gosh Posted November 21, 2007 Share Posted November 21, 2007 All about User Account Control (UAC)Recently i explored Vista's unattend settings, and much to my surprise there wasn't anything documented to disable or customize user account control (UAC). I really hate UAC, i find it's the first thing i disable after doing a clean install. Figuring there might be a hidden unatten setting for UAC i did some exploring to see what files, registry keys, and settings comprise UAC.Registry KeysThere is only one way to enable or disable UAC, using the following registry keyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"EnableLUA"=dword:00000001where 1 - enables UAC, 2 - Disables UACSecurity Center NotificationsWhen you disable UAC you instantly get an annoying balloon popup that's really annoying. It seems these keys disable that behavior.HKLM\SOFTWARE\Microsoft\Security Center\AutoUpdateDisableNotifyHKLM\SOFTWARE\Microsoft\Security Center\UacDisableNotifyHKLM\SOFTWARE\Microsoft\Security Center\InternetSettingsDisableNotifyI assume if you set a dword of 1 you won't get any complaining from security center.Interestingly, the internal name for UAC must be LUA. So LUA and UAC are used interchangebly.Running UAC interface from a command lineshell32.dll has this<!--TurnUserAccountControl(UAC)onoroff--><sh:taskid="{F9C55B09-E6DE-4D79-93C4-64A656D20074}"needsElevation="true"><sh:name>@shell32.dll,-24964</sh:name><sh:keywords>@shell32.dll,-24965</sh:keywords><sh:command>shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\9\::{60632754-c523-4b62-b45c-4172da012619}\pageChangeSecuritySettings</sh:command></sh:task>This means you can run the interface from a run box using this command:shell:::{26EE0668-A00A-44D7-9371-BEB064C98683}\9\::{60632754-c523-4b62-b45c-4172da012619}\pageChangeSecuritySettings(that's all one line)Files that look at UACc:\Windows\inf\secrecs.infc:\Windows\PLA\Rules\Rules.System.Diagnostics.xmlc:\Windows\PLA\System\System Diagnostics.xmlc:\Windows\System32\config\SOFTWARE.SAVc:\Windows\System32\en-US\msconfig.exe.muic:\Windows\System32\powercpl.dllc:\Windows\System32\SMI\Store\Machine\SCHEMA.DATc:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1c:\Windows\System32\usercpl.dllc:\Windows\winsxs\Backup\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e.manifestc:\Windows\winsxs\Backup\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e_secrecs.inf_bf424507c:\Windows\winsxs\Manifests\x86_microsoft-windows-lua-settings_31bf3856ad364e35_6.0.6000.16386_none_336d896c1da7c520.manifestc:\Windows\winsxs\Manifests\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e.manifestc:\Windows\winsxs\x86_microsoft-windows-msconfig-exe.resources_31bf3856ad364e35_6.0.6000.16386_en-us_75e9bb24559d44f2\msconfig.exe.muic:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\Rules.System.Diagnostics.xmlc:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6000.16386_none_b1a5cca33386fc09\System Diagnostics.xmlc:\Windows\winsxs\x86_microsoft-windows-powercpl_31bf3856ad364e35_6.0.6000.16386_none_5faa30ff774d32fa\powercpl.dllc:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\secrecs.infc:\Windows\winsxs\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.0.6000.16386_none_8998328751339c1c\usercpl.dllc:\Windows\winsxs\x86_subsystem-for-unix-based-applications_31bf3856ad364e35_6.0.6000.16386_none_71b195c9f3048b05\psxss.exeSecurity Templates to customize UACsecrecs.infsceregvlConclusionThere are no documented unattend UAC settings for Vista. Doing research it seems UAC is enable or disabled with a simle policy that i assume is run by group policy on startup (which is why you need to reboot after making changes to UAC). The easiest way to disable UAC is by modifying the registry key. I expect Microsoft to add options to customize UAC in a future Vista service pack.-gosh Link to comment Share on other sites More sharing options...
souldreamer Posted November 21, 2007 Share Posted November 21, 2007 You have a tool to enable/disable UAC in msconfig Link to comment Share on other sites More sharing options...
gosh Posted November 21, 2007 Author Share Posted November 21, 2007 all that does is modify the registry key. You can't use it for an unattended install.-gosh Link to comment Share on other sites More sharing options...
roko Posted November 13, 2008 Share Posted November 13, 2008 i have insert command from msconfig in my unattend to disable uac on w2k8 enterprise x64. after installation is ready i've got a core server without gui !! Link to comment Share on other sites More sharing options...
hclarkjr Posted November 14, 2008 Share Posted November 14, 2008 here is something i use for UAC and love it, works great http://www.tweak-uac.com/download/ Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted November 14, 2008 Share Posted November 14, 2008 this is a tool which is totally nonsense. If you want to startup app with elevated rights and don't want to allow them use the task scheduler service to start them Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now