User Account Control. Enabling and disabling UAC in Windows

The user may need to learn how to disable UAC in Windows 7 in cases where he wants to get rid of messages that constantly appear when starting programs.

In previous versions of the operating system from Microsoft, there were no such alerts, however, to reduce the vulnerability of computers and the likelihood of theft of confidential information, the seventh generation of the OS was supplemented with a User Account Control (UAC) tool, relieving network administrators of the need for access settings on each computer.

Features of using UAC

The task of the UAC service is to prevent unauthorized interference with the computer's system files.

Therefore, before launching applications that are potentially dangerous to the system, the tool asks for confirmation of the user's action or, in special cases, even the administrator's password.

In order for the protection to work even on a computer that is used by one person, it is not recommended to log on to the system as an administrator.

It will be enough to have a user account, which will limit the execution of programs that are dangerous to the system, making it possible to work freely with the main applications - the MS Office package, browsers, most games and game clients.

When using a user entry, each time a program that is suspicious from the point of view of the system is launched, a certain UAC message will appear, which it is desirable to read and take appropriate action.

Application launch control options

Checking the program before launching it leads to the following messages from the system when the UAC mode is running:

• Please allow the program to continue. The notification indicates an attempt by a system program or Windows function to make changes to the operation of the entire operating system.
  When this inscription appears, it is advisable to make sure that you are running the right program.
• Requiring permission to continue working already from a program that is not related to Windows. At the same time, the application has an appropriate digital signature from the publisher, but its actions still need to be controlled.
  Basically, such programs do no harm, and the message appears when you start almost all games and even useful utilities;
• Notification of an attempt to change the operation of the system by an unidentified application. This option carries the maximum danger to the computer, since it is in this way that viruses spread.
  Moreover, sometimes messages about the program making the changes appear even if the user has not launched anything.
  Self-inclusion of the application, unknown publisher and source of the application should force the user to click "no" (unless, of course, he is definitely not sure about the reliability of the file) and run a virus scan.

• Blocking information. The application is not allowed to run by the system administrator.
  Most likely, this is not a virus, but some specific program such as a browser (if access to the network is prohibited), a game client, or even a multimedia player. Typically, such prohibitions are set at workplaces in offices.

UAC Configuration Options

When you run the UAC setup, you can configure the notification mode (only if the user is a system administrator), as a result of which they will appear much less frequently. Windows provides 4 options:

• Permanent notification (upper position of the slider on the scale).
  Messages appear on the screen in any case - both when standard programs try to make changes to the system or the registry, and when loading software necessary for Windows to work.
  This mode allows you to control as much as possible all the processes occurring in the system, but with frequent use of the computer and installing new applications, it may seem too intrusive;
• Notification about the actions of programs only. When Windows makes changes to its system files, the user is not notified. Most often, this option is the default - that is, it does not require configuration at the beginning of working with the computer.
  However, launching games will still dim the screen and bring up a UAC window;

• Warning about serious actions (including changing system files) of applications without dimming the screen.
  The setting option is recommended for older and relatively low-power computers on which the dimming of the desktop takes a long time;
• No notifications. Messages from UAC will not appear when installing new applications or when changing Windows settings. In fact, this item means turning off the User Account Control mode - and it is his choice that leads to the cessation of the appearance of annoying messages.
  It is recommended to select it only if you constantly use programs that are not certified for using Windows 7.

Disabling UAC

The need to disable UAC may appear, first of all, due to the user's unwillingness to put up with constant alerts.

By launching 10–50 programs a day, and confirming each action for them, you can spend quite a lot of time on incomprehensible and not always necessary actions.

The constant prompts start to get annoying, and the user decides it's better to risk being left with almost no protection than to keep working with UAC.

Moreover, disabling the mode does not mean the complete defenselessness of the system.

The utility itself is called by entering the cmd command into the execution window. To change UAC settings, use the command

C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /.

If it is necessary to turn off notifications completely after this text, add d 0 /f, and if you want to return the mode back, then d 1 /f.

Naturally, after all the changes, you need to restart the computer.

findings

While disabling UAC in Windows 7, do not forget to use antivirus programs.

