HOME
   WINDOWS 7
   WINDOWS VISTA
Windows Setup
Security center and Windows Updates
User Account Control (UAC)
Installing hardware drivers
Desktop, startmenu, quick launch and sidebar
Windows Vista optimizing settings
Windows Vista features
Optimzing Windows Services
MSCONFIG: faster booting
Windows Mail and Windows Calendar
Managing user accounts
Diskcleanup and diskdefragmentation
Software compatibility issues
   WINDOWS XP
   SECURITY
   SOFTWARE
   NETWORK
   PREPARATION
   SYSTEM
   WWW
  

User Account Control (UAC) and administrator rights

User Account Control (UAC) in Windows Vista restricts the user and software to change major settings. This first hurdle must prevent the system to be infected by malicious software, but makes it more difficult to install and run software as well. Although UAC makes Windows safer, for many it is annoying. This security rule frequently interrupts all activity, because every change in systemsettings must be confirmed individually by the user. Unfortunately the frequency is very high, which causes the user to click them away as fast as possible. By clicking automatically to proceed malicious software will soon pass this security test and User Account Control won't be of any use. The executalbe files and system changes which have to be confirmed by UAC can be recognized by the shown administrator shield, which informs the user about the popup which will show up.

User Account Control (UAC) and administrator rights

Changing Local Policies
The temporarily (until the security alert has been confirmed) secured desktop is an unpleasant side effect of the User Account Control. This annoying interference can be disabled by Administrative Tools in the Control panel, Local Security Policy, Local Policies, Security Options, deactivate the policy for User Account Control: Switch to secure desktop when prompting for elevation. Administrator accounts won't be bothered with this security alert anymore after changing the policy User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode from Prompt for consent to Elevate without prompting. Be aware that disabling the security messages lowers the security level of the whole system, that's why the Security Center will frequently show a warning.

TIP: User Account Control can also be disabled (temporarily) by the Control panel, User Accounts, option Turn user Account Control on or off. This can be useful to be able to make many system changes at once (don't forget to enable this option again afterwards).






LOCAL SECURITY POLICY NOT AVAILABLE?

The option Local Security Policy is not available in all Windows Vista versions. In these cases, changes in the policy settings can only be realized by editiing registry values manually. Change respectively the DWORD-values PromptOnSecureDesktop to 0 (instead of 1) and ConsentPromptBehaviorAdmin to 0 (instead of 2) in the following registry key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System


Running programs with administrator rights
In some cases programs don't behave as they are supposed to do (like not saving the changed settings or added data), because Windows Vista doesn't allow the user account (administrator accounts included!) to access the files and registry keys which need to be changed to function properly. These kind of problems (like a failing product registration) can be 'solved' by running a program with administrator rights by right clicking the shortcut or program and to select Run as administrator (not necessary for setup files). This way, many programs (which work fine in combination with Windows XP) can work in combination with Windows Vista as well! Does running as administrator fix the problem, the program can be run as administrator by default by right clicking the shortcut, Properties, tab Shortcut, button Advanced. Running as administrator by default is only necessary when this does not fix the problem permanently.

DISABLING USER ACCOUNT CONTROL PERMANENTLY?

User Account Control has been added to Windows Vista for a security reason, that's why it's not wise to disable UAC permanently. It seems that UAC has a big influence on procedures concerning the security of the overall system. For example, saving the history of the visited websites (which makes it possible to autocomplete while typing the URL in the address bar of the Internet Explorer to a previously visited website) saved differently when User Account Control is disabled. After disabling UAC, the Internet Explorer protected mode (shown in the Status Bar) will be off as well.


Solving problems by changing permissions

Because of the additional permissions, some files (or registry settings) can't be changed by a certain user account (even the administrator accounts). In some cases, opening/reading files (outside the personal folders) is no problem but saving the same files can be almost impossible because of the limited permissions to write or modify files in these folder.

Problems with the permissions

The individual permissions can be taken care of in two ways: 1) running the program as administrator, or 2) changing the assigned permissions. This can be done by right clicking the file (or the folder/partition containing the file) in the Windows Explorer and to select Properties, tab Security. This screen will show that the group administrators have been assigned full permissions, while the group Users doesn't have any rights to make any changes in the files. These reduced permissions cause the error messages which indicate that the file can't be overwritten (but saving with another filename is no problem). These settings can be changed by clicking the button Edit, selecting the group Users, enabling the option Full control in the column Allow and clicking OK. If the changed permissions only need to be applied to one user account, the user name can be added first by clicking Add to add the name of the user account.

Changing the permissions: full control

WHAT IF THE FILES ARE BLOCKED...

If it's not possible to delete or move certain files because one of the running processes keeps it on hold? Track and disable the process with the Windows Task Manager (key combination CTRL-SHIFT-ESC) or Process Explorer (download: www.microsoft.com). Replacing the Windows Task Manager by Process Explorer (Options, Replace Taskmanager) is in Windows Vista only possible by disabling User Account Control permanently (because that's not desirable, Process Explorer must be run by a shortcut).


Share this information source:

Share this information on TwitterShare this information on FacebookShare this information on LinkedIn

 
 
HOME
Windows 7
Windows Vista
Windows XP		 SECURITY
AVG antivirus
Comodo Internet Security
HOSTS-file		 SOFTWARE
Shortcuts/Hotkeys
Back-up/file Sync
Free software		 NETWORK
Wireless network
Sharing files
Outlook		 PREPARATION
Installing Windows in 10 steps
Backup data/drivers
Partitioning		 SYSTEM
Resizing partitions
Multiboot
Move personal files
 

© 2001-2022 - - SchoonePC - Rotterdam - The Netherlands