Thursday, February 07, 2008

Disabling the User Account Control status warning message

To disable the User Account Control status warning message:


  • Use a registry editing tool ( Start - write : regedit ) to navigate to the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center


  • Add the following value:
    Data Type:
    DWORD

    Value Name:
    UACDisableNotify

    Value:
    1

  • Restart the Security Center service for the change to take effect.

How can I disable the User Account Control (UAC) feature on my Windows Vista computer?

Windows Vista has the built-in ability to automatically reduce the potential of security breeches in the system. It does that by automatically enabling a feature called User Account Control (or UAC for short). The UAC forces users that are part of the local administrators group to run like they were regular users with no administrative privileges.

Read more about UAC here: What's User Account Control in Windows Vista?

Although UAC clearly improves the security on Windows Vista, under some scenarios you might want to disable it, for example when giving demos in front of an audience (demos that are not security related, for example). Some home users might be tempted to disable UAC because of the additional mouse clicking it brings into their system, however I urge them not to immediately do so, and try to get used to it instead.

Anyway, if required, you can disable UAC by using one of the following methods:

Method #1 - Using MSCONFIG

  1. Launch MSCONFIG by from the Run menu.

  2. Click on the Tools tab. Scroll down till you find "Disable UAP" (this should probably change to UAC in next Vista beta builds and in the RTM version). Click on that line.

  1. Press the Launch button.

  2. A CMD window will open. When the command is done, you can close the window.

  3. Close MSCONFIG. You need to reboot the computer for changes to apply.

Note that you can re-enable UAC by selecting the "Enable UAP" line and then clicking on the Launch button.

Method #2 - Using Regedit

  1. Open Registry Editor.

  2. In Registry Editor, navigate to the following registry key:

  1. Locate the following value (DWORD):

EnableLUA

and give it a value of 0.

Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

  1. Close Registry Editor. You need to reboot the computer for changes to apply.

In order to re-enable UAC just change the above value to 1.

Method #3 - Using Group Policy

This can be done via Local Group Policy or via Active Directory-based GPO, which is much more suited for large networks where one would like to disable UAC for many computers at once.

If using Local Group Policy you'll need to open the Group Policy Editor (Start > Run > gpedit.msc) from your Vista computer.

If using in AD-based GPO, open Group Policy Management Console (Start > Run > gpmc.msc) from a Vista computer that is a member of the domain. In the GPMC window, browse to the required GPO that is linked to the OU or domain where the Vista computers are located, then edit it.

In the Group Policy Editor window, browse to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.

In the right pane scroll to find the User Access Control policies (they're down at the bottom of the window). You need to configure the following policies:

You'll need to reboot your computers.

Method #4 - Using Control Panel

  1. Open Control Panel.

  2. Under User Account and Family settings click on the "Add or remove user account".

  1. Click on one of the user accounts, for example you can use the Guest account.

  2. Under the user account click on the "Go to the main User Account page" link.

  1. Under "Make changes to your user account" click on the "Change security settings" link.

  1. In the "Turn on User Account Control (UAC) to make your computer more secure" click to unselect the "Use User Account Control (UAC) to help protect your computer". Click on the Ok button.

  1. You will be prompted to reboot your computer. Do so when ready.

In order to re-enable UAC just select the above checkbox and reboot.