Tuesday, September 25, 2012

Always Elevated Privileges in Windows 7

As a developer I usually need to execute lots of commands and programs that require administrative privileges. Although my Windows user is in the Administrators group I always needed to do "Run as administrator" on command prompt, text editors and other applications that required privilege elevation, even if they were created by me or by programs that I launched!
After digging a little through Windows permissions system system I found out that in order to improve security and minimize virus propagation risks, the windows team has decided that even if you are in the administrator group, and even if you are the Administrator, there is better to explicitly grant yourself the rights to do elevated privileges in an interactive way, so that underground malicious programs would not be able to go through without you knowing this.
That said, I am quite sure that an experienced user can do fine even without this kind of assistance, especially in corporate environments where almost everything is filtered and secured.

So, to grant yourself elevated privileges without prompt you need to:
1. open security policy configuration, by typing in the command prompt:

%windir%\system32\secpol.msc /s

A window titled "Local Security Policy" should open as below:


2. Navigate to the Security Options node:


3. On the right side click on the "Policy" table header at the top to order alphabetically the entries so that you shall have all entries starting with "User Account Control" easy to spot.

4. Select the entry called "User Account Control: Run all administrators in Admin Approval Mode":


5. Here it is all. When activated, this option instructs Windows to ask for your permission every time when elevated privileges are required, even if you already own them. Double click on the entry and set this option to Disabled. It will require you to  restart Windows in order to get effective:


As a bottom line, be sure that you know what you are doing, as this will downgrade your system's overall security.

Good luck!

2 comments :

  1. Thank you for your suggestions. I'll go try them right now as this is EXACTLY what I have been looking for.

    ReplyDelete
  2. This is a good solution for system wide changes.
    I have the issue of needing to elevate a discrete application (or short cut) without end user (standard user) intervention with UAC.

    ReplyDelete