User Account Control is probably the most underestimated and perhaps even the most hated feature that made its debut in Vista and became part of all subsequent versions of Windows. For the most part, the flow of hatred that users pour out on User Account Control is undeserved, in my opinion, since the function is of real use. I fully agree that User Account Control (hereinafter referred to as simply UAC) can be quite annoying at times, but it was introduced to Windows with a purpose. No, not to interfere with users, but to facilitate a smooth transition from a standard (limited) account to an administrator account.

In this article, I'll explain what UAC is, how it works, why it's needed, and how to set it up. It is not my intention to instruct you why you should use UAC, but to inform you of what you lose by disabling this feature.

A little background and account information

As you should know, Windows works with so-called accounts. They are of two types: administrator and standard (limited).

The administrator account gives the user full access to all functions of the operating system, i.e. the user can do whatever he wants. A standard account user has reduced privileges, and therefore only certain things are allowed. This is usually anything that only affects the current user. For example: changing the desktop wallpaper, mouse settings, changing the sound scheme, etc. In general, everything that concerns a specific user and does not apply to the entire system is available in a standard account. For everything that can affect the system as a whole, administrator access is required.

One of the tasks assigned to these accounts is to protect against malicious code. The general idea here is that the user performs normal work under a limited account and switches to the administrator account only when the action requires it. Paradoxically, malware receives the same level of rights with which the user logged into the system.

In Windows 2000 and Windows XP, performing actions on behalf of the administrator is not flexible enough, and therefore it was not very convenient to work under a limited account. One way to perform an administrator action on these versions of the system is to log out of a restricted account (or fast switch if using Windows XP) -> log in to an administrator account -> perform an action -> log out of an administrator account (or fast switch if used Windows XP) -> revert to limited account.

Another option is to use the context menu and the "Run as different user" option, which opens a window where you need to provide the appropriate administrator account and password in order to run the file as an administrator. This is a fairly quick way to switch from one account to another, but it does not apply to any situation that requires administrative privileges. Another problem with this method is that the administrator account must have a password or the execution will fail.

That's why Windows Vista introduced the User Account Control feature, and Windows 7 brought it almost to perfection.

What is UAC

UAC is a feature in Windows Vista, 7, 8, 8.1, and 10 that aims to make the transition from restricted to administrator environment as smooth and hassle-free as possible, eliminating the need to manually run files as administrator or switch between accounts. In addition, UAC is an additional layer of protection that requires almost no effort on the part of the user, but is able to prevent serious damage.

How UAC works

When a user logs into their account, Windows creates a so-called user access token, which contains certain information about the account, and mainly the various security identifiers that the operating system uses to control the access capabilities of that account. In other words, this token is a kind of personal document (like a passport, for example). This applies to all versions of Windows based on the NT kernel: NT, 2000, XP, Vista, 7, 8 and 10.

When a user logs into a standard (restricted) account, a standard user token with limited privileges is created. When a user logs into an administrator account, a so-called. administrator token with full access. Logically.

However, in Windows Vista, 7, 8, and 10, if UAC is enabled and the user is logged into an administrator account, Windows creates two tokens. The administrator one remains in the background, and the standard one is used to launch Explorer.exe. That is, Explorer.exe runs with limited rights. In this case, all processes launched after that become subprocesses of Explorer.exe with inherited limited privileges of the main process. If a process needs administrator rights, it requests an administrator token, and Windows in turn asks the user's permission to grant this token to the process in the form of a special dialog box.

This dialog contains a so-called secure desktop that only the operating system has access to. It looks like a darkened snapshot of the real desktop, and contains only an administrator rights confirmation window and possibly a language bar (if more than one language is activated).

If the user disagrees and clicks No, Windows will deny the process an administrative token. And if he agrees and selects "Yes", the operating system will grant the process the privileges it needs, namely, the administrator token.

If the process is already running with reduced privileges, it will be restarted with elevated (administrative) privileges. A process cannot be "downgraded" or "promoted" directly. Once a process has been started with one token, it will not be able to gain other rights until it is started again with new rights. An example is the Task Manager, which always starts with limited rights. If you click the "Show processes of all users" button, Task Manager will be closed and started again, but with administrator rights.

When using a standard account, UAC asks you to specify a specific administrator account and enter a password:

How UAC Protects the User

By itself, UAC does not provide much protection. It just facilitates the transition from a limited environment to such an administrative one. So the more correct question, therefore, is: How does a restricted account impede a user. Under a restricted user profile, processes cannot access certain system zones:

• main disk partition;
• user folders of other users in the \Users\ folder;
• Program Files folder
• the Windows folder and all its subfolders;
• sections of other accounts in the system registry
• HKEY_LOCAL_MACHINE key in the system registry.

