Can I disable Windows 7 UAC for specific programs? (keeps popping up)

For a few programs I installed on Windows 7, I
ALWAYS get the User User Account Control popping up every time I run the application
The pop-up with this message: Do you want to allow the following program to make changes to this computer

I am very reluctant to turn off UAC.
Is there some way to disable UAC for a specific program?

Thanks

 

Try UAC Trust shortcut

ITknowledge24 - A Resource for IT Professionals

 

There is a trick with setting up a "Scheduled Task" for an app like this. This allows you to establish higher permissions for an app when it runs. Then you can create a shortcut or shortcut key (I forget the specifics) that would allow you to initiate the task on demand.

There is a thread elsewhere on NBR about this. Search the forums with the Google search option.

Gary

 

Windows 7 allows you to set the UAC to whatever lever you want. Click the start button, type UAC, an option will come up that says: Change user account control options. Click on it. From here, you can use a slider to change UAC to whatever level you want.

 

That is a global adjustment, he wants per application control.

There is a few ways to do it, here is a different one than posted above.

How To Turn Off User Account Control for Individual Programs in Vista | PCs Place

Me personally I would just turn UAC off so that all programs run as admin without any popups.

 

I second this. The usefulness of the UAC is slight at best; I've never seen a situation where the addition of that idiot message prevented a user from installing a virus-infected program or opened an infected file. Clicking "yes" on the thing becomes habit so quickly that you might as well just shut it off entirely. It's not going to do anything more than a good AV with realtime protection will.

 

Then you don't understand what UAC is or does.

Gary

 

Yes, I do. To put it in simple language, it is primarily designed as a means of sorting programs into elevated permission/non-elevated permissions. The idea being that you create a kind of "sandbox" where the non-elevated programs can run without affecting the system as a whole. It's a great theory, but I haven't seen a single report that confirms it makes any lick of difference when it comes to preventing malware.

Here's a quick link: Windows 7 vulnerable to 8 out of 10 viruses | Chester Wisniewski's Blog

There are two key points in that article:

1. UAC on the default level allowed 8 out of 10 viruses to infect a test system.
2. The computer had no AV running at the time; this was a test with solely the UAC.

So. There are two arguments that can be applied here.
- The first is that a higher level of the UAC might prevent more viruses. I would agree to the possibility, but find it hard to swallow that raising the level would take you from 8 infections to 0 (with regards to the test case). Secondly, raising the level of the UAC would cause even more security prompts and make regular tasks an absolute pain. Proof of this from dear Wikipedia (I'm being lazy, but I'll go to the source article if I need to): "By default users are not prompted to confirm actions initiated with the mouse and keyboard alone such as operating Control Panel applets." The words "by default" there imply that higher levels will require such prompts.
- The second argument could be that the UAC needs to be run in conjunction with a good AV to be wholly effective. Doing that, though, would be entirely redundant. I have never found, nor even heard of, a piece of malware that can slip past a good AV but can't get past the UAC. So if the UAC will not catch security risks beyond what an AV+Firewall will; then why even have it running? It becomes a useless hindrance if you do.

If any of this sounds overly hostile, then my honest apologies; I do not mean it to come across that way. If you can conclusively prove that the UAC is in fact a valuable tool, then I will be the first to change my mind. But given the current evidence, I just can't see it as a necessary (or useful) addition to already existing AV/firewall combos.

 

There are other parts of UAC as well. The most important and most useful being the virtualization of both the registry and program files directory. It should never be considered as a replacement for a good AV and firewall. It was not intended to be that at all. It is another layer to a good protection scheme because it protects certain areas of the OS and registry from any apps that don't have proper permissions.

Gary

 

Very true, but that falls under redundancy effect that I mentioned. It's great that it does that; but it's not adding a great deal of security. From my standpoint, if you find it comforting to use, then go right ahead. I personally don't like it because I haven't seen any practical benefits of leaving it on.
One of the first things I do is turn it off, and security hasn't been an issue on my system. I feel that it's a step in the right direction for making Windows more secure (Microsoft has definitely made large efforts in that area), but I don't think it's quite tipped the balance on the usefullness vs practicality scale.

