CloudServus - Microsoft Consulting Blog

Disable the User Account Control (UAC) features in Windows Vista - Microsoft Consulting Services - CloudServus - United States

Written by cloudservuscom | Sep 15, 2009 9:21:49 AM

Windows Vista has the built-in ability to automatically reduce the potential of security breaches in the system. It does that by automatically enabling a feature called User Account Control (or UAC for short). The UAC forces users that are part of the local administrators group to run like they were regular users with no administrative privileges.

Although UAC clearly improves the security on Windows Vista, under some scenarios you might want to disable it, for example when giving demos in front of an audience (demos that are not security related, for example). Some home users might be tempted to disable UAC because of the additional mouse clicking it brings into their system, however I urge them not to immediately do so, and try to get used to it instead.

Anyway, if required, you can disable UAC by using one of the following methods:

Method #1 – Using MSCONFIG

  1. Launch MSCONFIG by from the Run menu.
  2. Click on the Tools tab. Scroll down till you find “Disable UAC” . Click on that line.
  3. Press the Launch button.
  4. A CMD window will open. When the command is done, you can close the window.
  5. Close MSCONFIG. You need to reboot the computer for changes to apply.

You can re-enable UAC by selecting the “Enable UAC” line and then clicking on the Launch button.

*Recommended: Speed up Vista boot times by reducing the number of programs that load at startup. Control your Vista startup list with this Vista app

Method #2 – Using Regedit

  1. Open Registry Editor.
  2. In Registry Editor, navigate to the following registry key:

    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

  3. Locate the following value (DWORD): EnableLUA and give it a value of 0.

    Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you’re supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.

  4. Close Registry Editor. You need to reboot the computer for changes to apply.

In order to re-enable UAC just change the above value to 1.

Method #3 – Using Group Policy

This can be done via Local Group Policy or via Active Directory-based GPO, which is much more suited for large networks where one would like to disable UAC for many computers at once.

If using Local Group Policy youll need to open the Group Policy Editor (Start > Run > gpedit.msc) from your Vista computer.

If using in AD-based GPO, open Group Policy Management Console (Start > Run > gpmc.msc) from a Vista computer that is a member of the domain. In the GPMC window, browse to the required GPO that is linked to the OU or domain where the Vista computers are located, then edit it.

  1. In the Group Policy Editor window, browse to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
  2. In the right pane scroll to find the User Access Control policies (theyre down at the bottom of the window). You need to configure the following policies:
  3. Youll need to reboot your computers.

Method #4 – Using Control Panel

  1. Open Control Panel.
  2. Under User Account and Family settings click on the “Add or remove user account”.
  3. Click on one of the user accounts, for example you can use the Guest account.
  4. Under the user account click on the “Go to the main User Account page” link.
  5. Under “Make changes to your user account” click on the “Change security settings” link.
  6. In the “Turn on User Account Control (UAC) to make your computer more secure” click to unselect the “Use User Account Control (UAC) to help protect your computer”. Click on the Ok button.
  7. You will be prompted to reboot your computer. Do so when ready.

In order to re-enable UAC just select the above checkbox and reboot.

Method #5 – Command Line using Reg.exe

  1. Run the following commend at the command line or include it in a script.reg.exe add HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLUA /t REG_DWORD /d 0 /f

This article was written by Daniel Petri with some additions and edits from me.  – January 8, 2009
View full post