Any process (or malicious code) without administrator rights cannot get deep into the system without having access to the necessary folders and registry keys, and therefore cannot cause serious damage to the system.

Can UAC interfere with older programs that are not officially compatible with Vista/7/8/10

Should not. When UAC is enabled, virtualization is also enabled. Some old and/or simply sloppy programs don't use the correct folders to store their files (settings, logs, etc.). The correct folders are the folders in the AppData directory that each account has and where each program can create a folder to store whatever they want there.

Some programs try to save their files in Program Files and/or Windows. If the program is run with administrator rights, this will not be a problem. However, if the program is running with limited permissions, it will not be able to make changes to files/folders in Program Files and/or Windows. The operating system simply won't let it.

To prevent problems with such programs, Windows offers the virtualization of folders and registry keys, to which programs with limited rights do not have access in principle. When such a program tries to create a file in a protected folder, the operating system redirects it to a special VirtualStore folder located in X:\Users\<имя-вашего-профиля>\AppData\Local\(where X: is the system partition, usually C:). Those. through the eyes of the program itself, everything is in order. It doesn't run into obstacles and believes it creates files/folders exactly where it wants to. VirtualStore usually contains Program Files and Windows subfolders. Here is a screenshot of the Program Files in my VirtualStore folder:

And here is what is in the SopCast folder, for example:

Those. if UAC were stopped, or the program was always run with administrator rights, these files/folders would be created in C:\Program Files\SopCast. In Windows XP, these files and folders would have been created without problems, because in it all programs have administrator rights by default.

This, of course, should not be considered by the developers as a permanent solution. The duty of each author is to create software that is fully compatible with current operating systems.

UAC Dialog Boxes

You may have noticed that there are only three different UAC dialog boxes. Here we will look at those in Windows 7, 8.x and 10. In Vista, the dialogs are slightly different, but we will not dwell on them.

The first window type has a dark blue stripe at the top and a shield icon at the top left, which is divided into 2 blue and 2 yellow sections. This window appears when confirmation is required for a process with a digital signature that belongs to the operating system - the so-called. windows binaries. We'll talk about them below.

The second type of window also has a dark blue ribbon, but the shield icon is all blue and has a question mark. This window appears when confirmation is required for a digitally signed process, but the process/file does not belong to the operating system.

The third window is decorated with an orange stripe, the shield is also orange, but with an exclamation point. This dialog appears when confirmation is required for a process without a digital signature.

UAC settings

User Account Control settings (modes of operation) are located in Control Panel -> System and Security -> Change User Account Control Settings. There are only 4 of them:

Always notify is the highest level. This mode is equivalent to the way UAC works in Windows Vista. In this mode, the system always requires confirmation of administrator rights, regardless of the process and what it requires.

The second level is used by default in Windows 7, 8.x and 10. In this mode, Windows does not display the UAC window when it comes to the so-called Windows binaries. Those. if a file/process that requires administrator rights meets the following 3 conditions, the operating system will grant them automatically without confirmation from the user:

• the file has a built-in or as a separate file manifest (manifest), which indicates automatic elevation of rights;
• the file is located in the Windows folder (or any of its subfolders);
• the file is signed with a valid Windows digital signature.

The third mode is the same as the second (previous), but with the difference that it does not use the secure desktop. That is, the screen does not dim, but the UAC dialog box appears like any other. Microsoft does not recommend using this option, and I will explain why later.

Do not notify me is the fourth and final level. In fact, this means completely disabling UAC.

Two remarks are pertinent here:

• Windows digital signature refers specifically to the operating system. I say this because there are also files that have been digitally signed by Microsoft. These are two separate signatures, with UAC only recognizing the Windows digital signature as it acts as proof that the file is not only from Microsoft, but is part of the operating system.
• Not all Windows files have an auto-elevation manifest. There are files that are intentionally devoid of this. For example, regedit.exe and cmd.exe. It is clear that the second one is deprived of automatic promotion, because it is very often used to start other processes, and as already mentioned, each new process inherits the rights of the process that launched it. This means that anyone could use the command line to seamlessly run any processes with administrator privileges. Fortunately, Microsoft is not stupid.