 

Sorry we'll just have to agree to disagree. Just because security hasn't been an issue for you is no justification for suggesting folks turn off UAC. I haven't had a car wreck in 20 years, is it ok for me to stop wearing my seat belts? Yes layering of security is redundancy, that is precisely the point of layered security. The part of UAC you focus on is not virus protection though, it is permissions enforcement. The very sort of thing that has existed in UNIX systems for years. The very sort of thing Microsoft was ridiculed for not implementing long ago.

Plus you are totally ignoring the BENEFITS of registry and program files directory virtualization. Those are very useful, not just protecting the user, they have real world day to day operational benefits for many users.

Gary

 

Can you expound on that point further? Like I said, I weigh such applications on a pro/con basis. At the moment the cons have it when it comes to UAC, but I'm always open to changing my opinions on the system (or any system, really) given the proper evidence.

What practical operational benefits have you noticed?

 

The virtualization of the "Program Files" directory and associated portions of the registry are done on a per user basis. This allows machines in corporate environs and homes to support multiple users in a MUCH better fashion. It insures that each user has their own unique settings and program data files for applications. The application don't even know this is happening, they continue to save things in their Program Files subdirectory like they always did, while UAC re-routes all the reads and writes to a unique per user directory. This is a safety factor as well since it prevents any application from writing to the actual Program Files directory.

To me that is all just icing on the cake, as I actually like the permissions enforcement that UAC provides. But then again, I have always set up NTFS machines with strict security permissions with Admin rights restricted as much as possible.

Gary

 

I also have to chime in here, UAC makes it possible to easily manage a home pc as well. A limited (standard) user needs to install software? Just type in the administrator password for them and your all set. Before, unless one knew about the Run As... command, one would have to log out the standard account, log onto the administrator account, install the software and switch back. There were several procedures (not just program installation) that would force a similar shuffle under Windows XP, often resulting in family's making everyone a administrator on the computer. It also prevented many single users from following Microsoft's own advice to only use a standard account for daily use because of the hassle. Needless to say, it was and remains a bad idea to use an administrator account, and UAC makes it possible for everyone to use standard accounts for daily use.

I think that it'll take many Windows users a lot more time to get used to UAC for several reasons:

They are used to not seeing something similar in Windows. (except for the occasional instances where XP's run as.. pop up actually popped up proactively when trying to install a program on a "limited" account-this rarely (if ever) happens) They are used to feeling "in control at all times" of their computing experience, perhaps more than almost any other OS platform and perhaps see UAC as a way of losing that control, when actually it's providing more granular control to the user.

They don't see the value in it because they are still (no doubt encouraged by MS's decisions during the creation of the Windows OS install routine) are administrators and use an administrator account for everyday computing, They figure that it's pointless to display a popup as "anyone could click cancel or allow, instead of typing a password like XX os or etc." when really UAC works just like those OS's if you use a standard user account.

Many think it's visually jarring to respond to the UAC popup. The reason why it's jarring is because Windows actually switches to the secure desktop to display the UAC popup. If it didn't, malware creators could spoof the UAC dialog box (like they've done with Security Center already) or even create ways to have a system automatically respond to the prompt without user knowledge. That said, if MS smoothed the transition to the UAC box with a snapshot graduated fade out like the one Windows XP uses when a person changes certain display settings or tries to display the shut down options dialog, i think the complaints about this would be eliminated.

Oh and yes, the big elephant in the room: Windows Vista: People heard from both "word of mouth" as well as Apple's advertising that anything that had to do with Windows Vista was horrible, gets in your way, and should be disabled. UAC was no doubt included in this mess. While MS addressed this by giving people a slider, and actually adjusting UAC prompt frequency in Windows 7, I actually preferred how UAC worked in Windows Vista and raised the slider back up to the top.