This is especially true for .rar and .zip archives, as well as .exe executable files.

The latter are able to start on their own and, in the absence of protection, adversely affect the operation of the system.

Video:

Disabling UAC control in Windows 7

How to disable UAC in Windows 7 - 3 ways

Every version of Windows (since Vista) has a standard UAC (User Account Control) component. It is enabled by default and prevents the user from "shooting himself in the foot" by running some kind of malware with admin rights. In this article, we will show you how to use User Account Control for your own purposes - for example, run any code with administrator rights or even as a system process.

WARNING

All information is provided for informational purposes only! Microsoft recommends that you patch Windows on time, do not work in the admin account without a real need, do not bypass UAC and do not pester technical support with messages about vulnerabilities.

UAC bypass methods continue to be found even now, modifying old tricks and discovering new ones. The most difficult thing is to choose the appropriate methods for a specific attacked system. Conceptually, there are dozens of different techniques known, and if you count them together with modifications and hybrid methods, then there will be more than twenty. You can read more about them and see the corresponding code samples on GitHub using the links in this article.

UAC as a huge bug

In hacker philosophy, a lot is borrowed from martial arts. For example, an aikido master practically does not attack himself. He only notices the opponent's mistakes and turns his efforts against himself. In the same way, miscalculations in protective systems make it possible to turn them into a hacker's tool. Now we will look at several ways to bypass UAC and even use it to run your code with elevated privileges. Many of these methods are already implemented in Trojans and allow them to stealthily infiltrate the system.

Whitelist for black hats

In all versions of Windows for UAC, there is a so-called white list - a set of system components for which restrictive rules are not applied. Therefore, one of the most common attack methods is to try to find any applications from the white list and try to inject your *.dll into them. It is relatively easy to carry out a DLL hijack attack, although it is not without pitfalls. They are different in each version of the OS, and also depend on the settings, account, OS bit depth, installed components and patches. For example, in Windows 7/8 (but not 8.1), you can use the regular system preparation program for deployment sysprep.exe to load your version of cryptbase.dll or another library. To do this, just place it next to the executable, as it starts looking for and loading DLLs from its directory. However, if we try to simply copy our file to the %systemroot%/system32/sysprep/ directory, we will get an error.
Access denied to \system32\ The user does not have write access to the system directory, and the administrator must confirm this action via UAC. In order for our code to get the necessary rights without unnecessary questions, we use another trick - with the standalone Windows update installer. Let's place cryptbase.dll in the CAB archive. We will not dwell on how to do this elementary operation. It is described in detail on the Microsoft website. Let our library be called evil.dll and be located in the \FCKUAC directory on the C:\ drive. Then we will make a “charged” archive with the following command: makecab C:\FCKUAC\evil.dll C:\FCKUAC\evil.cab
Archive with our library Let's feed this archive to the standalone update installer (Windows Update Standalone Installer). wusa C:\FCKUAC\evil.cab /quite /extract:%systemroot%\system32\sysprep\ It will extract it to \system32\sysprep\ and "User Account Control" will be silent.
The sysprep utility as a built-in backdoor If you know how to program, you can run sysprep.exe hidden - for example, via CreateProcess() with the flag StartupInfo.wShowWindow = SW_HIDE . Today, heuristic analyzers of many antiviruses swear at hidden windows, but now we are talking only about UAC - it doesn't care. After such a launch, sysprep.exe will try to load and execute the CRYPTBASE.dll library, but in its place will be ours, which already contains the functionality we need. It will legally elevate our code, and UAC will take it for granted. This is because wusa and sysprep are on the white list, and all applications on this list can elevate their rights without the participation of UAC. Our code from the library loaded by the installer will inherit the rights of the parent process sysprep.exe and will also be considered trusted.
Using sysprep to bypass UAC The above trick of using wusa and sysprep together is a modification of Leo Davidson's method. The original version was only applicable to unpatched Windows 7 and was described back in 2009 in the Oxford University Computer Community mailing list. A copy is provided, which, due to the abundance of such code, is listed as potentially dangerous. The Davidson method in various modifications has been used for many years to inject Trojans, especially the . The epidemic peaked in the fall of 2011, but the method still works in the following typical scenario: actions are performed in a 32-bit version of Windows 7/8 under an administrator account with UAC enabled with default settings. A simple user cannot run wusa.exe , but many still sit as admin without a real need. It's just that they are too lazy to create user accounts and manage access rights even through built-in tools. Matt Graeber elaborates that this method does not work "as is" on Windows 8.1/10, as both sysprep.exe and UAC itself have been changed on those OSes. The System Deployment Preparer now only loads the DLL from %windir%\system32\ .

