gosh Posted November 21, 2007 Posted November 21, 2007 All about User Account Control (UAC)Recently i explored Vista's unattend settings, and much to my surprise there wasn't anything documented to disable or customize user account control (UAC). I really hate UAC, i find it's the first thing i disable after doing a clean install. Figuring there might be a hidden unatten setting for UAC i did some exploring to see what files, registry keys, and settings comprise UAC.Registry KeysThere is only one way to enable or disable UAC, using the following registry keyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"EnableLUA"=dword:00000001where 1 - enables UAC, 2 - Disables UACSecurity Center NotificationsWhen you disable UAC you instantly get an annoying balloon popup that's really annoying. It seems these keys disable that behavior.HKLM\SOFTWARE\Microsoft\Security Center\AutoUpdateDisableNotifyHKLM\SOFTWARE\Microsoft\Security Center\UacDisableNotifyHKLM\SOFTWARE\Microsoft\Security Center\InternetSettingsDisableNotifyI assume if you set a dword of 1 you won't get any complaining from security center.Interestingly, the internal name for UAC must be LUA. So LUA and UAC are used interchangebly.Running UAC interface from a command lineshell32.dll has this<!--TurnUserAccountControl(UAC)onoroff--><sh:taskid="{F9C55B09-E6DE-4D79-93C4-64A656D20074}"needsElevation="true"><sh:name>@shell32.dll,-24964</sh:name><sh:keywords>@shell32.dll,-24965</sh:keywords><sh:command>shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\9\::{60632754-c523-4b62-b45c-4172da012619}\pageChangeSecuritySettings</sh:command></sh:task>This means you can run the interface from a run box using this command:shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\9\::{60632754-c523-4b62-b45c-4172da012619}\pageChangeSecuritySettings(that's all one line)Files that look at UACc:\Windows\inf\secrecs.infc:\Windows\PLA\Rules\Rules.System.Diagnostics.xmlc:\Windows\PLA\System\System Diagnostics.xmlc:\Windows\System32\config\SOFTWARE.SAVc:\Windows\System32\en-US\msconfig.exe.muic:\Windows\System32\powercpl.dllc:\Windows\System32\SMI\Store\Machine\SCHEMA.DATc:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1c:\Windows\System32\usercpl.dllc:\Windows\winsxs\Backup\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e.manifestc:\Windows\winsxs\Backup\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e_secrecs.inf_bf424507c:\Windows\winsxs\Manifests\x86_microsoft-windows-lua-settings_31bf3856ad364e35_6.0.6000.16386_none_336d896c1da7c520.manifestc:\Windows\winsxs\Manifests\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e.manifestc:\Windows\winsxs\x86_microsoft-windows-msconfig-exe.resources_31bf3856ad364e35_6.0.6000.16386_en-us_75e9bb24559d44f2\msconfig.exe.muic:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\Rules.System.Diagnostics.xmlc:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xmlc:\Windows\winsxs\x86_microsoft-windows-powercpl_31bf3856ad364e35_6.0.6000.16386_none_5faa30ff774d32fa\powercpl.dllc:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\secrecs.infc:\Windows\winsxs\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.0.6000.16386_none_8998328751339c1c\usercpl.dllc:\Windows\winsxs\x86_subsystem-for-unix-based-applications_31bf3856ad364e35_6.0.6000.16386_none_71b195c9f3048b05\psxss.exeSecurity Templates to customize UACsecrecs.infsceregvlConclusionThere are no documented unattend UAC settings for Vista. Doing research it seems UAC is enable or disabled with a simle policy that i assume is run by group policy on startup (which is why you need to reboot after making changes to UAC). The easiest way to disable UAC is by modifying the registry key. I expect Microsoft to add options to customize UAC in a future Vista service pack.-gosh
souldreamer Posted November 21, 2007 Posted November 21, 2007 You have a tool to enable/disable UAC in msconfig
gosh Posted November 21, 2007 Author Posted November 21, 2007 all that does is modify the registry key. You can't use it for an unattended install.-gosh
roko Posted November 13, 2008 Posted November 13, 2008 i have insert command from msconfig in my unattend to disable uac on w2k8 enterprise x64. after installation is ready i've got a core server without gui !!
hclarkjr Posted November 14, 2008 Posted November 14, 2008 here is something i use for UAC and love it, works great http://www.tweak-uac.com/download/
MagicAndre1981 Posted November 14, 2008 Posted November 14, 2008 this is a tool which is totally nonsense. If you want to startup app with elevated rights and don't want to allow them use the task scheduler service to start them
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now