J
John A Grandy
How to turn off User Account Control ?
The endless prompts are driving me batty ...
The endless prompts are driving me batty ...
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
J
John Barnett MVP
See this link from my website:
http://www.winuser.co.uk/windows_vista_faq/08_turn_off_user_account_control.html
--
--
John Barnett MVP
Windows XP Associate Expert
Windows Desktop Experience
Web: http://www.winuser.co.uk
Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org
Web: http://www.silversurfer-guide.com
The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..
http://www.winuser.co.uk/windows_vista_faq/08_turn_off_user_account_control.html
--
--
John Barnett MVP
Windows XP Associate Expert
Windows Desktop Experience
Web: http://www.winuser.co.uk
Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org
Web: http://www.silversurfer-guide.com
The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..
B
Bruce Chambers
John said:How to turn off User Account Control ?
The endless prompts are driving me batty ...
Control Panel > Security Center > Other Security Settings
--
Bruce Chambers
Help us help you:
http://support.microsoft.com/default.aspx/kb/555375
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. ~Benjamin Franklin
Many people would rather die than think; in fact, most do. ~Bertrand Russell
The philosopher has never killed any priests, whereas the priest has
killed a great many philosophers.
~ Denis Diderot
G
Gordon
John A Grandy said:How to turn off User Account Control ?
The endless prompts are driving me batty ...
Why are you getting "endless prompts" I ONLY get a prompt when installing
certain applications. I quite often go for days and days without any prompts
at all. You shouldn't be getting "endless prompts" under normal use, unless
you are using software that is not fully Vista compatible...
G
Gordon
John Barnett MVP said:See this link from my website:
http://www.winuser.co.uk/windows_vista_faq/08_turn_off_user_account_control.html
Should we not be finding out why the OP is getting endless prompts rather
than just showing him how to turn UAC off?
J
John Barnett MVP
I have simply answered the OP's specific question which was how to turn UAC
off. As far as the OP is concerned the prompts are 'driving him batty.' If
there was a specific problem I would imagine that the OP would have pointed
that out, in which case we could have elaborated a little more.
While I agree, Yes we could have asked 'what is your specific problem' but I
have found that, in many cases, a reply to ones specific questioning isn't
always forthcoming. We spend a lot of time answering questions, not only on
this newsgroup, but many others, and although most posts answered by me are
flagged I don't always have the time to keep going back over old posts to
see if someone has answered my specific question.
Your own signature line says it all. We can only answer the question posed
by the poster, if all the information isn't there we can only give an
'approximate' answer and hope that that solves the problem. We certainly are
not infallible, but we also do not get paid for our contributions to users
problems and, in the end, we do have to juggle between a full time job and
voluntary support technicians. We are not super human, we can't read minds,
all we can do is answer the original question posed.
--
--
John Barnett MVP
Windows XP Associate Expert
Windows Desktop Experience
Web: http://www.winuser.co.uk
Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org
Web: http://www.silversurfer-guide.com
The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..
off. As far as the OP is concerned the prompts are 'driving him batty.' If
there was a specific problem I would imagine that the OP would have pointed
that out, in which case we could have elaborated a little more.
While I agree, Yes we could have asked 'what is your specific problem' but I
have found that, in many cases, a reply to ones specific questioning isn't
always forthcoming. We spend a lot of time answering questions, not only on
this newsgroup, but many others, and although most posts answered by me are
flagged I don't always have the time to keep going back over old posts to
see if someone has answered my specific question.
Your own signature line says it all. We can only answer the question posed
by the poster, if all the information isn't there we can only give an
'approximate' answer and hope that that solves the problem. We certainly are
not infallible, but we also do not get paid for our contributions to users
problems and, in the end, we do have to juggle between a full time job and
voluntary support technicians. We are not super human, we can't read minds,
all we can do is answer the original question posed.
--
--
John Barnett MVP
Windows XP Associate Expert
Windows Desktop Experience
Web: http://www.winuser.co.uk
Web: http://xphelpandsupport.mvps.org
Web: http://vistasupport.mvps.org
Web: http://www.silversurfer-guide.com
The information in this mail/post is supplied "as is". No warranty of any
kind, either expressed or implied, is made in relation to the accuracy,
reliability or content of this mail/post. The Author shall not be liable for
any direct, indirect, incidental or consequential damages arising out of the
use of, or inability to use, information or opinions expressed in this
mail/post..
