Skip to main content

Messing with the UAC - the Admin Approval Mode

Initially when I got Vista, I disabled UAC completely in my account and turned off Security Center alerts. However, my friend suggested that he can keep the UAC enabled, yet not get the annoying prompts. He did this by enabling the built-in Administrator account and using it.

So I thought of fiddling with the hidden settings of UAC to find out if I can re-enable UAC yet get rid of those prompts in my account with administrator privileges. This is my own account, not the built-in Administrator account.

The hidden settings can be accessed by typing in secpol.msc in the Start menu, Run dialog or a command prompt. They are under Local Policies > Security Options. All the settings concerning UAC start with the words "User Account Control." Note: secpol.msc may not be available in Home Premium or lower.

After fiddling around, I found out that what my friend thought he is doing, is actually wrong. One of the settings here is "Admin Approval Mode for the Built-in Administrator account." This setting is Disabled by default, and that means no prompts what-so-ever will be displayed in the built-in Administrator account.

However, the very feature of displaying consent prompts is named by Microsoft as "Admin Approval Mode." Therefore, turning this off is exactly the same as turning UAC off via Control Panel. If you change the above mentioned setting to Enabled, even the built-in Administrator will start to display UAC prompts, just like other accounts.

There is another setting to about the Admin Approval Mode, namely "Run all administrators in Admin Approval Mode." This setting is Enabled by default. Now, disabling this will cause the prompts to be no longer displayed in any account. But it also means that UAC is completely turned off. I had UAC turned on prior to changing this setting, and after I changed it, UAC was found to be turned off.

In fact, turning off UAC in Control Panel actually toggles the above mentioned setting.

The only true way to keep UAC turned on, but get rid of the prompts is by utilizing the setting called "Behavior of the elevation prompt for administrators in Admin Approval Mode." The default choice is Prompt for consent, but you can change this to Elevate without prompting. It means the UAC prompts are still there, but Windows automatically clicks the Continue button for you. (This is just a description to make it easy to understand. You won't see Windows actually doing it on screen. You won't even see the prompt or the Secure Desktop.)

For the above mentioned setting to work for the built-in Administrator account, the first setting mentioned in this post must be enabled. Otherwise UAC will just be disabled in that account. Also, Security Center will continue to show that UAC is off, even though it appears turned on in Control Panel.

Although I did not get any more UAC prompts despite the fact that UAC is still turned on, I ran into other problems with software that I regularly use. Most notably, enabling UAC caused the programs to run underprivileged, and certain programs generated "Access Denied" errors when trying to access files in drives other that C drive. The problem did not occur when I ran the programs as Administrator.

Due to these problems, I reversed all my changes and went back to keeping the UAC turned off. Bottom line, if you know what you are doing with your computer and won't do anything silly to get it infected, an annoying security feature is really unnecessary.


Popular posts from this blog

Disable auto save in JetBrains IDE software (IntelliJ IDEA, PyCharm, PhpStorm)

JetBrains provides the following IDE software:
IntelliJ IDEAPhpStormPyCharmRubyMineWebStormAppCodeCLion Google also provides Android Studio which is powered by the IntelliJ platform.

If you come from a different IDE such as Eclipse, you will be unpleasantly surprised to find that JetBrains-branded IDEs automatically save everything the moment you look away. The proponents argue that as you work on your project, you should not have to worry about saving files. But to others, this auto-save behavior which is enabled by default is a curse that catches them by surprise, and a shocking departure from the workflow they are very much used to.

You can change the behavior by altering some settings.

Setting up a local Oracle XE database and importing DMP file

The experience of setting up a local Oracle Express Edition database is not a straight-forward as it should be. The following is supposed to outline what could go wrong and how to go about it the right way. It also includes importing a DMP file (a dump) from another system.
First of all, download the installer from Oracle website. You will need to sign-in to download - the account creation is free. Be sure to choose the correct bit as per your computer (x64 or x86).Extract the download and install XE by running DISK1\setup.exe (and feel nostalgic of the floppy disk era). During installation, you will need to choose a new password. There will also be some details displayed after you enter the new password, such as folders and ports.Be sure to save both password and details in a text file for future reference.I saved it as C:\oraclexe\details.txt.Save password only if it's generic and you are likely to forget. The installation will take a while, but usually, no restart is necessary.O…

Stop having to click Unblock on every downloaded file

CAUTION: The blocking of downloaded files in Windows is a security and safety feature to help prevent your computer from being infected by viruses and other malware. Only disable this feature if you know what you're doing.

I had been plagued by this annoyance since the days of Windows Vista. Any downloaded file, no matter what browser I use, gets tagged as "blocked" by Windows. You can open downloaded documents even though they are blocked, but when you run a downloaded application (such as a setup file) you're presented with a "Security Warning" before you're allowed to run it. It's worse if you extract a downloaded ZIP file with the Windows' built-in ZIP management. Every extracted file is blocked by default.

Being a geek who finds unnecessary "security" prompts annoying, the first thing I do in Windows is to disable the User Account Control (UAC). But I couldn't quite figure out how to disable blocking of downloaded files until …