Why it's important to use a secure desktop

A secure desktop prevents any possible interference and influence from other processes. As mentioned above, only the operating system has access to it and with it it accepts only basic commands from the user, that is, pressing the Yes or No button.

If you're not using the secure desktop, an attacker can fake a UAC window to trick you into running their malicious file as an administrator.

When are admin rights needed? When does the UAC window appear?

In general, there are three cases in which UAC addresses the user:

• when changing system (not user) settings, although in fact this only applies to the maximum UAC level;
• when installing or uninstalling a program/driver;
• when an application/process requires administrator privileges to make changes to system files/folders or registry keys.

Why is it important not to disable UAC

User Account Control provides a high level of protection, and requires almost nothing in return. That is, the UAC efficiency is very high. I don't understand why he irritates people so much. In everyday work, the average user sees the UAC window 1-2 times a day. Maybe even 0. Is that a lot?

The average user rarely changes system settings, and when he does, UAC doesn't bother with his questions if he works with the default settings.

The average user does not install drivers and programs every day. All drivers and most of the necessary programs are installed once - after installing Windows. That is, this is the main percentage of UAC requests. After that, UAC interferes only with updates, but new versions of programs are not released every day, not to mention drivers. Moreover, many do not update either programs or drivers at all, which further reduces UAC issues.

Very few programs need administrator rights to do their job. These are mainly defragmenters, cleaning and optimization tools, some programs for diagnostics (AIDA64, HWMonitor, SpeedFan, etc.) and system settings (Process Explorer and Autoruns, for example, but only if you need to do something specific - say, disable a driver /service or program that starts with Windows). And all these are programs that either can not be used at all, or in rare cases. All frequently used applications work absolutely fine with UAC and do not ask any questions:

• multimedia players (audio and/or video);
• video/audio converters;
• programs for image/video/audio processing;
• programs for capturing screenshots of the desktop or video recording on it;
• programs for viewing images;
• web browsers;
• file downloaders (download managers and P2P network clients);
• FTP clients;
• instant messengers or programs for voice / video communication;
• disc burning software;
• archivers;
• text editors;
• PDF readers;
• virtual machines;
• and etc.

Even installing Windows updates does not enable the UAC window.

There are people who are willing to sacrifice 1-2 or more minutes a day to "optimize" the system with some crooked programs that do nothing useful, but are not willing to spend a few seconds a day to answer UAC prompts.

Various statements like “I am an advanced user and I know how to protect myself” are not enough, because no one is safe and the outcome of certain situations does not always depend on the user. Moreover, people make mistakes, it happens to everyone.

Let me give you one example: suppose you are using a program that has vulnerabilities, and one day you end up on a site that exploits those vulnerabilities. If user account control is enabled and the program runs with limited rights, the attacker will not be able to cause much trouble. Otherwise, the damage to the system can be enormous.

And this is just one of many examples.

Run applications along with Windows with administrator rights

I admit that perhaps there are users who turn off UAC just to be able to run programs along with Windows and with administrator rights. This is not possible in the normal way because UAC cannot send a request to the user until the desktop is loaded. However, there is a way that you can leave UAC enabled. Here he is:

• open Task Scheduler;
• click Create a task;
• in field Name type in anything you like and at the bottom of the window turn on the option Run with highest privileges;
• go to tab triggers and press Create;
• select from the dropdown menu at the top When you log in; if you want to create a task for a specific user, select the option User, and then click Change user; enter your username and confirm by pressing the button OK;
• go to tab Actions and press Create;
• click Review, select the appropriate application and confirm your choice;
• go to tab Terms and disable the option Run only on mains power;
• tab Options disable the Stop task running longer option;
• confirm by pressing OK.

Ready. A task has been added so that the application will now automatically load with administrator rights. Here, however, there is one small snag: all such tasks are performed with a priority lower than normal - below normal (below the norm). If it suits you, then everything is in order. If not, then you'll have to work a little harder:

• run Task Scheduler if you have already closed it;
• select Task Scheduler Library;
• mark your task, click Export and save it in .xml format;
• open the .xml file in a text editor;
• find section 7 , which should be at the end of the file and change the seven (7) between the opening and closing tags to five (5);
• save the file;
• in the Task Scheduler, highlight your task again, click Delete and confirm the deletion;
• now click Import task, select the file you just saved and click the button OK.

That's all. Whether or not you use UAC is up to you, but it's important to know what you're missing out on by disabling this feature, as well as being aware of the risks. Thank you for your attention!

Have a great day!