A
Allan Michaelsen
Under "Control Panel" select "User Accounts". Find the one you use and the
bottom selection should say something like "turn user account control on or
off". Excuse me if the text is not 100 % correct as I am using a Danish
version and therefore do not know what it actually says in the English
version
bottom selection should say something like "turn user account control on or
off". Excuse me if the text is not 100 % correct as I am using a Danish
version and therefore do not know what it actually says in the English
version
G
Gordon
John Barnett MVP said:I have simply answered the OP's specific question which was how to turn UAC
off. As far as the OP is concerned the prompts are 'driving him batty.' If
there was a specific problem I would imagine that the OP would have pointed
that out, in which case we could have elaborated a little more.
While I agree, Yes we could have asked 'what is your specific problem' but
I have found that, in many cases, a reply to ones specific questioning
isn't always forthcoming. We spend a lot of time answering questions, not
only on this newsgroup, but many others, and although most posts answered
by me are flagged I don't always have the time to keep going back over old
posts to see if someone has answered my specific question.
Your own signature line says it all. We can only answer the question posed
by the poster, if all the information isn't there we can only give an
'approximate' answer and hope that that solves the problem. We certainly
are not infallible, but we also do not get paid for our contributions to
users problems and, in the end, we do have to juggle between a full time
job and voluntary support technicians. We are not super human, we can't
read minds, all we can do is answer the original question posed.
I agree with all you say, but, as UAC is supposed to be a security function,
my point was, that instead of just telling the OP how to turn off security,
it might have been better to ask why he's getting all the prompts in the
first place. (Could be malware, could be anything, if the OP is not actually
doing anything himself to cause the prompts). I get UAC may be two or three
times a week, while I'm doing an operation that requires raised access
rights. If I suddenly started getting lots of UAC prompts when I wasn't
doing anything, I personally wouldn't ask just how to turn it off, and I
personally wouldn't expect any sort of computer professional to supply that
simplistic response.
Would you recommend turning off an AV application if it started giving lots
of warnings?
Just my 2p worth...
S
Sam Hobbs
I agree that it is usually best to answer the question as stated, and doing
that here is good. I know that when I ask a question, I am often frustrated
when someone thinks I need to do something different and posts a message
with something that does not help then argues with me when I explain that I
actually do know what I am doing and that their suggestion does not help.
Usually, I am in your position in the sense of being the person answering
questions. I was the first person in the CodeGuru.com forums to reach 10,000
posts and more than 99% of them were attempts to help others. I have also
been answering questions in the MSDN forums. I know that people often ask
for help solving a problem that they think is a solution to a more
fundamental problem and that they should ask for help with the more
fundamental problem.
As for the UAC is concerned, I do find articles explaining how to turn off
UAC but I don't find anything explaining the problems that might exist if I
do; what vulnerabilities are possible that the UAC protects us from. If
turning off the UAC makes an Administrator account behave essentially the
same as the way that an Administrator account behaves in XP then for those
of us that "know what we are doing" and use a limited account for everything
that does not need Administrator privileges then it seems reasonable to turn
it off. I wish someone would explain that and I have not seen that type of
explanation.
that here is good. I know that when I ask a question, I am often frustrated
when someone thinks I need to do something different and posts a message
with something that does not help then argues with me when I explain that I
actually do know what I am doing and that their suggestion does not help.
Usually, I am in your position in the sense of being the person answering
questions. I was the first person in the CodeGuru.com forums to reach 10,000
posts and more than 99% of them were attempts to help others. I have also
been answering questions in the MSDN forums. I know that people often ask
for help solving a problem that they think is a solution to a more
fundamental problem and that they should ask for help with the more
fundamental problem.
As for the UAC is concerned, I do find articles explaining how to turn off
UAC but I don't find anything explaining the problems that might exist if I
do; what vulnerabilities are possible that the UAC protects us from. If
turning off the UAC makes an Administrator account behave essentially the
same as the way that an Administrator account behaves in XP then for those
of us that "know what we are doing" and use a limited account for everything
that does not need Administrator privileges then it seems reasonable to turn
it off. I wish someone would explain that and I have not seen that type of
explanation.
