Windows 8 and 8.1 Forums


Disable UAC completely

  1. #11


    Sloe Deth, Californicatia
    Posts : 3,884
    Windows 8 Pro with Media Center/Windows 7


    Thanx hahaha

      My System SpecsSystem Spec

  2. #12


    "That's not a Problem for a man who has done LSD"
      My System SpecsSystem Spec

  3. #13


    Posts : 4
    win 8


    Quote Originally Posted by ciscodisco View Post
    Have you tried setting it to never notify via the Control Panel:

    Control Panel > User Accounts and Family Safety > User Accounts > Change User Account Control Settings.

    You can close 8 Apps by alt-f4.
    Well, as near as i could tell it had little effect. Even turning it off via registry doesn't disable it.

    Windows folder, as well as program files and program files(86) appear to all be owned by trusted user in Win 8,
    I think Windows was already owned by trusted user in win 7. Even admin cannot modify these folders, with or without uac.

    Now Windows, I can mostly see, but some files in Windows need changes by admin, such as hosts file.
    Many programs are designed as no-install. Just put the folder under program files and run it.
    Now it does not HAVE to be under program files, but its a pretty arbitrary thing to have to give up the organization and just put programs anywhere. Its nice to be able to find all of them in one (2) places.

    Many such programs are distributed, if not supported, by microsoft, all the sysinternals utilities for example.

    So, to modify this, you have to be admin, then take ownership, then make your changes.
    I have no idea how to put ownership back as trusted-user once you take ownership.

    Without taking ownership of the system folders, there are many simple things admin needs to do that just cannot be done.

    It would be nice if "trusted-user" allowed for program-file folders to be created by admin, then the folders owned/installed by trusted-user could retain the higher level of protection. In other words, one could still install programs as admin, but not modify other programs.

    One little irony is that whatever magic lets installers install as trusted user cannot possibly prevent a malware
    from using the same mechanism to install malware as trusted-user, leaving the average user no way to delete or uninstall it. Yea!

    Logic was never their strong point.
      My System SpecsSystem Spec


  4. #14


    Redmond
    Posts : 651
    Windows 8.1 x64


    It would be interesting if you could let us know what you need to do that requires you to take ownership of a folder that Trusted Installer owns, for instance. To your other point, installation programs are allowed to run as trusted installer (the ones that use the Microsoft Installer/MSI engine, anyway) because the admin allowed them to run with an elevated token and as such will be able to be installed via the program/service that has that right (msiserver). Either the admin accepted the UAC prompt, automated the prompt acceptance behavior (put the UAC slider down to the bottom), or ran with UAC disabled - doing the last two aren't good ideas either, for this and other reasons, because doing so has the side-effect of disabling the app sandboxes that protect apps from each other, the system, and malware. Also, using the system for everyday activities as an admin is, frankly, downright stupid for these same reasons, but people still do it and then blame Microsoft for security issues - either you're an admin (and you can bust the system if you're not careful, and yes, I include disabling UAC and running everyday tasks as admin to be "not being careful") and your actions can hose the system, or you're not.
      My System SpecsSystem Spec

  5. #15


    Posts : 4
    win 8


    Quote Originally Posted by cluberti View Post
    It would be interesting if you could let us know what you need to do that requires you to take ownership of a folder that Trusted Installer owns, for instance. To your other point, installation programs are allowed to run as trusted installer (the ones that use the Microsoft Installer/MSI engine, anyway) because the admin allowed them to run with an elevated token and as such will be able to be installed via the program/service that has that right (msiserver). Either the admin accepted the UAC prompt, automated the prompt acceptance behavior (put the UAC slider down to the bottom), or ran with UAC disabled - doing the last two aren't good ideas either, for this and other reasons, because doing so has the side-effect of disabling the app sandboxes that protect apps from each other, the system, and malware. Also, using the system for everyday activities as an admin is, frankly, downright stupid for these same reasons, but people still do it and then blame Microsoft for security issues - either you're an admin (and you can bust the system if you're not careful, and yes, I include disabling UAC and running everyday tasks as admin to be "not being careful") and your actions can hose the system, or you're not.
    I think I answered the first bit.
    As to the second, everyone administers their own pc. Asking them if running this program should be allowed, is a question no one knows the answer to. If your virus scanner misses something, which happens a lot, it will ask you if this is ok tpo install. Well, you already ran the install program, so probably you say yes. Trusted user or no trusted user, it gets installed.

    Now, you discover the program behaves badly, and one of the ways it behaves badly is it refuses to uninstall.
    And you know how to run as admin, but low and behold, you cannot delete any of the files, because they are
    under trusted installer, and even admin cannot touch them.

