How to remove UAC shield icon from shortcuts when UAC is disabled?

[Arceles]

On 24/09/2023 at 08:56, devHead said:

Fascism?  What are you smoking bro?  The OP is not using Windows 11 for offline or legacy usage.  I'm talking in general about how UAC protects your PC. You're right; I don't know his use case, but I know that any computer with UAC enabled is generally more secure than without it.  

It is more insecure to access websites of dubious content that leaving UAC off. UAC off is fine as long as you know 100% what is in your PC and what you are entering in your PC.

[adrynalyne]

On 24/09/2023 at 07:58, Arceles said:

It is more insecure to access websites of dubious content that leaving UAC off. UAC off is fine as long as you know 100% what is in your PC and what you are entering in your PC.

Which nobody does and those who say they do are full of crap, regardless of OS used.

[Arceles]

On 24/09/2023 at 17:17, adrynalyne said:

Which nobody does and those who say they do are full of crap, regardless of OS used.

Sure again, specially you, who likes to speak for all with your moral superiority complex. I ¨survived" without UAC in my personal PC for more than a decade with no issue, but I was responsible enough to do so.

[adrynalyne]

On 24/09/2023 at 22:18, Arceles said:

Sure again, specially you, who likes to speak for all with your moral superiority complex. I ¨survived" without UAC in my personal PC for more than a decade with no issue, but I was responsible enough to do so.

/clap. Doesn’t change the truth of what I said. I’m sure you are arrogant enough to believe otherwise. 

[Arceles]

On 25/09/2023 at 00:09, adrynalyne said:

/clap. Doesn’t change the truth of what I said. I’m sure you are arrogant enough to believe otherwise. 

Your truth is rather pointless when does not apply to everybody. Try again.

[adrynalyne]

On 25/09/2023 at 06:32, Arceles said:

Your truth is rather pointless when does not apply to everybody. Try again.

I don’t need to try again, you are in denial. 
 

 

[Arceles]

On 25/09/2023 at 08:09, adrynalyne said:

I don’t need to try again, you are in denial. 
 

 

No, you are here in denial. There is evidence of this in many of your post where you want your opinion to be truth but it does not apply to everybody. Try harder.

[adrynalyne]

On 25/09/2023 at 07:14, Arceles said:

No, you are here in denial. There is evidence of this in many of your post where you want your opinion to be truth but it does not apply to everybody. Try harder.

I don’t need to, you are living in a dream world. I know it’s hard for you to see. 
 

It’s called a delusion and you are arrogantly defending it. It’s cute. 

[satukoro]

UAC is like a seatbelt. Sure, you can get away without one most of the time, but you're demonstrably safer with it. There's nothing to argue about.

[adrynalyne]

On 25/09/2023 at 07:19, satukoro said:

UAC is like a seatbelt. Sure, you can get away without one most of the time, but you're demonstrably safer with it. There's nothing to argue about.

Exactly, because nobody can predict everything that will happen and always prevent a car accident. 

[Arceles]

On 25/09/2023 at 08:19, satukoro said:

UAC is like a seatbelt. Sure, you can get away without one most of the time, but you're demonstrably safer with it. There's nothing to argue about.

 

On 25/09/2023 at 08:23, adrynalyne said:

Exactly, because nobody can predict everything that will happen and always prevent a car accident. 

Listen I work in passive safety and more explicitly in airbag stuff. Your analogy is... missing. They key important in a car crash is always energy absorbtion, that is why cars deform like thin foil nowadays, second, the seat belt is there for you not to be thrown away out of the car due to inertia, and finally the airbag deploys there WITH YOU ON THE SEAT DUE TO THE SEAT BELT KEEPING YOU IN PLACE.

Many factors are at place here and I'm only talking about a frontal crash. The analogy does not work that well for PCs.

Is it dangerous to disable UAC? hell yes. Can you do it in PCs knowing what you are doing? YES.

Can you not drive with a seatbelt in a car? NO, there are strict regulations about this as your life is at risk and also because it is part of a much more complex system designed to keep you alive. Oh and you know what? airbags are only designed to keep you alive within a margin of speed. Get out of that margin and the airbag is not guaranteed to save you at all.

[satukoro]

On 25/09/2023 at 10:31, Arceles said:

 

Listen I work in passive safety and more explicitly in airbag stuff. Your analogy is... missing. They key important in a car crash is always energy absorbtion, that is why cars deform like thin foil nowadays, second, the seat belt is there for you not to be thrown away out of the car due to inertia, and finally the airbag deploys there WITH YOU ON THE SEAT DUE TO THE SEAT BELT KEEPING YOU IN PLACE.