S
Spirit
http://www.tweak-uac.com/
Tweak UAC Utility - put UAC in Quiet Mode or On/OFF easily
http://xenomorph.net/?page_id=336
Vista Tweaker - UAC too
http://www.petri.co.il/disable_uac_in_windows_vista.htm
Disable UAC
http://technet.microsoft.com/en-us/windowsvista/aa905108.aspx
User Account Control
http://technet.microsoft.com/en-us/windowsvista/aa906022.aspx
TechNet Getting Started with UAC
http://technet2.microsoft.com/Windo...8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true
Windows Vista User Account Control Step by Step Guide
http://windowshelp.microsoft.com/windows/en-us/help/f941cb45-b2cd-4b39-ab87-cb9ea959f44e1033.mspx
Understanding UAC
Tweak UAC Utility - put UAC in Quiet Mode or On/OFF easily
http://xenomorph.net/?page_id=336
Vista Tweaker - UAC too
http://www.petri.co.il/disable_uac_in_windows_vista.htm
Disable UAC
http://technet.microsoft.com/en-us/windowsvista/aa905108.aspx
User Account Control
http://technet.microsoft.com/en-us/windowsvista/aa906022.aspx
TechNet Getting Started with UAC
http://technet2.microsoft.com/Windo...8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true
Windows Vista User Account Control Step by Step Guide
http://windowshelp.microsoft.com/windows/en-us/help/f941cb45-b2cd-4b39-ab87-cb9ea959f44e1033.mspx
Understanding UAC
G
Gordon
Hank J. said:Then "Gordon" the nanny probably pisses you off a lot.
Do a lot of posting here do we? Who rattled your cage?
M
Mike Hall - MVP
Gordon said:Should we not be finding out why the OP is getting endless prompts rather
than just showing him how to turn UAC off?
--
Asking a question?
Please tell us the version of the application you are asking about,
your OS, Service Pack level
and the FULL contents of any error message(s)
UAC is a love/hate function with no grey area in-between. I have it turned
OFF..
G
Gordon
Mike Hall - MVP said:UAC is a love/hate function with no grey area in-between. I have it turned
OFF..
But you, I presume, know what you are doing. The OP presumably, may not....
M
Mark H
How did we ever live without UAC?
If you didn't have problems with malware before UAC, you probably don't need
UAC now.
With any other detection scheme, all those prompts would be called "false
positives" and leads to ignoring the prompt.
In that sense only, UAC is garbage.
Is it protecting me? Not unless you actually pay attention to all those
prompts and recognize who started the process.
Nothing beats safe hex.
If you didn't have problems with malware before UAC, you probably don't need
UAC now.
With any other detection scheme, all those prompts would be called "false
positives" and leads to ignoring the prompt.
In that sense only, UAC is garbage.
Is it protecting me? Not unless you actually pay attention to all those
prompts and recognize who started the process.
Nothing beats safe hex.
G
Gordon
DonQ said:IIRC, not too long ago you were saying that anyone who ran with UAC
off was part of the rabble that was responsible for all the malware
and virus infestations world wide.
Somehow Mike escaped that, hmm?
Of course. I expect someone with MVP status to know what they are doing.
Most people do not - along with running as an admin account on a daily
basis, which is also a major factor in the proliferation of viruses and
Trojans.
And in any case - if one does WORK with the machine rather than fiddling and
messing with it, then the instance of UAC popping up is negligible. I get
UAC maybe two or three times a WEEK.
M
Mark H
If your antivirus asked you every time you clicked on a file:
"The file you are about to open may be a virus. Do you wish to continue?"
How long before you turned it off?
If your firewall produced a message every time you accessed the internet:
"Your computer is attempting to connect with the internet. This could result
in the loss of personal information. Do you wish to continue?"
How long before you turned it off?
Live in whatever fear makes you feel safer.
Still malware free after 30+ years on computers.
"The file you are about to open may be a virus. Do you wish to continue?"
How long before you turned it off?
If your firewall produced a message every time you accessed the internet:
"Your computer is attempting to connect with the internet. This could result
in the loss of personal information. Do you wish to continue?"
How long before you turned it off?
Live in whatever fear makes you feel safer.
Still malware free after 30+ years on computers.
Jack the Ripper said:Mark said:How did we ever live without UAC?
