Control User Account Control Through The Local Computer Policy
- 0
- Add a Comment
User Account Control (UAC) is the feature that lets Vista run more reliably without giving the user local admin rights to the system. This does result in some additional dialog boxes and warnings that pop up for users but in the end reduces the damage that malware can do to a computer.
User Account Control is enabled by default in Vista. Microsoft recommends leaving it enabled to protect against the installation of malicious software. The Security Center will indicate whether UAC is turned on.
Further to enabling/disabling this feature, you can control the behavior of UAC through the local computer policy. Open the Local Computer Policy and navigate to the following locations: Local Computer Policy \ Computer Configuration \ Windows Settings \ Security Settings \ Local Policies \ Security Options.
The following policy settings are available:
- User Account Control: Admin Approval Mode for the Built-in Administrator Account - The default value for the UAC policy setting is Disabled for new installations and upgrades when the built-in Administrator is not the only active local administrator account on the computer.
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode - This security setting determines the type of prompt an admin-level user will receive when they attempt to perform an admin-level task. The default value is Prompt for Consent. You can increase security by setting the value to Prompt for Credentials. Doing so means the admin-level user will need to enter their admin-level username and password.
- User Account Control: Behavior of the elevation prompt for standard users - This security setting determines the type of prompt a standard user will receive when they attempt to perform an admin-level task. The default value is Prompt for Credentials. You can increase security by setting the value to Automatically deny elevation requests. Standard users will then have to perform admin-level tasks using the Run command or by logging in with an admin-level account.