How to remove UAC shield icon from shortcuts when UAC is disabled?

[fluxcapacitor]

There are countless articles online on how to remove the UAC shield icon from shortcuts and absolutely none of them work.  

I run Windows 11 with UAC disabled.  I do not need nor want it.  But I also have several of my Desktop shortcuts set to "run as admin".  

Is there an actual working  way to get rid of them, they are quite annoying and make my icons look like ######.  

Deleting the cache won't work because I don't want to remove "run as admin", the shield icon just comes back.  

Is it possible to get rid of these ugly shields without enabling UAC or removing "run as admin"?  

[fluxcapacitor]

Not to mention that clearing the cache doesn't seem to be truly possible because even in safe mode the files in users\*username*\appdata\local\microsoft\windows\explorer that are named with "iconcache" are always in use so even via command prompt you can't truly delete them.  Annoying.  AF.  

[Newinko]

You can't do that easily, because behind the scenes, you can't actually turn off UAC. What the "Never notify" setting of the User Account Control Settings does is, as it says, is to never notify you when a program is launched with elevated privileges. But the principle of least-privilege remains. If you remove the shield icon, you won't have any way of knowing that a specific program or shortcut will be launched using elevated privileges. That's a security risk.

There might be a way to remove the shield (that is technically an Explorer overlay icon), but it seems that, for the shield icon, Microsoft has implemented some changes in the latest updates to disallow removing that specific overlay. Say you find a working workaround: it might be not stick because a future update will revert the change.

If you really don't want the shield overlay for a given icon on your Desktop, a better workaround would be to:

1. Create a .bat to launch the desired program (so the .bat won't run elevated, but the program launched by the .bat will)
2. Make a shortcut to this .bat, and then
3. Customize the shortcut's icon so that it has the launched program's icon

There is a how-to here.

Edited September 21, 2023 by Newinko

[devHead]

Doesn't Winaero Tweaker have a setting to remove them? 

I won't comment on the foolishness of trying to turn off a feature that literally keeps someone from ruining your computer.

The other option?  Don't have shortcuts to apps on your Desktop.  I will never understand why some folks insist on shortcuts on their desktop.  

[Arceles]

On 21/09/2023 at 07:26, devHead said:

I won't comment on the foolishness of trying to turn off a feature that literally keeps someone from ruining your computer.

You keep saying that but it is user choice, you are not entitled to demerit, just because you say so, somebody's choice on how they want windows to be handled.

 

[Stuman]

Winaero Tweaker does have several options for UAC disable. Link provided.

https://winaero.com/winaero-tweaker/

 

[+Good Bot, Bad Bot Subscriber¹]

On 21/09/2023 at 09:48, Arceles said:

You keep saying that but it is user choice, you are not entitled to demerit, just because you say so, somebody's choice on how they want windows to be handled.

 

Who is saying it's not an user choice? One can certainly comment that something is not a good security practice. You should not assume the OP has any idea what they are doing.  The fact they thought they "disabled" UAC (when didn't) and stated they don't need it suggests they do not.

[Arceles]

On 21/09/2023 at 09:52, Good Bot, Bad Bot said:

Who is saying it's not an user choice? One can certainly comment that something is not a good security practice. You should not assume the OP has any idea what they are doing.  The fact they thought they "disabled" UAC (when didn't) and stated they don't need it suggests they do not.

You can warn but not demerit because for the latter you are also assuming the user understanding of what it is doing.

[Chris000001]

A trick that I use is to run programs that need UAC elevation through the Windows Task Scheduler.  I create a task that starts a program that needs elevation.  I make sure to select to "Run with highest privileges" and "Allow task to be run on demand".  Then I create a shortcut to run that task, like:
C:\Windows\System32\schtasks.exe /Run /TN "The exact name of the task you just created"

That shortcut will have the command prompt icon by default, but you just right-click and "change icon" and point to the executable of the program in the task to select that icon.  You can also rename the shortcut to the name of the program.  That shortcut will now launch without a UAC popup and no shield on the icon.  Plus, UAC is still running at the default level theoretically protecting you a little.

 

edit: I forgot that I also select to "run minimized" so I don't see the command prompt when the shortcut is used.  So far all of my programs still pop up normally.

[devHead]

On 21/09/2023 at 06:48, Arceles said:

You keep saying that but it is user choice, you are not entitled to demerit, just because you say so, somebody's choice on how they want windows to be handled.

 

I can demerit.  The default is to protect the user. He doesn't want to be protected or think he needs to be.  I have an opinion that is different from his, and mine is the right one, because it's the one that protects my computer.  You're right, he can do whatever he wants and do not care if he wants to.  But I can demerit him. 

[Guest DewThePDX]

On 21/09/2023 at 21:26, devHead said:

I can demerit.  The default is to protect the user. He doesn't want to be protected or think he needs to be.  I have an opinion that is different from his, and mine is the right one, because it's the one that protects my computer.  You're right, he can do whatever he wants and do not care if he wants to.  But I can demerit him. 

To be fair, it's not even demeriting. You're just stating the facts.

[Arceles]

On 21/09/2023 at 22:26, devHead said:

I can demerit.  The default is to protect the user. He doesn't want to be protected or think he needs to be.  I have an opinion that is different from his, and mine is the right one, because it's the one that protects my computer.  You're right, he can do whatever he wants and do not care if he wants to.  But I can demerit him. 

Suuuuure, just because you say so. Sere is a uno reverse card for you, if you really wanted to be secure you would not be using windows and since it is *my opinion* is the correct one. Typical.

[Matthew S.]

On 22/09/2023 at 12:41, Arceles said:

Suuuuure, just because you say so. Sere is a uno reverse card for you, if you really wanted to be secure you would not be using windows and since it is *my opinion* is the correct one. Typical.

In the past that may have been true, but it's due more to obscurity not actual security.

 

macOS has vulnerabilities.
iOS has vulnerabilities.
Android has vulnerabilities (arguably more than iOS).
Windows has vulnerabilities.
Linux has vulnerabilities.
BSD has vulnerabilities.

 

UAC is the graphical equivalent of the sudo command on *nix, as such it should never be bypassed if you want to keep good security practices. 

[Arceles]

On 22/09/2023 at 10:54, Matthew S. said:

In the past that may have been true, but it's due more to obscurity not actual security.

 

macOS has vulnerabilities.
iOS has vulnerabilities.
Android has vulnerabilities (arguably more than iOS).
Windows has vulnerabilities.
Linux has vulnerabilities.
BSD has vulnerabilities.

 

UAC is the graphical equivalent of the sudo command on *nix, as such it should never be bypassed if you want to keep good security practices. 

Every single OS has vulnerabilities... but then again, whose servers are most of the stuff being run on? Linux. And if there are vulnerabilities to be addressed is exactly there.

[satukoro]

What's the point of running something as an administrator if you are an administrator and you have user account control disabled? Wouldn't that just run it in the security context of your current user?

[Guest DewThePDX]

On 22/09/2023 at 09:41, Arceles said:

Suuuuure, just because you say so. Sere is a uno reverse card for you, if you really wanted to be secure you would not be using windows and since it is *my opinion* is the correct one. Typical.

Problem is when you try to use opinion to defeat fact.

 

Fact always wins.

[Arceles]

On 22/09/2023 at 22:07, DewThePDX said:

Problem is when you try to use opinion to defeat fact.

 

Fact always wins.

That is cute, therefore, you can demerit because of facts instead of using facts to advise of the dangers of having a particular setting being removed... not surprised really.

[devHead]

On 22/09/2023 at 21:44, Arceles said:

That is cute, therefore, you can demerit because of facts instead of using facts to advise of the dangers of having a particular setting being removed... not surprised really.

You keep using that word, 'demerit'.  I don't think it means what you think it means.

[Arceles]

On 23/09/2023 at 07:48, devHead said:

You keep using that word, 'demerit'.  I don't think it means what you think it means.

Way too late for you to say that.

[Guest DewThePDX]

On 23/09/2023 at 07:14, Arceles said:

Way too late for you to say that.

It's really not.

All I'm seeing here is a pile of logical fallacies in search of a dopamine hit.

[binaryzero]

LOL this entire thread...

 

[Arceles]

On 24/09/2023 at 00:26, DewThePDX said:

It's really not.

All I'm seeing here is a pile of logical fallacies in search of a dopamine hit.

Cool, the only fallacy I see here is how a bunch of people that believe themselves security experts think that everything should be one way, the windows way and I seriously disagree with it.

[devHead]

On 24/09/2023 at 07:14, Arceles said:

Cool, the only fallacy I see here is how a bunch of people that believe themselves security experts think that everything should be one way, the windows way and I seriously disagree with it.

A bunch of people who think that the way Windows helps protect your PC is the correct way.  We're not security experts, but I would say that someone who wants to disable a security feature is also NOT a security expert.  Plus, it doesn't matter whether you agree with the way Windows handles security for the PC - heck, you're not even running Windows according to your signature.  So who are you to keep posting here and trying to correct others?  A fallacy means that something is false.  Are you saying that it's false to assume that having UAC enabled helps keep a PC more secure than when it's completely disabled?  Try running everything in Debian as root.  Would you do that? 

[Arceles]

On 24/09/2023 at 08:44, devHead said:

A bunch of people who think that the way Windows helps protect your PC is the correct way.  We're not security experts, but I would say that someone who wants to disable a security feature is also NOT a security expert.  Plus, it doesn't matter whether you agree with the way Windows handles security for the PC - heck, you're not even running Windows according to your signature.  So who are you to keep posting here and trying to correct others?  A fallacy means that something is false.  Are you saying that it's false to assume that having UAC enabled helps keep a PC more secure than when it's completely disabled?  Try running everything in Debian as root.  Would you do that? 

Because you simply do not know and your assumptions are making you look rather silly. Sure I do not for the most part use windows, but I have to use it in my ROG ALLY because Linux is not supported there yet. And I have been using windows even prior it had a GUI for it to know how the entire PC landscape, as well as security, works and that is why I switched to Linux after Window 11 came in. TRUE, you expose yourself to dangers whenever setting administrator rights to everything and this is a problem for the user that does not know anything and handle such PC as a normal everyday use one, but that does not mean that such case has an use, for example, in offline PCs and or legacy applications.

The absolute view of the people that things should be handled one way here is just baffling, unable to accept that there are reasons to do stuff out of the conventional way, quite akin to fascism.

[devHead]

On 24/09/2023 at 07:50, Arceles said:

Because you simply do not know and your assumptions are making you look rather silly. Sure I do not for the most part use windows, but I have to use it in my ROG ALLY because Linux is not supported there yet. And I have been using windows even prior it had a GUI for it to know how the entire PC landscape, as well as security, works and that is why I switched to Linux after Window 11 came in. TRUE, you expose yourself to dangers whenever setting administrator rights to everything and this is a problem for the user that does not know anything and handle such PC as a normal everyday use one, but that does not mean that such case has an use, for example, in offline PCs and or legacy applications.

The absolute view of the people that things should be handled one way here is just baffling, unable to accept that there are reasons to do stuff out of the conventional way, quite akin to fascism.

Fascism?  What are you smoking bro?  The OP is not using Windows 11 for offline or legacy usage.  I'm talking in general about how UAC protects your PC. You're right; I don't know his use case, but I know that any computer with UAC enabled is generally more secure than without it.