If you didn't have problems with malware before UAC, you probably don't
need
UAC now.
With any other detection scheme, all those prompts would be called "false
positives" and leads to ignoring the prompt.
In that sense only, UAC is garbage.
Is it protecting me? Not unless you actually pay attention to all those
prompts and recognize who started the process.
Nothing beats safe hex.
You are wrong, and with UAC on one is practicing safehex.
Saucy said:Justin wrote:
Jack the Ripper wrote:
Justin wrote:
Jack the Ripper wrote:
+Bob+ wrote:
On Sun, 15 Feb 2009 15:43:31 -0500, Jack the Ripper
<[email protected]>
wrote:
Nothing is bulletproof, but one doesn't see a lot of posts by
Vista users about virus or malware issues, not like you see on
XP.
No, but you do see a lot of posts about how UAC sucks. Good
idea, bad
implementation.
It's the posts of the ignorant. I would rather have it enabled
so that I am not on the Internet with full admin rights, like
the previous versions of the NT based O/S(s,) which are open by
default O/S(s) and wide-open to attack/compromise by default.
Is that so hard for you or anyone else to understand?
As long as you're not logged on as admin you should be fine. At
most I keep users at Power User rights.
While I understand running as admin is unsafe, simply having the
account enabled is not a security risk.
I am going to try to explain this again. The out of the box admin
account on Vista that is given to a user or any subsequent admin
account that is created on Vista with UAC enabled is NOT a
full-rights-admin account. It's only a Standard user account,
which must be escalated to a use the full-adminrights token to do
anything requiring admin-full-rights as an administrator.
I get it.
I don't need any escalation to admin. The problem is, what if
there's some malware. Some malware named "winenhancer." The user
sees the UAC prompt "Winenhancer must access the internet!" and the
user clicks on yes.
So UAC only works when the user knows everything about the PC,
which is unrealistic for a standard dumb user whose job is to type
out proposals and reports.
Oh, I get it. It's not the responsibility of the dumb user to know
what he or she is dumbly clicking on as they point and click. It's
their responsibly to know the situation, but they don't and most
never will.
However, network admins take that responsibly for this type of
worker by using a network proxy that only allows the users to go to
approved sites closing the attack vector and mitigating such damage,
as its their responsibility to protect company's interest and not
some office clerk, lock them down.
Just like with Linux which has the same kind of an approval process
within its O/S, they point, click, approve and it's all bets are
off. But with UAC enabled when one does this, the damages are
mitigated to a certain degree as UAC protects critical areas and
also not allowing the malware to continuously run under the context
of the user-admin full-rights access token, to spread damage.
But rather with UAC enabled, the compromise runs under the context
of the admin's Standard user token, because admin user on Vista is
returned to using that token upon privileged escalation completion,
and it's a limit rights token, which mitigates/limits damage.
Like I said, nothing is bulletproof not even god's O/S Linux, but
UAC on the MS platform is better than have nothing at all, which is
the case in fact with the previous versions of the NT based O/S
platform, open by default O/S(s), to help protect the O/S.
Real time scanning by (even free) third party programs provides (in
many cases) superior protection with less annoyance.
So why put something in the OS that just pisses many people off and
is (by MS admission) made irritating on purpose?
Didn't he just explain it to you? Re-read his post:
"But rather with UAC enabled, the compromise runs under the context
of the admin's Standard user token, because admin user on Vista is
returned to using that token upon privileged escalation completion,
and it's a limit rights token, which mitigates/limits damage."
Combining secutity features such as UAC and real time scanning makes
systems more difficult to compromise both directly and indirectly
[say, by social engineering].
EXCELLENT!
M
Mark H
Well, you missed it completely.
The point is not what an AV or Firewall does, it's that UAC produces too
many false positive responses to be considered anything but a nuisance.
I believe that in a company environment where standard setups are the only
allowed software, you would hardly or never see the prompts. That's not me.
I test software, restoring backups between every test to revert back to a
"standard" machine. So, I see the prompts 20 to 30 times a day. And, yes, I
just click Continue since I already know what is driving the prompt.
I don't turn UAC off, because it would invalidate the testing and it tends
to cause other errors with permissions during installation of files when
turned off and I have to know what the customer is going to run into as they
would experience it.