Automatic privilege escalation

If for some reason there is no access to the update installer, then you can use another option - copying the file to the system directory using the IFileOperation method. The essence of the method is that in order to bypass UAC, a COM object IFileOperation is created in our library. It allows you to copy a file anywhere (including to the \system32\ system directory and its subdirectories), automatically elevating privileges for this, since the function will have the auto-elevate flag. Here is an example of using an IFileOperation object to copy a file to the system directory. The method of injecting your library into the explorer.exe process is covered in this example. A list of applications from the white list is possible. You can also generate it yourself by simply finding executables containing the string autoelevate in the Windows system directory.
Creating a list of programs from the UAC white list Depending on the program used from the white list and the version of Windows, you can replace one or another library (see table).
Standard Components and Substitute Libraries The iteration methods for these options are collected in one PowerShell utility .

ISecurityEditor

Surprisingly, most of the "User Account Control" bypass methods were deliberately laid down by the Windows developers themselves. Marketers attributed the failure of Vista to the inconvenient behavior of the new component, and in the G7 they tried to make UAC less intrusive. To do this, I had to make crutches from the white list and the method of automatic privilege escalation (without user confirmation) for more than forty system programs. COM interfaces were written for the autoElevate function: the documented IFileOperation (which was discussed above) and the undocumented ISecurityEditor, the use of which we will talk about now. Thanks to backdoors built into UAC, Windows 7 computers were infected without the user noticing. They became a testing ground for malware and often fell into botnets. One of them (called Simda) has been successfully developed for five years, using the ISecurityEditor interface to inject code. In Microsoft, the problem was partially eliminated only in 2015. The corrected ISecurityEditor now only works with file system objects specified in the SE_FILE_OBJECT constant. Unpatched systems are still found. An example of bypassing UAC using a vulnerable version of ISecurityEditor .

Continued available to members only

Option 1. Join the "site" community to read all the materials on the site

Membership in the community during the specified period will give you access to ALL Hacker materials, increase your personal cumulative discount and allow you to accumulate a professional Xakep Score rating!

UAC (User Account Control) is a service that notifies the user of actions that require Administrator rights. If you are sure about all the software that you install on your PC, you can deactivate it. You will learn how to disable UAC in Windows 10 or enable it on a PC in this article.

What is UAC in Windows 10

UAC is an element of the security system that requests the user's permission to make any changes to the OS.

Protects the Windows 10 user from installing and running software that can harm the OS, as well as from potentially dangerous actions. This service is automatically activated, so it always requires a request to perform any operations that may affect the health of the OS.

Reasons for shutdown

We do not recommend disabling User Account Control. The only situation in which a user can take such a step is that the service interferes with fast work while using a large number of files and programs.

In other cases, you should not deactivate the service, because it additionally protects the PC.

How to disable UAC Windows 10

There are several ways to disable UAC in Windows 10:

• through the control panel;
• through the command line;
• in the registry editor.

Let's take a closer look at how to disable each of the methods.

Control Panel

1. RMB on the Start menu → → set View: small icons → User accounts.
   
2. Click "Change User Account Control Settings" → a window will open in which you can configure the notification about changes in computer settings by setting the slider to one of the four suggested positions:
   • Always notify;
   • Notify when apps try to change settings (default values);
   • Notify without dimming the screen;
   • Never notify.

Healthy! An alternative way to open Account Control Settings is to press Win+R and type:
UserAccountControlSettings

Command line

This command makes the appropriate changes to the Windows Registry Editor.

Registry Editor

To set a specific UAC value, use the table to select the appropriate DWORD values.

