HOWTO: Disable Security Center UAC Warning

[Andareed]

If you try to disable UAC, the Security Center alerts you every time at login that UAC is disabled, and offers to "fix" the "problem". I found a registry value that will make it be quiet:

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center:
	UacDisableNotify (DWORD)
	InternetSettingsDisableNotify (DWORD)
	AutoUpdateDisableNotify (DWORD)

If the value is set to 1, the associated warning will not appear. Not sure what the last 2 settings control.

I'm surprised that this is possible, since if a malicious application were to disable UAC, a user would have no warning. I recall MS stating that such notifications would not be disablable (except maybe for A/V vendors) for this very reason.

Mods: I'm planning to poke around some more and post some more registry keys/values to change settings. If there is a better place to post stuff like this, let me know.

[I8PP]

For UAC to be disabled/enabled, a UAC prompt is shown beforehand to continue/cancel the action so the user in theory will be informed if such an action is being attempted. There may be malicious ways to subvert this behaviour but only time will tell.

To shut the security center up completely (true for build 5744, RTM could be the same...), launch the security center, on the left side click on Change the way security center alerts you and choose turn off or something to that effect.

[John Veteran]

Does no one want to be secure??? Why does everyone disable the UAC and insist on allowing any piece of software the chance to take over their computer?

User account security restrictions exist not because the USER is untrustworthy, it's because the SOFTWARE is untrustworthy... You as the user can always grant yourself more permissions. There's no way of knowing what an EXE you downloaded will do or what that script you were emailed will do to your machine though.

[cyoung1616]

  John said:

Does no one want to be secure??? Why does everyone disable the UAC and insist on allowing any piece of software the chance to take over their computer?

User account security restrictions exist not because the USER is untrustworthy, it's because the SOFTWARE is untrustworthy... You as the user can always grant yourself more permissions. There's no way of knowing what an EXE you downloaded will do or what that script you were emailed will do to your machine though.

Because a lot of us have been using Windows for years without this and have enough sense to know what is going on and don't really want Microsoft treating us like noobies. We take full responsibility for our actions. Not to mention most people when they get the message just go right ahead and run the program.

Cody

[John Veteran]

Did you just miss the entire point of my post? Microsoft isn't treating users as noobies, it's treating software as foreign and untrustworthy. Are you going to take full responsibility for every piece of executable code that comes across your machine? Think about that for a second... Open Task Manager and look how many threads are running right now on your machine. How many of them do you actually have any idea of their purpose?

[Andareed]

As a developer, I routinely need Admin privileges and the UAC prompt is annoying.

I find that auto-prompting for permission is somewhat bad, since I suspect most people will blindly click Allow. I'd rather have apps denied access by default, and force myself to right-click and "Run as Administrator" when needed.

In the future, I'll probably grant "Always eleveate" to a bunch of apps that I always use (and that need admin privileges), and auto-deny other apps.

[cyoung1616]

  John said:

Did you just miss the entire point of my post? Microsoft isn't treating users as noobies, it's treating software as foreign and untrustworthy. Are you going to take full responsibility for every piece of executable code that comes across your machine? Think about that for a second... Open Task Manager and look how many threads are running right now on your machine. How many of them do you actually have any idea of their purpose?

All of them.

Cody

[Monty27]

  cyoung1616 said:

Because a lot of us have been using Windows for years without this and have enough sense to know what is going on and don't really want Microsoft treating us like noobies. We take full responsibility for our actions. Not to mention most people when they get the message just go right ahead and run the program.

Cody

Agreed

It's weird the way when people hear or read it's more secure, they just accept it. How is clicking an extra dialog box more secure. Picture the scene, your not IT aware like most here and you get an email or a webpage telling your computer is unsafe, click here to check your system, they do get the UAC prompt, think to themselves "ofcourse I'm gonna run this programme", click accept. Very secure.

Now that'll not affect most that know what Neowin is, given that marketing is going to sell Vista as more secure, people are more likely to not be as careful and click away annoyingly at the extra dialog boxes.

Cheers for the reg edit, to clear up Security center

[»X«]

At least let us choose. Let there be a clear and easy way to completely disable uac and its annoying notifications ourselves. I will take full responsibility for every piece of code running. It will be my error alone.

[cyoung1616]

  Monty27 said:

Agreed

It's weird the way when people hear or read it's more secure, they just accept it. How is clicking an extra dialog box more secure. Picture the scene, your not IT aware like most here and you get an email or a webpage telling your computer is unsafe, click here to check your system, they do get the UAC prompt, think to themselves "ofcourse I'm gonna run this programme", click accept. Very secure.

Now that'll not affect most that know what Neowin is, given that marketing is going to sell Vista as more secure, people are more likely to not be as careful and click away annoyingly at the extra dialog boxes.

Cheers for the reg edit, to clear up Security center

Yeah, I watched a guy at the old place I worked at the other day get a virus warning from Norton and he clicked ignore and went right on, sure enough it was a virus and asked to reboot and that was all she wrote, format and reload. Now this is from a computer repair shop and I asked him wth and he replied I always just click ignore. Some people are just going to do it anyway.

Cody

[ToneKnee]

UAV is sort of pointless. I like that Microsoft have taken steps to help with Virus/Spyware problems etc, but people still won't read what the warnings and carry on clicking 'Ok' or whatever.

Another way to get round the security centre thing is to disable it all together. I have no need for it.

[p1p3]

UAC in only pointless if you keep running as a member of administrators. If you drop your account to a normal user you will be prompted for the administrator password every time instead. This is even more annoying at times but i have the administrator account enabled on my machine for administrative tasks. I'm not sure about this but I think you can disable UAC prompts for just the administrator.

I can understand people who use their machine for programming and other things that require frequent administrator privileges might want want to disable it altogether and I see no problem with that at all. One thing that I would have done is to set up a second account for those tasks with UAC disabled.

In my opinion there is absolutely no reason to run as a member of administrators on vista if you are just browsing the web, watching movies, listening to music, writing in office and similar tasks.

[Brandon Live Veteran]

UAC is one of the best features of Vista. My only complain with it is the double-prompting that the shell does - and if I have any input on the subject (having recently joined the Shell team) I'll be pushing for those to get killed in SP1.