Yes, I typically operate as an admin over 50% of the time since I am not
part of a greater network with a bunch of people who would install garbage
for me if I didn't right the rules to block it. And, despite this, I still
don't get malware. I do use an AV, Firewall, Router and occasionally scan
for the garbage, but seldom find anything more than "spyware" cookies. (The
"more" is still classified as spyware, not malware.)
The point is not what an AV or Firewall does, it's that UAC produces too
many false positive responses to be considered anything but a nuisance.
I believe that in a company environment where standard setups are the only
allowed software, you would hardly or never see the prompts. That's not me.
I test software, restoring backups between every test to revert back to a
"standard" machine. So, I see the prompts 20 to 30 times a day. And, yes, I
just click Continue since I already know what is driving the prompt.
I don't turn UAC off, because it would invalidate the testing and it tends
to cause other errors with permissions during installation of files when
turned off and I have to know what the customer is going to run into as they
would experience it.
Yes, I typically operate as an admin over 50% of the time since I am not
part of a greater network with a bunch of people who would install garbage
for me if I didn't right the rules to block it. And, despite this, I still
don't get malware. I do use an AV, Firewall, Router and occasionally scan
for the garbage, but seldom find anything more than "spyware" cookies. (The
"more" is still classified as spyware, not malware.)
J
Jack the Ripper
Mark said:Well, you missed it completely.
No, you have missed the point entirely.
The point is not what an AV or Firewall does, it's that UAC produces too
many false positive responses to be considered anything but a nuisance.
They are NOT false positive responses. Whatever you are trying to do
requires escalated privileges to use the user-admin account's full-
rights access token to perform the task or allow a program to run that
needs full-admin-rights to execute, with UAC enabled.
I believe that in a company environment where standard setups are the
only allowed software, you would hardly or never see the prompts. That's
not me. I test software, restoring backups between every test to revert
back to a "standard" machine. So, I see the prompts 20 to 30 times a
day. And, yes, I just click Continue since I already know what is
driving the prompt.
That's you.
I don't turn UAC off, because it would invalidate the testing and it
tends to cause other errors with permissions during installation of
files when turned off and I have to know what the customer is going to
run into as they would experience it.
You are correct that it will cause problems with UAC disabled, because
the admin-account you're using out of the box that Vista gives one is
not a full-admin-rights account even with UAC disabled. In certain
situations with UAC disable, the user-admin account must still be
escalated and it can't be escalated, therefore, the problem.
Yes, I typically operate as an admin over 50% of the time since I am not
part of a greater network with a bunch of people who would install
garbage for me if I didn't right the rules to block it. And, despite
this, I still don't get malware. I do use an AV, Firewall, Router and
occasionally scan for the garbage, but seldom find anything more than
"spyware" cookies. (The "more" is still classified as spyware, not
malware.)
As far as your testing, you do know about the hidden-full-admin-rights
at all times admin account? You can use that account to test with, leave
UAC enabled, and you will not get any UAC prompts, because it's already
escalated to full-admin-rights. And yes, it's that same account that's
on the previous versions of the NT based O/S(s).
<http://www.howtogeek.com/howto/wind...idden-administrator-account-on-windows-vista/>
<http://technet.microsoft.com/en-us/library/cc709691.aspx>
Here is a little FYI for you, anything that runs with the O/S can be
fooled just like the O/S can be fooled, because it all written by human
beings and we are not perfect.
<http://technet.microsoft.com/en-us/library/cc512587.aspx>
You shouldn't lean on your little detection crutch too hard. You should
look around from time to time to see what's running on the machine with
the proper tools.
<http://www.windowsecurity.com/artic...d_Rootkit_Tools_in_a_Windows_Environment.html>
S
Sam Hobbs
Jack the Ripper said:They are NOT false positive responses. Whatever you are trying to do
requires escalated privileges to use the user-admin account's full- rights
access token to perform the task or allow a program to run that needs
full-admin-rights to execute, with UAC enabled.
Another possibility is that the developers might not be using the least
privileges that their software needs and instead required Administrator
privileges.
S
Sam Hobbs
If there were a very real possibility that prompts such as that could
prevent malware from getting executed (or not killed depending on the
definition of executed) then it would be foolish to turn them off.
prevent malware from getting executed (or not killed depending on the
definition of executed) then it would be foolish to turn them off.