	ConsentPromptBehaviorAdmin	EnableLUA	PromptOnSecureDesktop
Never notify	0	1	0
Notify without screen dimming	5	1	0
Notify me when apps try to change settings	5	1	1
Always notify	2	1	1

How to turn it on?

Enabling User Account Control is performed in the same way as disabling it. You only need to select any value other than "Disable UAC".

When using the command line:

Video

The video clearly shows how to disable UAC in Windows 10.

We recently discussed what is . I remind you that UAC is a Windows component that monitors and notifies the user of all attempts to make changes to the system. But the constant pop-up of the UAC window can be a little annoying for some users. Therefore, Windows developers have introduced the ability to customize the operation of this component, up to its complete shutdown. There are two tools you can use to configure how UAC works: either the Control Panel or local policies. In this article, we will look at how to enable UAC or how to disable UAC, in other words, we will configure UAC using the Control Panel.

Configuring UAC via Control Panel

All available UAC settings are in the window User Credential Management Options, which can be accessed by successively going through the following windows and buttons:

1. Control Panel
2. Accounts and Family Safety
3. user accounts
4. Changing User Account Control Settings

If you have some difficulties with the interface (for example, you have a different operating system), then you can run the file

C:\Windows\System32\UserAccountControlSettings.exe

Regardless of which path you choose, the result will be the same - a UAC window will open in front of you with a 4-position slider, the movement of which is the whole possibility of configuring UAC through the Control Panel. Next, I will list these very 4 positions and their functionality:

1. Always notify. When this item is selected, UAC will notify the user of any action, whether it is making changes to the system or launching a third-party application. Notifications are displayed on the secure desktop.
2. Notify me only when programs try to make changes to my computer. Notifies the user only when third-party software is launched. A notification is displayed on the secure desktop.
3. Notify only when programs try to make changes to the computer (do not dim the desktop). This point is completely similar to the previous one. The only difference is that the secure desktop is not used.
4. Never notify. If you want to disable UAC, then you need to select this item. In order to enable UAC, you can select any of the first three items.

In the above list, there is one new concept for you - a secure desktop. Probably, many have guessed what it means. If UAC notifications are displayed on the secure desktop, it means that the user cannot switch to another application or take any other action. The only active window in the secure desktop is the UAC notification window, while the rest of the desktop is dimmed. The secure desktop is disabled immediately after the user responds to the UAC notification. The secure desktop ensures that malware cannot spoof the UAC window to get the required permission from you. The secure desktop remains active for 150 seconds, after which it automatically rejects the change request.

This is how the operation of the User Account Control component is configured. But only the Control Panel functionality is listed here, which, roughly speaking, only allows you to enable or disable User Account Control in Windows. The Local Group Policy Editor provides great options for .

In this article, we will try to understand what "User Account Control (UAC)" is. What is it for, how to disable it or change the protection level. Let's take a closer look at its advanced settings.

User Account Control is one of the most important tools of a modern operating system. Which, as you probably remember, appeared with the release of Windows Vista and caused an ambiguous reaction from many users. The main claims are not efficiency as a means of security and its "peskyness".

In fact, such control is not intended to prevent various intrusions of malicious code (we have a firewall and antivirus software responsible for this), but to reduce the damage caused by them - to limit its influence to the rights of a regular user. Simply put, User Account Control is not designed to secure the operating system, but to make it resistant to unauthorized access.

Before you start disabling UAC, be aware of lowering the overall level of computer protection and its vulnerability to unauthorized access.

To completely disable User Account Control or change the protection level, we will use the simplest way through the "Control Panel"

Configuring and disabling UAC in Windows 7

A few words about setting up UAC. First, let's move on to the control panel itself. This can be done in the simplest way; Start? in the search box, type the abbreviation "UAC".

We click on the link "Change User Account Control Settings" and we get into the notification settings window. Here is a slider that you can move to select your level of UAC warnings. There are four levels of protection which are described on the right side of the screen.

To completely disable UAC, move the slider to the lower level i.e. "Never notify" . Restart your computer to save your settings.

Once UAC is disabled, take care of a reliable antivirus software. I hope this article was useful for you and you found what you were looking for. Good luck!!