The main gist: keep it enabled if you want to be protected
User Account Control is one of those features in Windows that many people really don’t understand. Most people just find it annoying that you keep getting pop up dialogs asking for permission to do things like install apps, change settings, etc., etc. A lot of people even disable UAC just so they don’t have to be bothered with it.
Well first off, you should read the excellent guide written by the How to Geek on why it’s not a good idea to disable UAC in Windows 7. Now their article generally says you shouldn’t disable UAC and I completely agree with this view.
However, in Windows 10, there has been a major change in the way UAC works and it’s now designed to keep your computer secure even if you “turn off” UAC. I’ll explain more about that how that works in this article.
First, let’s understand a little of what UAC does. I won’t go into great detail since you can read the above-mentioned article to get more details. Basically, when you log into your computer as an Administrator, the apps running on your computer don’t have Administrative privileges like your account.
Instead there is something called an integrity level. The highest integrity level means that an application will have full administrator access. A medium integrity process will have the same access as a standard user account with limited privileges.
In Windows 7/Vista, disabling UAC is really not a good idea because all processes then run in the highest integrity level, which means if you catch some malware while using IE, the malware will have full administrator access to your system just like IE does.
However, this all changes in Windows 10. In Windows 10, you can’t even disable UAC without a registry hack or modifying group policy.
In Windows 7, if you go to Control Panel, click User Accounts and then click on Change User Account Control settings, you can drag the bar all the way to Never notify.
You can also go to this same dialog by following the same path in Windows 10. Here’s the difference: in Windows 7, UAC actually gets fully disabled. In Windows 10, UAC is not turned off, you just get no notifications.
To be exact, the UAC service keeps running and all elevation requests by administrators are auto-approved whereas all elevation requests by standard users are auto-denied. So, how can you really disable UAC?
Firstly, the reason Microsoft has done this is because there is a new security feature in Windows 10 for Universal Store apps called AppContainer that really restricts what areas of the operating system the apps can read and write too. When you really disable UAC in Windows 10, you can’t run any apps from the Windows store! Yes, you heard that right!
If you disable UAC in Windows 10, you will not be able to run apps from the Windows Store (Universal apps). Instead, you’ll get a nice dialog saying “This app can’t open. App can’t open while User Account Control is turned off“.
So, with that in mind, how do you disable UAC in Windows 10? The easiest and best way is to edit the local security policy. You can do that by clicking on Start and typing secpol.msc. Expand Local Policies and then click on Security Options.
Scroll down to User Account Control: Run all administrators in Admin Approval Mode. It should be Enabled by default. If you want to disable UAC, double-click it and choose Disabled.
If you are not able to edit the local security policy, you can also change the value in the registry (click on Start and type in regedit).
You have to go to the following registry key:
Find the EnableLUA key and change the value to 0, which disables UAC. The second you make that change, you’ll see a message from Action Center saying you have to restart to disable UAC.
So, permanently disabling UAC in Windows 10 is also a bad idea. However, moving the slider bar all the way down to Never notify is actually not so bad anymore as it used to be. Now instead of UAC actually being disabled, you’ll just get less prompts and all of the processes will run in the appropriate integrity level based on the initial request.
This means you don’t have to worry about a process having elevated permissions anymore in Windows 10! Only by disabling UAC via the methods above will you get the same effect as disabling UAC in Windows 7 where all processes run in the highest integrity level.
So without having to disable UAC, how does an app run with the highest integrity level in Windows 10? Well, it actually has to request permission in the code, which means a lot of programs are not going to work well with Windows 10 unless they rewrite the code to properly ask for permission.
In conclusion, remember that no matter what you read online, moving the slider to Never notify in Windows 10 is not turning off UAC. Secondly, moving the slider all the way down is not as dangerous as it used to be in Windows 7 and Vista.
If you really don’t want those prompts, this is the best option while still keeping your system safe. Lastly, if you really want to turn off UAC in Windows 10, use the methods above, but remember you won’t be able to run any Windows Store apps.
If you have any questions about UAC in Windows 10, please post your comment here and I’ll try to help. Enjoy!