Tweak User Account Control (UAC) with Security Pol

[sheem]

Tweak User Account Control (UAC) with Security Policies



To cut down on malicious software applications and beginner computer users from changing critical computer settings, Microsoft has included a new feature called User Account Control, primarily known as UAC. UAC is a great step in the right direction. It can be used to prevent a beginner computer user from making changes to their computer by restricting them from accessing or even saving any changes to critical areas. UAC is also helpful against Spyware and other malicious software because it will require the user to consent to the action, before any system changes are made.

UAC is a good feature but sometimes it is necessary to tweak it a little so that it is less annoying for more experienced users. For example, an advanced user may be overwhelmed by the number of pop up authorization they receive. By tweaking the settings they can reduce the number of those they see as well as completely disable UAC. Although I do not recommend you completely disable UAC, you can fine tune it to be easier to get along with.

1. To get started, open up the Local Security Settings MMC to show the local security policies by running secpol.msc.

2. Navigate through Local Policies and Security Options.

3. Scroll through the list on the right of the various security settings until your reach the User Account Protection settings. Refer to the list below of the various settings, to change them, just right click and select Modify. Items in bold are the default values.



User Account Control: Admin Approval Mode for the Built-in Administrator account

Enabled

Disabled

User Account Control: Behavior of the elevation prompts for administrators in Admin Approval Mode

Elevate without prompting

Prompt for credentials

Prompt for consent

User Account Control: Behavior of the elevation prompt for standard users

Automatically deny elevation requests

Prompt for credentials

User Account Control: Detect application installations and prompt for elevation

Enabled

Disabled

User Account Control: Only elevate executables that are signed and validated

Enabled

Disabled

User Account Control: Only elevate UIAccess applications that are installed in secure locations

Enabled

Disabled

User Account Control: Run all administrators in Admin Approval Mode

Enabled

Disabled

User Account Control: Switch to the secure desktop when prompting for elevation

Enabled

Disabled

User Account Control: Virtualized file and registry write failures to per-user locations

Enabled

Disabled

[naz]

/up