Fine Tune User Account Control

Aside from being incredibly annoying in Windows Vista, User Account Control reduced the number of malware infections by more than 70% compared to Windows XP computers. The value and security UAC provides is well known but the way it was implemented drove users crazy. In Windows 7 UAC has been significantly improved. The amount of UAC prompts has been greatly reduced and a new control panel applet allows you to modify your protection level. For the first time Windows allows you to treat events caused by applications and user generated events differently.

Tuning User Account Control with the Action Center

All of the new UAC settings can be found in the Action Center. The best way to get directly to the settings through Control Panel and then search for Change User Account Control. Once there you will see a slider with four options:

• Always notify when programs try to install software or make changes to my computer and when I make changes to Windows settings.
• Notify me only when programs try to make changes to my computer and don’t notify me when I make changes to Windows settings. This is the new default setting.
• Notify me only when programs try to make changes to my computer and do not use secure desktop (do not dim my desktop). Also, do not notify me when I make changes to Windows settings.
• Never notify me when programs try to install software or make changes to my computer and when I make changes to Windows settings. This will turn UAC off.

You can change the level of UAC protection by using the slider and then clicking OK. The lower you go the less secure your computer will be.

If you want even more control over UAC you can use the local group policy editor.

Tuning User Account Control with Local Group Policy Editor

With the Local Group Policy editor you can adjust even more User Account Control settings. Click on the Start button and type in gpedit.msc and hit Enter. When the Local Group Policy editor is loaded, navigate through Computer Configuration, Windows Settings, Security Settings, Local Policies and Security Options. On the bottom of the list you will find all of the User Account Control settings.

• User Account Control: Admin Approval Mode for the Built-in Administrator account.
• User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
• User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode.
• User Account Control: Behavior of the elevation prompt for standard users.
• User Account Control: Detect application installations and prompt for elevation.
• User Account Control: Only elevate executables that are signed and validated.
• User Account Control: Run all users, including administrators, as standard users.
• User Account Control: Virtualizes file and registry write failures to per-user locations.

To modify a setting just right click on it and select Properties. Once you make your changes hit OK. Some settings may require a reboot.