One of the features Vista’s UAC lacks is a way to temporary disable it without reboot. Under Linux you can just run the su command if you to have to accomplish several tasks that need root privileges. Vista and Windows Server 2008 don’t have such a feature. The only way to get rid of the UAC prompts temporarily is to logon with a domain administrator account. But sometimes this is very inconvenient. This is where a nice workaround, which I found in the Windows IT pro magazine (April 2008, p. 10) can be quite useful.
- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
The trick is to elevate the desktop shell (explorer.exe), temporarily. Any tool that is launched from an elevated application will run with administrator rights. And best of all, UAC will not display its disturbing prompts from then on. The downside of this solution is that you have to kill the explorer process, first. You can just imagine the problems, it might cause. So I would recommend using this workaround with caution.
Here is how it goes. Create a batch file with the extension cmd with these two lines
Taskkill /F /IM explorer.exe
/F means that the task is killed forcefully, and /IM stands for the image name, i.e. the file name of the process. Be careful with the second line. I had a typo in it which left me with an empty desktop. In such a case you can launch explorer.exe with the Task Manager (CTRL+ALT-DEL -> File -> New Task (Run…)).
You have to run this batch file with admin privileges (right click on it and navigate to “Run as administrator”). The UAC prompt will just be displayed once. After that you won’t see it again in this session. Note that not only those applications where its icon contains a UAC shield will be launched automatically with admin privileges, but also those programs which should never be elevated (Internet Explorer for example).
Well, this is like in the good old XP times. You will again be the absolute master of your machine. What I find interesting is how easy it is to trick UAC. If malware manages it somehow to entice you to click just once on a UAC prompt, it will be the master of your computer from then on.
Unfortunately there is no easy way to switch back to standard user rights like under Linux. After you finished your administrative tasks you have to logoff and logon again. Please, let me know if you know of any other way.
Subscribe to 4sysops newsletter!
Another option to turn off UAC is the TweaUAC. I could have sworn that before SP1, rebooting Vista wasn’t required. But when I tried it today, this didn’t work anymore.
Want to write for 4sysops? We are looking for new authors.
I didn’t try it, but wouldn’t killing explorer.exe again and relaunching it from the task manager work?
That should also work.
Perhaps make use of Runas?
I’ve UAC partially disabled, so I’m not annoyed by prompts yet still run IE in protected mode (that’s all I really care about)
Lukas, Slam, this was also my first idea, but it didn’t work. I must admit I don’t know why.
Leonardo, I think Runas won’t help here because one has to get rid of the elevated explorer.exe.
Michael: I meant, using Runas to start up the User-Mode Shell…
Killing the elevated explorer.exe is no problem…
Thing is, starting explorer as in the example below yields some mutated partial UAC and the classic “Where’s my systray crap?”:
(Usage, run once for elevate, run again for failure)
if exist “%temp%\exbat.tmp” goto undo
Taskkill /F /IM explorer.exe
echo 1 > “%temp%\exbat.tmp”
Taskkill /F /IM explorer.exe
runas /trustlevel:0x20000 C:\Windows\explorer.exe
My ADD and the voices in my head have notified of my loss of interest (been a couple hours, messing with services & registry keys)… I’m secpoling things back to normal .
You should do a small amount of research before posting hacks like this. You don’t need to crash the desktop shell, just tell explorer to create a separate process when new instances are launched:
reg.exe add “HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced” /v SeparateProcess /t REG_DWORD /d 1 /f
If that value is set, anytime an elevated administrator session launches explorer.exe, it will create a new process without UAC enabled.
And how do this tip even compare to su on Linux? Does su replace your desktop shell when you run it? Two different tasks going on here. And if you want su on Windows, Micrsoft has made several versions that are free, or there’s the built-in runas.exe (but it won’t allow you to pipe in a password from stdin) or there’s many 3rd party tools like PsExec.exe or su alternatives, etc. etc.
For best security, your normal day-to-day user account should not be a member of the local Administrators group, even if you have UAC enabled. You should logon interactively with a standard user account, and then open your favorite command ptompt with a different ser account, one that is a member of the local Administrators group.
There is lots of good info already been written on this topic, for example:
@Marty – Where’s the fun in using 3rd party apps when I can screw around for hours, find a partial solution and then abandon the whole project as if I was just killing time?
You are correct in the implication that this is not the medium for such screwing around, though.
Leonardo,nice idea, but the problem is that you can’t run explorer.exe with runas under Vista. I suppose, there is a registry setting for this, too.
Marty, thanks a lot for the hint. For the copy-and-pasters: The command works without the quotation marks:
reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /v SeparateProcess /t REG_DWORD /d 1 /f
Then you run start C:\Windows\explorer.exe without taskkill. Windows Explorer will pop-up then. If you want to switch back to the shell with standard rights, you just have to close this Windows Explorer window.
As to the su command. I think one can compare runas to sudo, but not to su. I compared this tip with su because it is very similar from the user’s point of view. After you launched explorer.exe this way, you get a new Windows shell (not just a command prompt) with no restrictions. I know of no other solution that is able to do this. Do you?
I (stupidly) ran the reg key in comment 10 without checking to see what the original value was… what do I need to do to return my system to the original state please? Is it safe to delete this value?
Mark, you can enable/disable this feature via the folder option of Windows Explorer: “Launch folder Windows in a separate process.”
Tried it, but it doesn’t work. Used tip 12 (documented in another post) to set the reg key. Shut down my session (logged off). Restarted. Confirmed that the flat is still turned on. Displayed taskmanager, found Explorer running as user. Started another explorer session using “run as administrator”. Saw the separate explorer process start as admin, then almost instantly the separate admin rights process disappeared, but the explorer window kept running. Starting app from this supposedly “elevated” explorer session did not work as expected.
Any suggestions would be appreciated.
Vista Business, 32bit, SP1, patched up to date.
Reduction from elevated explorer is very easy. Simply put, dont close the original command shell. This shell window stays active as the user who launched it, so basically…
You run the command shell, launch a NEW command shell as admin & use that one to kill & launch explorer.
When done with explorer, kill it from the elevated shell, close the elevated shell and from the non-admin shell reopen explorer.
Now you are back to how the user was before you touched it.