• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Windows 7 UAC and Admin Approval Mode

TJCS

TJCS

Senior member
Questions about Windows 7 UAC and Admin Approval Mode:

1. Is it possible to use admin user/password credential prompts in Windows 7 standard-user account without using UAC?
• I find it very tiresome to log on and off between standard user accounts and admin accounts to install/uninstall new software.
• I really don't like to use UAC at all, but if I turn off UAC completely, the credential prompt is gone as well (When I try to install new programs I will get this error: You must be logged in as an admin when installing this program).

2. Is UAC still broken (or not safe to use) below the maximum notification level?
• I read that UAC can be turned off by 3rd party programs if you set it below the maximum notification level (4) state.
• Is it more secure to just use the method of log on and off between admin and standard-user accounts instead of using credential prompts?
I did a lot of reading but had no luck finding a clear answer 🙄. If anyone could shed light on the topic, it would be greatly appreciated.
 
These sound like a questions for MS. But if UAC can be turned off that easily, what's the point I ask, of having it on at all if what you linked to can be really done? I guess setting 4 it is then.
 
Last edited:
I am currently trying out level 4 UAC and hopefully I can get used to it :hmm:.

• According to the article (and others), there are known exploits that bypass W7 UAC, or even turn it off.
• I am wondering if it is more secure to turn W7 UAC off completely? I have always used Vista and W7 with UAC OFF in a standard-user environment. I have not come across any software that can get pass the insufficient privilege stop error when attempting to install/uninstall.
Is W7 more secure if I disable UAC completely when I have an admin/standard user setup?
 
To answer the first question, yes, you can use the old-school method. From your Standard User account, launch a command-line window (cmd.exe) and use the command runas /user:name-of-your-Admin-account-here cmd.exe. Give the password when prompted and an Admin-level command-line window appears. Now use that one to launch whatever it is you want to run, such as software installers.

Yes, the true security boundary is to log off of your Standard User account and log onto your Admin account, do your Admin stuffs, then log out again. The issue you bring up, where it was possible to disable UAC without triggering a UAC prompt, was fixed during Win7's beta testing due to popular uproar. That's out-of-date info you got there.

If you're on a Standard User account, UAC defaults to Maximum anyway. That's where I leave it on my system. Win7 is more secure with UAC enabled, partly because it puts IE into Protected Mode by default for the Internet Zone.
 
Last edited:
So if I understood you correctly, the only difference between setting UAC at Maximum level vs turning it OFF completely in a standard-user environment is the user notification prompts (Since UAC default to max in a Standard User Account).

Thanks GrumpyMan and MechBgon for your quick replies, it's really great to get help from the community.

Btw MechBgon, I found your Guide to Securing the PC on Anandtech last year and I got to say it is one of the best and most helpful guides that helped me setup security perimeters in my Windows PC. Thanks for the guide man.
 
TJCS said:
So if I understood you correctly, the only difference between setting UAC at Maximum level vs turning it OFF completely in a standard-user environment is the user notification prompts (Since UAC default to max in a Standard User Account).
Click to expand...

UAC also gives you file-system & Registry virtualization and Protected Mode for IE, so disabling it deprives you of those goodies too.

Glad you found the guide helpful, it's all part of my secret plot to spread good security practices :evil laughter:
 
Thank you for all of the helpful info you have provided here MechBgon, I will step up my system with UAC enabled.

Your plan to spread great security advice is working more than you know. Just a little over a month ago, I was trying to explain to my girlfriend the benefits of using a limited user account when she asked me to reinstall windows on her virus swarmed laptop.

Thanks man, keep up the good work
icon14.gif
 
Do I lose file-system & Registry virtualization and Protected Mode for IE when i have UAC at level 2 as opposed to disabled?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top