A User Account Control (UAC) that has appeared in Windows Vista is a great security solution for Windows OSs allowing to protect a PC from a number of threats, like viruses, trojans, worms, rootkits, etc. When the UAC is enabled, a system asks for a confirmation of any action performed with the administrator privileges.
Some users find the popping up UAC windows annoying, and they prefer to disable this feature in their system though Microsoft and the information security experts strongly do not recommend it.
Today we’ll show how to disable UAC for a specific application without totally disabling it. To do it, we’ll need Microsoft Application Compatibility Toolkit 5.6, than can be downloaded here: http://www.microsoft.com/en-us/download/details.aspx?id=7352.
There is nothing special in the Application Compatibility Toolkit installation, so we won’t describe it.
After the ApplicationCompatibilityToolkitSetup.exe (12.2 MB) has been installed, two versions (32- and 64-bit) of this tool appear in the system. If you have to disable the UAC of a 32-bit app, you have to use the 32-bit version of the Application Compatibility Toolkit (and vice versa).
Let’s configure the registry editor (regedit.exe) to launch without User Account Control request.
In the following window, enter the name of the application (regedit), the vendor name (Microsoft) and the path to the executable (C:\Windows\System32\regedit.exe).
Omit the next window (Compatibility Mode) of the configuration wizard by pressing Next. In Compatibility Fixes window, check RunAsInvoker.
If you wish, you can make sure that the application can run without UAC by pressing the Test Run button.
Click Finish and specify the name of the file the compatibility fixing package has to be saved to, e. g., regedit.sdb. This file contains the guidelines on how to run the app with the definite privileges.
Now you only have to apply the compatibility fixing package to our application. You can do it either from the Compatibility Administrator console (choosing Install in the menu) or from the command line. To do it, start the command line as the administrator and run the following command:
sdbinst -q c:\tools\regedit.sdb
If you have done it right, a message of successful package installation appears.
Installation of regedit complete.
After the package has been installed, the corresponding record appears in the list of the installed Windows programs (Programs and Features).
Now try to start the application normally. It should start without a UAC request.
Later this compatibility fix can be propagated to all corporate PCs using the group policies. Thus you can disable User Account Control (UAC) checks for the definite applications in the whole Active Directory domain.
To remove the compatibility fix, run the following command:
sdbinst –u c:\tools\regedit.sdb