The UAC program allows you to control records and ensures the security of the operating system during high-risk operations. Some users do not want to work with this feature and are looking for options on how to disable it. The following article will describe methods for disabling UAC in Windows 7.

Shutdown Options

UAC controls all actions carried out on behalf of the administrator, opening system programs, third-party software, and so on. In this case, a confirmation window for certain user manipulations will appear on the screen. Thus, you can protect your computer from the effects of virus software and malicious activity. Many users do not want to regularly confirm every action they perform and believe that such reinsurance is unnecessary. In this case, the question arises of disabling this feature. Further in the article, methods for deactivating UAC will be considered.

Each of the methods below can only be performed if you are logged in as an administrator.

Method 1: Change account settings

The most common method for disabling alerts is to set up a user account. There are several options to open an account.

Another option to open the desired window, "Control Panel". To do this, follow these steps:

You can also use the search bar in "Start". To do this, you need to take the following steps:

You can also open the required tool using the window "System configuration".

The last method is the easiest. You can open the desired item using the "Run" menu.

Method 2: "command line"

You can deactivate UAC using the open as administrator "Command line".

1. open "Start" and go to section "All programs".




2. Select a line from the proposed list "Standard".




3. Having expanded the block, right-click on the value "Command line" and select from the pop-up menu "Run as administrator".




4. Enter the command:

   C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

   Press key "Enter" to confirm the actions taken.




5. At the end of the uninstallation process, you need to restart your computer. The next time you turn it on, UAC warnings will no longer appear.

Method 3: Registry Fix

To disable UAC, you can use "Registry Editor".

1. Press two keys, as described above, and enter in the empty field Regedit, then confirm your actions with the button "OK".




2. open line "A computer" to expand directories.




3. From the suggested folders, open "HKEY_LOCAL_MACHINE", and then SOFTWARE.




4. Go to item Microsoft.




5. Now click Windows, and further "CurrentVersion".




6. Click the items in sequence as follows: Policies — System — "EnableLUA". If the value 1 is written opposite the last section, then UAC is enabled.




7. Change it to 0 to fix this by right clicking and selecting from the context menu "Change".




8. In field "Meaning" put a number 0 and press "OK" to confirm your actions.




9. To complete the UAC deactivation process, restart your PC.

After reviewing this article, you will notice that there are three options for deactivating the UAC tool. All of them are not complicated and will help you quickly get rid of annoying warnings. But, before proceeding with the use of any option, analyze whether it is worth disabling this feature, as this will reduce the protection of the OS from malware. In any case, you can disable this feature temporarily while you are doing certain work. At any time, you can return notifications back, since the previously completed process is reversible.

From Windows Vista to Windows 7 came one of the most annoying features, the so-called User Account Control or, more simply, UAC (User Account Control). Our main task is to immediately disable it, otherwise the standard installation of the necessary programs on our computer threatens to immediately turn into a headache, although for other users this thing is more than necessary so that the user has time to think twice whether he really needs this program, and since a standard user pop-up menu does not read, it is likely that already at this stage he will have problems.

So UAC is disabled in two ways, from the command line and using the control panel, so everyone chooses the easier way for themselves.
For me, the command line is faster because it is called by a set of keys + and in the window that opens, write:

C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Enable UAC
C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f

After that, we reboot the computer for the registry changes to take effect

The same can be done from the control panel by clicking on different buttons:

Open the control panel, in the search bar located in the upper right menu, we type uac, and click on the item that appears Changing User Account Control Settings, after which we open the notification settings slider (see figure), using which we select the level of reaction that suits us (read the minimum), based on the fact that the complete disabling of control entails a weakening of the level of protection of the Windows 7 operating system. We lower the slider, and enjoy the absence of stupid questions.

17 reviews for Disable User Account Control UAC in Windows 7

For some time now, I have not been so critical of UAC control ... For all sorts of Winlock SMS blockers take quite a lot of time, especially if they are not yet in the anti-virus databases.

