Tweak User Account Control (UAC) with Security Policies

To cut down on malicious software applications and beginner computer users from changing critical computer settings, Microsoft has included a new feature called User Account Control, primarily known as UAC. UAC is a great step in the right direction. It can be used to prevent a beginner computer user from making changes to their computer by restricting them from accessing or even saving any changes to critical areas. UAC is also helpful against Spyware and other malicious software because it will require the user to consent to the action, before any system changes are made.

UAC is a good feature but sometimes it is necessary to tweak it a little so that it is less annoying for more experienced users. For example, an advanced user may be overwhelmed by the number of pop up authorization they receive. By tweaking the settings they can reduce the number of those they see as well as completely disable UAC. Although I do not recommend you completely disable UAC, you can fine tune it to be easier to get along with.

1. To get started, open up the Local Security Settings MMC to show the local security policies by running secpol.msc.

2. Navigate through Local Policies and Security Options.

3. Scroll through the list on the right of the various security settings until your reach the User Account Protection settings. Refer to the list below of the various settings, to change them, just right click and select Modify. Items in bold are the default values.

* User Account Control: Admin Approval Mode for the Built-in Administrator account
o Enabled
o Disabled

* User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
o Elevate without prompting
o Prompt for credentials
o Prompt for consent

* User Account Control: Behavior of the elevation prompt for standard users
o Automatically deny elevation requests
o Prompt for credentials

* User Account Control: Detect application installations and prompt for elevation
o Enabled
o Disabled

* User Account Control: Only elevate executables that are signed and validated
o Enabled
o Disabled

* User Account Control: Only elevate UIAccess applications that are installed in secure locations
o Enabled
o Disabled

* User Account Control: Run all administrators in Admin Approval Mode
o Enabled
o Disabled

* User Account Control: Switch to the secure desktop when prompting for elevation
o Enabled
o Disabled

* User Account Control: Virtualize file and registry write failures to per-user locations
o Enabled
o Disabled

0 comments: