How to remove UAC shield icon from shortcuts when UAC is disabled?

[Arceles]

On 25/09/2023 at 11:15, grunger106 said:

The point people are trying to make is yes you CAN disable UAC but (even if you 'know what you're doing') you shouldn't.

Maybe the question should be, other than to prove you can, what do think you gain by doing so?

As @satukoro has said, you can auto-elevate a program in Windows, but this requires storing credentials in a potentially reversable format, again not a good idea (although I think their comment was more for example than a suggestion of something you do)

Auto-elevation is a bad thing, stored credentials are a bad thing, can you - sure, should you, no - there are a million things you *can* do, I can install Windows XP, put a hacked up 'SP4' on it and bring put it on the internet, will it load pages and run software? Sure, is it a good idea? no.
 

I would not say that is a good idea unless you know what you are doing.

I also do not endorse to do such things on work environments.

If anything this is only for personal use, and BTW, I do have both Win98 and WinXP retro machines with as many updates as possible (not breaking compatibility) for some older games I play. So in a sense I do the stuff you think it is not a good idea, but these are not my main machines nor I do anything relevant in them other than turning them on once in a while purely by nostalgic reasons.

 

[grunger106]

On 25/09/2023 at 19:15, Arceles said:

I would not say that is a good idea unless you know what you are doing.

I also do not endorse to do such things on work environments.

If anything this is only for personal use, and BTW, I do have both Win98 and WinXP retro machines with as many updates as possible (not breaking compatibility) for some older games I play. So in a sense I do the stuff you think it is not a good idea, but these are not my main machines nor I do anything relevant in them other than turning them on once in a while purely by nostalgic reasons.

 

As do I, I have an XP box, a 98 box and a pair Dos 6.22 VMs, however they are all isolated from the world and other machines (or are on a VLAN that is for that DOS 6.22 Doom deathmatch goodness).

I've got 2 MAME cabs with all sorts of scripting, AV fully disabled, again air-gapped, single purpose boxes (still have UAC , not that it really matters)
But those are non-connected, non-standard specific case machines - If the box is air-gapped, then go nuts. If the box isn't, leave it default.

The term 'know what your doing' is on that strikes fear into sysadmins TBH.

Generally in my career I've seen 3 groups of users.
1. Don't know what they're doing, and leave stuff alone
2. Really know what they're doing and leave stuff alone (OR make well informed changes via supported paths - via GP, MDM, SCCM etc or using DSC, Terraform etc)
3. Think they know what they're doing, and tweak stuff, customise stuff, break stuff and then blame the vendor - AKA know enough to cause trouble,
 

[Arceles]

On 25/09/2023 at 12:27, grunger106 said:

As do I, I have an XP box, a 98 box and a pair Dos 6.22 VMs, however they are all isolated from the world and other machines (or are on a VLAN that is for that DOS 6.22 Doom deathmatch goodness).

I've got 2 MAME cabs with all sorts of scripting, AV fully disabled, again air-gapped, single purpose boxes (still have UAC , not that it really matters)
But those are non-connected, non-standard specific case machines - If the box is air-gapped, then go nuts. If the box isn't, leave it default.

The term 'know what your doing' is on that strikes fear into sysadmins TBH.

Generally in my career I've seen 3 groups of users.
1. Don't know what they're doing, and leave stuff alone
2. Really know what they're doing and leave stuff alone (OR make well informed changes via supported paths - via GP, MDM, SCCM etc or using DSC, Terraform etc)
3. Think they know what they're doing, and tweak stuff, customise stuff, break stuff and then blame the vendor - AKA know enough to cause trouble,
 

Yeah well, you are talking pretty much in work environments, in  such case the computer pretty much belongs to the company and you are not allowed to do anything in them... usually. If not, this is a potential security risk no matter how informed is the person and these machines should still be handled by the manual.

I would not go as to air gap win 98 and win xp machines, I see no need for it you can be so much paranoic about some stuff. Then again I use them at best 1 or 2 hours and browsing websites is not exactly feasible due to their slowness, LAN is used there just to transfer files and UAC there is disabled as I thinker with them a lot.  I would go as far as to air gap them if they were constantly on but they aren't.

My current windows 10 install in the rog ally is also with UAC disabled. I do not use anything there outside of steam and emulators and I know very well the risk of having UAC off but then again I did this with all of my personal windows installs since windows vista and not a single issue. Sue me if you want but I had no real issues with that.

[Matthew S.]

On 25/09/2023 at 13:23, adrynalyne said:

If people are having issues with the workflow of running things as admin and UAC, there is a “sudo” package for Windows that will prompt UAC automatically and allow to elevate permissions. 
 

https://github.com/gerardog/gsudo
 

 

Doesn't winget/wingetui use gsudo?

[adrynalyne]

On 25/09/2023 at 12:55, Matthew S. said:

Doesn't winget/wingetui use gsudo?

I dunno. Maybe?

[adrynalyne]

On 25/09/2023 at 12:55, Matthew S. said:

Doesn't winget/wingetui use gsudo?

The more I think about it, I don't think so. appx apps install local to the account and msi installers handle UAC.

I think the installers are what prompt UAC in those cases.

[Matthew S.]

if I get a chance I'll check tonight and see if I have pending updates for .exe installers, pretty sure I've seen gsudo flash before.

[Matthew S.]

Yup uses gsudo

[adrynalyne]

On 25/09/2023 at 19:37, Matthew S. said:

Yup uses gsudo

Is it just the third party front end using it? I’ve always just used CLI. It’s handy. I install it along with nvm for Windows on any machine I use and consider them staples. 

[Matthew S.]

I think it's in part because WinGetUI can use other backends besides winget.

[Guest DewThePDX]

On 24/09/2023 at 07:14, Arceles said:

Cool, the only fallacy I see here is how a bunch of people that believe themselves security experts think that everything should be one way, the windows way and I seriously disagree with it.

The one pretending to be an expert here is you.

 

I'm actually a retired Microsoft employee that's a subject matter expert in social engineering and cybersecurity. 

 

You can continue to disagree with reality all you want. No one is stopping you.

[Arceles]

On 26/09/2023 at 18:42, DewThePDX said:

The one pretending to be an expert here is you.

 

I'm actually a retired Microsoft employee that's a subject matter expert in social engineering and cybersecurity. 

 

You can continue to disagree with reality all you want. No one is stopping you.

I hope you also haven't forgotten to read all the previous post. Btw, being an ex Microsoft employee does not sound nice, never has.

[Matthew S.]

On 27/09/2023 at 01:34, Arceles said:

I hope you also haven't forgotten to read all the previous post. Btw, being an ex Microsoft employee does not sound nice, never has.

Wow, class act you are.  He's retired, meaning he left the company on his own terms.

[binaryzero]

On 27/09/2023 at 15:34, Arceles said:

I hope you also haven't forgotten to read all the previous post. Btw, being an ex Microsoft employee does not sound nice, never has.

I work with Microsoft employees regularly (weekly), they seem to enjoy their job... No, not break fix (tech support).

I don't mind when they cover the bill on a Friday arvo.

[Arceles]

On 26/09/2023 at 23:58, Matthew S. said:

Wow, class act you are.  He's retired, meaning he left the company on his own terms.

Is not the retirement part (which, good for him), is the microsoft part that never has sounded any bit good. I also have been offered some positions there, but I have seen the entire story of MS so far and I do not like them one bit as an enterprise, their OSes were good until windows 10 though.

[Guest DewThePDX]

On 27/09/2023 at 06:36, Arceles said:

Is not the retirement part (which, good for him), is the microsoft part that never has sounded any bit good. I also have been offered some positions there, but I have seen the entire story of MS so far and I do not like them one bit as an enterprise, their OSes were good until windows 10 though.

Understood.

 

You're worth no further consideration.

[LaP]

Man this thread is weird. I'm lost but are some people here really arguing that disabling UAC is a good thing and wont impact the security of your OS? Because man that's a weird argument to make. I mean you want to disable UAC and remove the icon fine that's your call but i don't think Neowin is the place to ask how to do that. Obviously mostly everyone here will recommend you to keep it on as it should be.

I think you can make a scheduled task and run it from a link if you want to avoid the UAC prompt for a particular program.

Edited September 27, 2023 by LaP

[Arceles]

On 27/09/2023 at 13:03, DewThePDX said:

Understood.

 

You're worth no further consideration.

Glad you reached that conclusion, I can follow your example and do exactly the same.