    So, sorry, but the logic to trusted installer is exactly backwards. It did NOTING to tell you wether programs are dangerous or not, but if the malware gets in, it takes someone pretty sophisticated to remove it, because of trusted installer.

    The entire subject of security generally requires you to know the unknowable. Once threats become known, programs can deal with them. But having the user say "yes i really meant install" when user runs an install program adds zero zip nada to security. They already decided to install. Taking the average user's ability to delete something that has proved harmful after it has been installed, is a negative security step.

    So to expound on previous post, one reason to remove trusted installer, is so that when some installed program proves harmful, i can in fact delete it.

    My computers have been secure for some years, well decades, and were they invaded they are all securely backed up. Have had to squish a virus or two, but never lost a file.

    I guess here is where we agree to disagree.

    Best wishes.
      My System SpecsSystem Spec

  6. #16


    Redmond
    Posts : 651
    Windows 8.1 x64


    I think you then miss the point of the Trusted Installer account - it's designed to "protect" the PC from just such an attack by setting tight security on keys and files/folders that should only be modified by installers. If a program fails to uninstall, it probably didn't install in the first place properly. I'd still say there are ways to fix that without destroying the security integrity of the system.
      My System SpecsSystem Spec

  7. #17


    Posts : 4
    win 8


    Well, since the installer is whatever poor guy has the pc, the trusted-installer does not perform the task it is designed to do.
    It does the opposite, by making malware un-uninstallable by ordinary mortals.

    trusted-installer does nothing to protect malware from being installed, that admin privilege on system files did not already do.
    Either one requires the user to say "yes" to install it (and for malware, that was the wrong answer).

    I don't disagree with the motive, but the design is faulty.
    Presumably it is there to create an admin above the admin that you guys keep saying not to run as,
    but that does nothing to protect anything. At the end of the day, people admin their own pc's.

    Malware, once installed, can elevate itself to trusted-installer user by the same mechanism that install programs do,
    and from there, it can muck the universe inside the pc. I would not post this if it were hard to figure that out.
    Anyone capable of writing a virus can already get past trusted-installer. This just makes them work an extra half day to do that.
      My System SpecsSystem Spec

  8. #18


    Posts : 1
    windows 8 x86


    thank you very much. it was very helpful.
      My System SpecsSystem Spec

  9. #19


    Just to say thank you, this really helped.
      My System SpecsSystem Spec

  10. #20


    Posts : 1
    windows 8 pro


    Quote Originally Posted by jigglywiggly View Post
    It stops metro apps from working though.
    can only be a bonus they are clunky and cant be easily closed and are never up to date.
      My System SpecsSystem Spec

Page 2 of 3 FirstFirst 123 LastLast
Disable UAC completely

Similar Threads
Thread Forum
Windows 8.1 disable search bar completely
When i play games or do other full screen stuff, and when i press alt+tab to go to desktop, it shows "search pane" and opens me charm bar with search bar only in it... I have classic shell installed, i have disabled all that broken metro stuff, from hot corners, charm bar, to start screen, but that...
General Support
How to disable Windows Firewall completely?
Hi, Can any of you tell me whether or not it is possible to turn the Windows Firewall completely off, so that it does not turn itself on, whenever I join a new public network? I have tried the following command in the command prompt: "netsh advfirewall set allprofiles state off", which should...
System Security
How do I completely uninstall an app?
Hello! Long story short I made a post on here asking about an error, but apparently nobody knew a solution, so I looked further into it myself. When I go to the Store and choose Account > My apps, this is what I see. 47428 It says there are four apps that are on my pc, yet it also says that...
Software and Apps
How to Disable Camera completely?
I've seen tutorials for disabling the Camera on the Lock Screen, but how do I disable the camera completely?
Drivers & Hardware
How to completely disable Windows Defender? - Windows 8.1
So I've been running the 8.1 Pro Preview since it went live, and I gotta say, I'm pretty happy with it overall, one thing that's bothering me though is that I can't seem to find a way to disable Windows Defender completely through either gpedit.msc or services.msc (it's grayed out). In 8.0 there...
System Security
Completely disable permissions...???
I hate this friggin nonsense. I cannot even save a generic file to my "C" drive. Even after a clean install. There must be a way to rid myself of this nonsense.:mad: Thanks.
General Support
Windows 8 Will Be Completely Different.
Source - http://news.softpedia.com/news/Windows-8-Will-Be-Completely-Different-134487.shtml
Windows 8 News

Eight Forums Android App Eight Forums IOS App Follow us on Facebook