You can use Group Policy settings to configure UAC behavior on targeted computers. Additionally, you can disable UAC by using Control Panel or Msconfig.exe or by editing registry settings directly.

• Group Policy Settings

You can configure UAC using local or Active Directory Domain Services (AD DS) Group Policy settings located in the following node: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options

You can configure the following settings:

• User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode. By default, this setting is set to Prompt For Consent For Non-Windows Binaries, which causes the UAC prompt to appear any time an application needs more than standard user privileges.
  
• User Account Control: Behavior Of The Elevation Prompt For Standard Users. By default, this setting is Prompt For Credentials in workgroup environments and Automatically Deny Elevation Requests in domain environments.
  
• User Account Control: Admin Approval Mode For The Built-in Administrator Account. This policy applies only to the built-in Administrator account and not to other accounts that are members of the local Administrators group.
  
• User Account Control: Detect Application Installations And Prompt For Elevation. By default, this setting is enabled in workgroup environments and disabled in domain environments.
  
• User Account Control: Only Elevate Executables That Are Signed And Validated. If your environment requires all applications to be signed and validated with a trusted certificate, including internally developed applications, you can enable this policy to greatly increase security in your organization.
  
• User Account Control: Allow UIAccess Applications to Prompt For Elevation. Without Using The Secure Desktop This setting controls whether User Interface Accessibility (UIAccess) programs can automatically disable the secure desktop. By default, this setting is disabled.
  
• User Account Control: Only Elevate UIAccess Applications That Are Installed In Secure Locations. This setting, which is enabled by default, causes Windows Vista to grant user interface access (required for opening windows and doing almost anything useful) to only those applications started from Program Files, from \Windows\System32\, or from a subdirectory..
  
• User Account Control: Run All Administrators In Admin Approval Mode. This setting, enabled by default, causes all accounts with administrator privileges except for the local Administrator account to use Admin Approval Mode.
  
• User Account Control: Switch To The Secure Desktop When Prompting For Elevation. This setting, enabled by default, causes the screen to darken when a UAC prompt appears.
  
• User Account Control: Virtualize File And Registry Write Failures To Per-User Locations. This setting, enabled by default, improves compatibility with applications not developed for UAC by redirecting requests for protected resources.

To disable UAC, set the User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode setting to Elevate Without Prompting. Then, disable the User Account Control: Detect Application Installations And Prompt For Elevation and User Account Control: Run All Administrators In Admin Approval Mode settings. Finally, set User Account Control: Behavior Of The Elevation Prompt For Standard Users setting to Automatically Deny Elevation Requests. Then, restart the computer.



• Control Panel

Group Policy is the best way to configure UAC in AD DS environments. In workgroup environments, administrators can configure UAC on a single computer by using Control Panel. Changes made while logged on as an administrator affect all administrators, and changes made while logged on as a user affect all users. To change the default setting, follow these steps:

1. In Control Panel, click System And Security.
2. Under Action Center, click Change User Account Control Settings.
3. Select one of the following four notification levels:
• Always Notify Me Users are notified when they make changes to Windows settings and when programs attempt to make changes to the computer.
• Default-Notify Me Only When Programs Try To Make Changes To My Computer Users are not notified when they make changes to Windows settings, but they do receive notification when a program attempts to make changes to the computer. This is the default setting.
• Notify Me Only When Programs Try To Make Changes To My Computer (Do Not Dim The Desktop) Similar to the previous setting, but the secure desktop is not used. Disabling the secure desktop reduces security, but also reduces the impact of UAC on the user. This setting is available only to administrators.
• Never Notify Me Users are not notified of any changes made to Windows settings or when software is installed. This causes all elevation-requests to be automatically accepted. This setting is available only to administrators.
4. Click OK.
5. When prompted, restart your computer.


• Msconfig.exe

Msconfig.exe is a troubleshooting tool that can be useful for temporarily disabling UAC to determine whether UAC is causing an application compatibility problem. To make the change, Msconfig.exe simply modifies the registry value. To disable UAC with Msconfig.exe, follow these steps:

1. Click Start, type msconfig, and then press Enter. The System Configuration tool opens.
2. Click the Tools tab.
3. Click Change UAC Settings and then click Launch.
4. Select the desired notification level as described previously.
5. Click OK.
6. When prompted, restart your computer.