UAC enables users to perform common tasks as standard users and as administrators without having to switch users, log off, or use Run As. When an administrator logs on the user is assigned two separate access tokens containing their group membership and authorization and access control data. Without UAC an administrator account can be utilised by malicious software for silent installation or infection of core operating system files. The full administrator access token is not invoked until the user attempts to perform an administrative task.
To request an application to run elevated one time
Start an application that is likely to have been assigned an administrative token, such as Microsoft Windows Disk Cleanup. A User Account Control prompt is displayed. Verify that the details presented match the request you initiated then click Continue to start the application
To configure an application to always run elevated
Right-click an application that is not likely to have been assigned an administrative token, such as a word processing application. Click Properties, and then select the Compatibility tab. Under Privilege Level, select Run this program as an administrator, and then click OK.
The behaviour of UAC can be configured by Group Policy, however UAC and its Admin Approval Mode are enabled by default.
To turn off UAC
1. In Control Panel, click User Accounts.
2. In the User Accounts window, click User Accounts.
3. In the User Accounts tasks window, click Turn User Account Control on or off.
4. If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
5. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK.
6. Click Restart Now to apply the change right away, or click Restart Later and close the User Accounts tasks window.
To disable Admin Approval Mode
1. Click Start, click All Programs, click Accessories, click Run, type secpol.msc in the Open box, and then click OK.
2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
3. From the Local Security Settings console tree, double-click Local Policies, and then double-click Security Options.
4. Scroll down and double-click User Account Control: Run all administrators in Admin Approval Mode.
5. Select the Disabled option, and then click OK.
6. Close the Local Security Settings window
To disable UAC from prompting for credentials to install applications
1. Click Start, click All Programs, click Accessories, click Run, type secpol.msc in the Open text box, and then click OK.
2. From the Local Security Settings console tree, click Local Policies, and then Security Options.
3. Scroll down and double-click User Account Control: Detect application installations and prompt for elevation.
4. Select the Disabled option, and then click OK.
5. Close the Local Security Settings window
To change the elevation prompt behavior for administrators
1. Click Start, click Accessories, click Run, type secpol.msc in the Open box, and then click OK.
2. From the Local Security Settings console tree, click Local Policies, and then Security Options.
3. Scroll down to and double-click User Account Control: Behavior of the elevation prompt for administrators.
4. From the drop-down menu, select one of the following settings:
5. Elevate without prompting (tasks requesting elevation will automatically run as elevated without prompting the administrator)
6. Prompt for credentials (this setting requires user name and password input before an application or task will run as elevated)
7. Prompt for consent (default setting for administrators)
8. Click OK.
9. Close the Local Security Settings window.
To change the elevation prompt behavior for standard users
1. Click Start, click Accessories, click Run, type secpol.msc in the Open box, and then click OK.
2. From the Local Security Settings console tree, click Local Policies, and then Security Options.
3. Scroll down to and double-click User Account Control: Behavior of the elevation prompt for standard users.
4. From the drop-down menu, select one of the following settings:
5. Automatically deny elevation requests (standard users will not be able to run programs requiring elevation, and will not be prompted)
6. Prompt for credentials (this setting requires user name and password input before an application or task will run as elevated, and is the default for standard users)
7. Click OK.
8. Close the Local Security Settings window
No comments:
Post a Comment