Security

Selectively disable UAC for your trusted Vista applications

Do you want to selectively disable User Account Control (UAC) for specific programs that run from Vista's Start menu? You can -- Greg Shultz shows you step by step using the Application Compatibility Toolkit.

If you've been reading the Windows Vista Report on a regular basis, you know that I've written several articles about working with Vista's User Account Control (UAC) feature:

While the first two methods essentially remove the UAC prompt altogether for all programs, the third method allows you to selectively remove the UAC prompt for specific programs. However, the third method only works at startup. I really wanted to find a way to selectively disable UAC for specific programs that run from the Start menu.

Well, I recently discovered a copy of a Microsoft Knowledge Base article titled "How To Disable The User Account Control Prompt For Certain Applications" that shows you how to selectively disable UAC for specific programs by using Version 5 of the Microsoft Application Compatibility Toolkit. (The article is no longer available on the Microsoft site.) In this edition of the Windows Vista Report, I'll show you how this method works.

Note: Native Windows Vista applications that require a UAC are immune to this technique.

The Application Compatibility Toolkit

As you may know, the Application Compatibility Toolkit 5.0 is a big program designed to provide a set of tools that admins can use to evaluate and mitigate application compatibility issues before deploying Vista or a Windows Update in the enterprise. One of its features is that this tool allows you to elevate the privileges with which an application runs, thus allowing you to bypass the UAC.

You can begin by downloading the Application Compatibility Toolkit from the Microsoft Download center. Once the download is complete, just click the Application Compatibility Toolkit.msi file, click Run on the Open File Security Warning dialog box, and follow along with the Installation wizard.

Running the Compatibility Administrator

As I mentioned earlier, the Application Compatibility Toolkit is a large program and you will only need to use a small part of the program to disable the UAC for your particular application. Essentially, you'll use the Compatibility Administrator to create a database, then create a record in that database that contains instructions on how to automatically run your application(s) with elevated privileges.

To begin, click the Start button, access All Programs, and then open the Microsoft Application Compatibility Toolkit 5.0 submenu. Then, right-click on the Compatibility Administrator shortcut and select Run As Administrator (Figure A).

Figure A

Figure A

In order for this technique to work correctly, launch the Compatibility Administrator using the Run As Administrator command.
You will encounter a UAC. Once you deal with it appropriately, the Compatibility Administrator window will appear (Figure B). The program will automatically open and select a new database template.

Figure B

Figure B

The Compatibility Administrator allows you to create a database of compatibility fixes that will allow you to run certain applications without an accompanying UAC.
Click the Fix button on the toolbar. When you see the Create New Application Fix wizard, enter information about the application for which you want to disable the UAC prompt. For my example, I have chosen the Vista Shortcut Overlay Remover program, which displays a UAC each time you run it. I filled in the Create New Application Fix dialog box (Figure C).

Figure C

Figure C

Begin by entering information about the application that you want to run without a UAC.
To continue, click Next. When you see the Compatibility Modes page, select Windows XP (SP2), as shown in Figure D.

Figure D

Figure D

On this page, select the Microsoft Windows XP (SP2) option.
Click Next to bring up the Compatibility Fixes page. Scroll down the list until you locate the RunAsInvoker option and select it (Figure E). The RunAsInvoker option will allow the application to run with the same privileges and user rights as those of the parent process, which in this case is the Compatibility Administrator that you launched using the Run As Administrator command. Your application will run with full Administrator privileges.

Be sure to leave all the preselected options as they are. If you wish, you can click the Test Run button to see your application launch without a UAC.

Figure E

Figure E

Selecting the RunAsInvoker option will allow the application to launch without requiring the UAC prompt.

When you click Next, the Matching Information page will appear. Leave everything as it is on this page and click the Finish button.

When you return to the Compatibility Administrator window, you'll see a detailed entry about your application in the new database. Click the Fix button on the toolbar and follow same set of steps in the Create New Application Fix wizard to add other applications to your database.

Saving your database

Once you are finished adding applications, you can save your database. However, keep in mind that once you save your database, you'll be unable to edit the entries. To save your database, click the Save button on the toolbar and assign your database a name (Figure F).

Figure F

Figure F

You'll need to name the database as the first step in saving it.
When you click OK, you'll receive a prompt to save the database file onto your hard disk (Figure G). The default location is in the C:\Windows\System32 folder.

Figure G

Figure G

You can use the same name as you used for the database for the actual file.
To complete the operation, pull down the File menu and select the Install command. A dialog box with a message indicating that the database has successfully been installed will appear (Figure H). Upon installation, Vista adds an entry for the database to Programs And Features, which is the equivalent of Windows XP's Add/Remove Programs.

Figure H

Figure H

Once you save the database, you have to install it before it will function.

Now, click OK and close the Compatibility Administrator. Go to the Start menu and launch your application as usual. Your application will launch without displaying a UAC first.

Uninstalling the Application Compatibility Toolkit

Once you are happy with the way that your UAC-less application works, you can uninstall the Application Compatibility Toolkit if you wish to recover the 25+ MB it occupies on your hard disk. The database that you created will continue to function as a standalone file.

What's your take?

If you're tired of UACs appearing for your trusted applications, are you likely to use the Microsoft Application Compatibility Toolkit 5.0 to selectively disable UACs? Please drop by the discussion area and let us know.

Get Vista tips in your mailbox!

Delivered each Friday, TechRepublic's Windows Vista Report newsletter features tips, news, and scuttlebutt on Vista development, as well as a look at new features in the latest version of the Windows OS. Automatically sign up today!

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

Editor's Picks