn it off soon?
I agree with Michael. The prompts are annoying and not useful because they ask you so many times. Now I don’t even read the prompt, I just memorize the location of the OK button and leave my mouse pointer there so that I can click right at the moment the popup shows.
Maybe the purpose of the prompts is that Microsoft will say ‘Hey, we warned you about the threat and you allowed it’ when something bad really happens.
Hi,
Now i need to know how to turn off the annoying notice that tells me that I have disabled the UAC.
The UAC “MAY” be usefull for my grandmother but 99% of the time, I know what I want to do an do not want to confirm. For the other 1%, hey I screwed up and will deal with the consequences.
Anyone at Microsoft ever heard of Pareto’s rule?
mark
It is really stupid to have Vista asking over and over if I want to run the Disk Cleanup program, or Firefox. Ask me once, then get on with it the next time I tell you to run it.
I agree with the author of this article, the Vista UAC is training us to automatically approve any thing it asks.
Dumb user interface.
And, yes, if my house alarm was going off all of the time, with false alarms, I’d turn it off, too.
Chris Shaker
i agree with most here that UAC prompts are annoying because they are so obtrusive when they show… but i keep them on just for the hell of it… i know when i do something that require admin privileges so i readily click allow when the dialog box shows up… but should there come a time when the box shows up and i have not done something to trigger it myself, i will know something is up… i use comodo firewall with defense+ turned WAY up for the same reason… i want to know everything my system is doing at any given time even if it means i have to click allow to windows or my firewall… i guess i may just be paranoid… but is the UAC prompt any different than a root password prompt when a user accesses certain parts of some linux distros… not really… personally, i would rather have to do these things so i know exactly what my system is doing… but that is just me… :-p
Thanks for this — it was very useful! I was trying to test this prompt coming up in my app and the sysops had turned this feature off. Horribly confusing.
Just finished turning off uac, had to take ownership of my own drive and remove some funky deny rights that get leftover, but not that long of process.
The uac is just very bad concept. There is not a control panel app that gives quick control with help files. I bet if MS kept track of problems prevented by this in real world test cases, number of benefits = 0.
Modern virus, malware, and other junk will not be slowed down by this. All this will do is get in the way of what users want to do.
@Chris Shaker: uh … why does Firefox need to run elevated? I would think Firefox was exactly the sort of program you would *not* want to run elevated — Google Chrome even goes so far as to do the majority of it’s work in processes that are as unprivileged as possible — even less privileged than my limited user account on XP.
Of course, all this prompting about the children of already-elevated processes *does* sound really moronic — just imagine if you had to click on a dialog box every time one of the install/remove/upgrade scripts for a Debian package invoked “rm”!
So I’m not sure what the best solution *is*, but I think it involves coloring certain display elements red when running e.g. Explorer elevated …
@Michael Pietroforte,
I do agree with you and have applied your tutorial, however what I would like to know:
would this local policy tweak disables UAC functionality all together or it only saves you the annoying pop-up ?? because most admins know what they are doing.
to explain myself a bit more, I would like UAC to stay on to prevent any AUTO-ACTIVATED ( maybe date/time bound) malware from harming my system while at the same time avoid the annoying pop-ups each time I want to Willingly execute a software with “run as administrator privilege”
Gringo, the problem is that Windows can’t know if it is you or malware when you launch a program. In my view UAC in Windows 7 was significantly improved. Thus I no longer recommend to turn it off.
@ Michael Pietroforte,
but if I don’t turn it off, it will still pop-up the Annoying prompt. So you’re saying that if I apply the policy above … UAC is still present but no annoying prompts anymore ?! is that the improvement made to windows 7 ‘s UAC ?
awaiting your reply,
Thx
Gringo, yes UAC is still present but it won’t protect you from malware because you won’t see a UAC prompt if malware modifies system resources. The main main improvement in Windows 7 is that by default that UAC prompts are no longer triggered if you launch Windows tools which reduces the number of prompts significantly.