Exactly.. after all the sophistication with porn banners, this is exactly what I began to recommend to everyone who is on XP. Who has Vista and 7 (and who has heard about the adventures of porn banners), I think they can not bother with UAC turned on. Especially since it doesn't pop up very often...
ps (on the captcha: SREM and a wavy stripe at the top)

I did everything according to the description. Through the command line, it says access denied, and through the control panel, I click on the link “change user account control settings” and nothing opens. I tried the same thing through safe mode. Help than you can

Thanks for the manual! Faced such problem in win 2008 server. Through cmd did not want to! Manually registered the desired line in the registry, rezet and everything is buzzing!

in order for the command from CMD to work, you need to run the command line itself as an administrator, otherwise it will start (with UAC enabled) with limited rights even if you use the admin account, the simplest (but tricky, suitable for those who do not own the console) the way to do this is to find the file cmd.exe (C:\Windows\system32, in 64 bit system there is a clone here C:\Windows\SysWOW64) right click and select run as administrator

And what if it DOESN'T GET IN ANY WAY!!!
I tried the disableUAK file (I found it somewhere…) it doesn’t work, cmd with admin rights doesn’t open… the uak window of the notorious pops up, in which the “YES” button doesn’t click at all (just like everywhere else, with any attempt to change something!)
Also, the focus with the registry editor did not work.
HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ System
after changing the EnableLUA value to “0″ and trying to save the changes, it gives an error about writing a new value !!!..

The beech itself is interesting, when I tried to install Windows on it myself, I couldn’t do it because there wasn’t enough firewood for the screw (I tried all the assemblies, after which I downloaded these firewood and integrated them into the beast, which also didn’t help!)
He cursed a little and gave it to the owner (my neighbor), they say, go with him to where they sold him to you! So she returned, they put everything on me in the store, I need all sorts of programs ...
Beech DNSsovsky, with some kind of BIOS completely unfamiliar to me.
Mlyn, tell me to throw it out right away or later ???

With each version of Windows and with each update, developers have tried to improve the security of the operating system. New modules and protection algorithms appeared. All this made it possible to use a computer without the use of additional hardware and software. But despite all this, some features very much "annoyed" users.

It is this function that will be discussed in this article, namely the Windows User Account Control UAC. This service is designed to control all applications and utilities that attempt to change the system without authorization. You can see this function in action when the user tries to install some program. In this case, when I start the installation, a window pops up that says that the program will make system changes. Here, there are two options to allow or cancel the installation.

If the desire to uninstall arises due to the fact that the work of UAC occurs very often, then it is recommended here to check Windows for viruses and other suspicious software.

Having decided to disable the User Account Control service, the user can use the help of this article, which describes the process of deactivating UAC using the Windows 7 operating system as an example.

In order to stop this service, the user can use three methods.

Method One – Standard Methods

The simplest and easiest way that allows you to manage the User Account Control service is the setting in the control panel.

To perform this action, the user must click on "Start", then select "Control Panel".

In the menu that opens at the top, select the "Category" item opposite the "View" section. Then click on the line "User Accounts", then again on the appropriate item and then select the line "User Account Control Changes".

If everything is done correctly, the user will see a menu with a slider that adjusts the Windows protection level. The higher his position, the more active and picky the service monitors every change in the system. To turn off UAC, you need to lower this slider to the bottom position.

The second method is disabling in the system registry

As a rule, this method is used if the first one does not work for unknown reasons. In the case when the settings of the slider do not affect the operation of the service in any way, or its position cannot be changed. It is also recommended to make sure that the system is not infected with a software virus. If everything is in order, then you can use the help of the registry.

In order to get into the registry of the Windows 7 operating system, you must press the key combination Window + R, then enter the regedit command.

You can also use the search in the Start menu to launch the registry manager. This method will also allow you to run the utility with administrator rights.

If all conditions are met correctly, the user will see a menu where the data structure is presented on the left side, and all directory files are displayed on the right.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

This is where all system service configuration files are stored. You need to select EnableUC. After that, you need to double-click on it with the left mouse button and change the values ​​\u200b\u200bin the window that opens from "1" to "0".

After restarting the computer, the user will no longer see service messages about unplanned changes to the installed or launched program.

The third way is the Windows command line

In addition to the first and second methods, there is another way that allows you to quickly and permanently disable the user account control service. This is done using the Windows command line. Here it is supposed to enter special commands that deactivate the function.

The advantage of this method is that all actions are performed very quickly and usually do not last more than 2 minutes. The disadvantages include only the fact that there is a need to know the Windows commands entered into the terminal.

To launch the command prompt in Windows 7, press the key combination Window + R and enter the cmd command.

If this method does not work, the command line can be found in the "Start" menu in the "Accessory Programs" section. Here, by clicking on the right mouse button, you can launch the terminal with administrator rights.

C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

After that, you will need to restart the computer and check the operation of the Windows 7 operating system.

The only thing to note is that when turning off the user account control service, the user must be sure that the system is protected, and have a good and proven antivirus program available. You should also make sure that the problem of constant UAC interference is not the operation of some kind of malware.