Living with User Account Control UAC

How to do what you need



UAC can be disabled via msconfig or user account control panel and that is a valid option. However it's an "over kill" and you have to reboot for the change to take effect. You also have to remember to turn UAC back on when done. Keep in mind that UAC and application compatibility are tightly coupled. Disable the former and you actually cripple the latter.

One of the things that seems to be overlooked or disregarded is that fact that launching a process from an elevated process will cause the spawned process to run in elevated mode without intervention. This has some rather interesting consequences. First keep in mind this is not a "bug", nor a "major security breach". Don't call the press unless you want to tell them they maybe need to rethink what they thought they knew. UAC works as it was intended which is to give the opportunity for action only with informed consent. The user must understand that launching an application from an elevated process means it already has permission to run in an elevated mode.

So you want to do a lot of stuff to your system and you keep getting UAC prompts that you don't want to deal with for a while. I'm assuming you're not visiting web sites intent on hijacking your machine. Nor are you trying to force install an application that has stability issues with Vista. I'm also assuming that you really are intentionally doing some system maintenance or configuration. There are two different ways to temporarily push the UAC prompts out of the way without disabling UAC and without rebooting the system twice to disable then enable UAC.

The fastest, simplest way is to park a short cut to command prompt on the desktop (or pin it to the start menu for fast access), right click it, select run as Administrator. You'll get a UAC elevation prompt but most anything started from the elevated command prompt will run in elevated mode without further prompting. Explorer is a bit tricky to launch in elevated mode. By default, Vista only allows one copy of explorer to run at a time. In folder options control panel applet, view tab, if the option "Launch folder windows in a separate process" is enabled, it is possible to launch a single, separate copy of explorer in elevated mode.

A variation of the above, is to put the shell temporarily in elevated mode. Use either task manager or Process Explorer from Sysinternals to kill the shell. Be aware that once you kill and restart the shell in elevated mode in this way, IE runs with full admin rights. Be careful about what you do on the 'net in this mode. As soon as you reboot the machine the shell will return to it's normal state.

Copyright 2004, 2005, 2006, 2007 [Walter Clayton]. All rights reserved.
Revised: 03/27/07.