More secure way to disable UAC. Without losing Protected Mode IE
Warning: The default configuration of UAC is far more secure, you should not alter it or turn it off!
Warning #2: Microsoft does NOT endorse any practice that reduces or disables UAC functionality, and neither do I. I do NOT use this mechanism on my own machines, and run all of them with UAC completely enabled.
However, if you’re going to turn it off anyway, at least consider the following…
There are TWO ways to effectively disable UAC. They are:
- Hit the big master switch that disables UAC. This runs every application with admin privileges and access to everything on your system.
- Enable the “Elevate without prompting” option. This means requests for elevation automatically succeed, no prompt.
So how is method #2 different?
- Applications will still run with non-Admin privileges unless they request them.
- Requests for elevation will succeed automatically.
- Filesystem and registry virtualization (ie. the “sandbox”) will still be enabled for applications running with low privileges.
- Protected Mode IE will still work
You can do it by running this reg file which won’t even require a reboot. However, it WILL set off the Security Center alert just like completely disabling UAC. If you had previously disabled UAC using the other method, you will have to re-enable it and reboot first.
So if you currently have UAC disabled, or are going to – try this instead. No, it is not nearly as secure as the default setup. Remember, any application requesting elevation will get it without telling you! But it’s better than just running with everything elevated all the time.