Many factors are at place here and I'm only talking about a frontal crash. The analogy does not work that well for PCs.

You're just being intentionally difficult at this point. The analogy works perfectly. Without a seatbelt you are less safe in the event of an accident. Without UAC, you are less safe in the event of an accident.

[Arceles]

On 25/09/2023 at 08:34, satukoro said:

You're just being intentionally difficult at this point. The analogy works perfectly. Without a seatbelt you are less safe in the event of an accident. Without UAC, you are less safe in the event of an accident.

You can say what you want but I know my stuff in airbags and much more that I cannot say here, your analogy does not impresses me at all as you are showing a lack of understanding in how passive safety keeps you alive in the case of a car crash.

[satukoro]

On 25/09/2023 at 10:36, Arceles said:

You can say what you want but I know my stuff in airbags and much more that I cannot say here, your analogy does not impresses me at all as you are showing a lack of understanding in how passive safety keeps you alive in the case of a car crash.

I'm not sure if you have trouble reading (evidence suggests you do), but wording is important. Less safe were the operative words here. Your work in passive safety is entirely irrelevant in this discussion about user account control.

[Arceles]

On 25/09/2023 at 08:39, satukoro said:

I'm not sure if you have trouble reading (evidence suggests you do), but wording is important. Less safe were the operative words here. Your work in passive safety is entirely irrelevant in this discussion about user account control.

The same can be said about your analogy of passive safety and PCs.

[satukoro]

On 25/09/2023 at 10:52, Arceles said:

The same can be said about your analogy of passive safety and PCs.

You're just grasping at straws here.

Your statement of how seatbelts are but a small part of all the safety measures in place to keep you alive in a car crash only supports my analogy. UAC is not the only thing in place to keep your computer safe in the event of malicious actors. 

[Arceles]

On 25/09/2023 at 09:00, satukoro said:

You're just grasping at straws here.

Your statement of how seatbelts are but a small part of all the safety measures in place to keep you alive in a car crash only supports my analogy. UAC is not the only thing in place to keep your computer safe in the event of malicious actors. 

Correct, but UAC in itself is not a crash deterring option. Does it help? Maybe a little, if anything browsing the internet is far more dangerous because the first thing they do is to exploit stuff that avoids the UAC protection. Can you disable it knowing what are you doing? YES.

You cannot remove your seatbelt in a car because a crash will happen and you are to die. Not so much with browsing the internet and disabling UAC as the exploits there usually try to suppress or circumvent UAC. Bsically only helps you to avoid questionable downloaded files to be run and being potentially a virus. But I would advise first not to download questionable files, or if you simplydo not know what you are doing then simply do not disable it.

[satukoro]

On 25/09/2023 at 11:08, Arceles said:

Correct, but UAC in itself is not a crash deterring option. Does it help? Maybe a little, if anything browsing the internet is far more dangerous because the first thing they do is to exploit stuff that avoids the UAC protection. Can you disable it knowing what are you doing? YES.

You cannot remove your seatbelt in a car because a crash will happen and you are to die. Not so much with browsing the internet and disabling UAC as the exploits there usually try to suppress or circumvent UAC. Bsically only helps you to avoid questionable downloaded files to be run and being potentially a virus. But I would advise first not to download questionable files, or if you simplydo not know what you are doing then simply do not disable it.

I don't think you understand what user account control does (or frankly what the role of a seatbelt in a vehicle is).

[grunger106]

On 25/09/2023 at 16:42, satukoro said:

I don't think you understand what user account control does (or frankly what the role of a seatbelt in a vehicle is).

Agreed,

This is akin to saying 'I'm a firefighter, I know where all combustible materials are therefore I don't need smoke alarm because I know best'

In the time since UAC arrived (and it used to be more noisy in Vista when it first arrived) I can think of exactly 0 times I've ever had to disable it, and no reason why I would consider doing so.
If some piece of software required me to run as admin, disable UAC or anything along those lines I'd be replacing the software and having words with the vendor.

You have UAC of sorts in Linux too - unless you're running as root

I see so many threads where someone obviously has enough of an idea that they know what they're doing that they're actually in that very dangerous space of knowing enough to get themselves in trouble, but not enough to understand why something is a bad idea or see the wider risk
If you are messing with the registry, changing security defaults etc, running random 'lighten my Windows install scripts'
I can't remember the last time I manually edited a registry key, disabled a firewall, turned of UAC, disabled Windows Updates

Understand that IT security is an onion model and is based on defence in depth, UAC is a piece of the puzzle.
Rule of least privilege - we have to self elevate for a period when working in Azure, I'm only a GA when I need to be and only for a period of time

Edited September 25, 2023 by grunger106

[Arceles]

On 25/09/2023 at 09:51, grunger106 said:

Agreed,

This is akin to saying 'I'm a firefighter, I know where all combustible materials are therefore I don't need smoke alarm because I know best'

In the time since UAC arrived (and it used to be more noisy in Vista when it first arrived) I can think of exactly 0 times I've ever had to disable it, and no reason why I would consider doing so.
If some piece of software required me to run as admin, disable UAC or anything along those lines I'd be replacing the software and having words with the vendor.

You have UAC of sorts in Linux too - unless you're running as root

I see so many threads where someone obviously has enough of an idea that they know what they're doing that they're actually in that very dangerous space of knowing enough to get themselves in trouble, but not enough to understand why something is a bad idea or see the wider risk
If you are messing with the registry, changing security defaults etc, running random 'lighten my Windows install scripts'
I can't remember the last time I manually edited a registry key, disabled a firewall, turned of UAC, disabled Windows Updates

Understand that IT security is an onion model and is based on defence in depth, UAC is a piece of the puzzle.
Rule of least privilege - we have to self elevate for a period when working in Azure, I'm only a GA when I need to be and only for a period of time

Well you might disguise it in different words but is till the very same argument from the beginning and does not invalidate the fact that you can disable if you know what you are doing. And for the record, There is only a single device that I run in windows and that is my rog ally. Everything else is Debian. Sure there is also root permissions there and in general there is no need to disable it (well, running always as root that is). Hell, there are ways to give permanent root permissions to a program if you so desire (e.g. https://gitlab.com/corectrl/corectrl/-/wikis/Setup) this is not something available in windows and if it were available then there would be no need for this discussion.

Edited September 25, 2023 by Arceles

[+Matthew S. Subscriber²]

Uhh actually there is and again if something needs to be running as admin but doesn't actually need admin rights, that's on the developer to fix.

[satukoro]

On 25/09/2023 at 12:17, Arceles said:

Well you might disguise it in different words but is till the very same argument from the beginning and does not invalidate the fact that you can disable if you know what you are doing. And for the record, There is only a single device that I run in windows and that is my rog ally. Everything else is Debian. Sure there is also root permissions there and in general there is no need to disable it. Hell, there are ways to give permanent root permissions to a program if you so desire (e.g. https://gitlab.com/corectrl/corectrl/-/wikis/Setup) this is not something available in windows and if it were available then there would be no need for this discussion.

This absolutely exists for windows: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771525(v=ws.11)

Create a shortcut to your executable. Modify the "Target" under the shortcut's properties to: runas /user:DOMAIN\USERNAME /savecred "path to executable"

[Arceles]

On 25/09/2023 at 10:23, Matthew S. said:

Uhh actually there is and again if something needs to be running as admin but doesn't actually need admin rights, that's on the developer to fix.

 

On 25/09/2023 at 10:26, satukoro said:

This absolutely exists for windows: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc771525(v=ws.11)

Create a shortcut to your executable. Modify the "Target" under the shortcut's properties to: runas /user:DOMAIN\USERNAME /savecred "path to executable"

Okay, I stand corrected. In this case then this is the best option to use. However, there are some programs that legit require admin rights, hell, installing anything often brings up the uac popup screen. Low leve thinkering mostly, undervolt or overclocking tools.

[grunger106]

On 25/09/2023 at 17:17, Arceles said:

Well you might disguise it in different words but is till the very same argument from the beginning and does not invalidate the fact that you can disable if you know what you are doing. And for the record, There is only a single device that I run in windows and that is my rog ally. Everything else is Debian. Sure there is also root permissions there and in general there is no need to disable it (well, running always as root that is). Hell, there are ways to give permanent root permissions to a program if you so desire (e.g. https://gitlab.com/corectrl/corectrl/-/wikis/Setup) this is not something available in windows and if it were available then there would be no need for this discussion.

The point people are trying to make is yes you CAN disable UAC but (even if you 'know what you're doing') you shouldn't.

Maybe the question should be, other than to prove you can, what do think you gain by doing so?

As @satukoro has said, you can auto-elevate a program in Windows, but this requires storing credentials in a potentially reversable format, again not a good idea (although I think their comment was more for example than a suggestion of something you do)

Auto-elevation is a bad thing, stored credentials are a bad thing, can you - sure, should you, no - there are a million things you *can* do, I can install Windows XP, put a hacked up 'SP4' on it and bring put it on the internet, will it load pages and run software? Sure, is it a good idea? no.
 

[adrynalyne]

If people are having issues with the workflow of running things as admin and UAC, there is a “sudo” package for Windows that will prompt UAC automatically and allow to elevate permissions. 
 

https://github.com/gerardog/gsudo