Make yourself a real administrator in Vista
One of the new things which were introduced by Windows Vista is brand new user accounts management, which allows system administrators to create various user accounts with strictly limited permissions. This may be handy for someone in net café or parents who want to protect the computer from their children, but it may cause also a lot of troubles for more experienced people.
The problem of UAC in Vista is that even if you set yourself as the administrator, you won’t be able to do some simple tasks and you will be still swamped by a lot of useless dialogs and confirmation windows. I’m talking avout prompts for folder/file permissions errors sometimes or you’ll need to right click and select “Run as Administrator” for most applications to work/install correctly. That’s because Microsoft made the administrators accounts (in local administrators group) run as standard users, unless we give permissions for every and each administrative tasks, with a little difference when UAC is turned on/off.
Here’s the simple solution: Remember that cute “Administrator” account you see when you login to safe mode? That’s the built-in administrator account that’s installed by default, and disabled by default too, after a little digging-in I made this tutorial that’ll let you enable and use this account in normal mode, and with a little other tweak, enjoying an XP-like administrator experience, while UAC is left ON (or off, it doesn’t matter), but with no prompts or right clicks.
1- Click Start, and type “secpol.msc” in the search area and click Enter.
2- You may receive a prompt from UAC, approve/login and proceed.
3- In the left list, choose “Local Policies”, then “Security Options”
4- Set “Accounts: Administrator account status” to Enabled.
5- Set “User Account Control: Admin Approval Mode for the Built-in Administrator account” to Disabled.
6- Now log-off, and you’ll see a new account named “Administrator” will be available, click on it to login.
Now you are the master of your domain! I recommend if you’re going to use this method is to apply it as soon as you do a fresh install of Windows, so you can simply delete whatever administrator you created in the setup process, and make this one the “real” administrator for your PC, also you can rename this new admin account or change its password like any other account from “User Accounts” in the Control Panel. I’m sure many of you will be happy to have 100% power over their new operating system (thx Tantawi for this tip).
i dont have vista
It’s really not recommended to use Vista this way. The UAC was put there for a reason
UAC is a pain in the ass if you’re a power user, I didn’t even give me permission to run files from my other partition without being asked for a password first. Disabling it was the first thing I did after install.
Linux uses this method of admin permissions to great effectiveness in fairness. It is there for good reason i.e security.
yup,like Kare and Ilb said, protection is there for a reason.
I cant wait to see first person who disables UAC, breaks their OS and complains how shitty Vista is
whatever powers you have, your virus(es) can take hold of.
of course it’s there for a reason. otherwise microsoft wouldn’t have put ot there. the thing is, it’s annoying as hell. and if that doesn’t get changed, it can have all the reason you want, it won’t get accepted by the community. easy as that.
and do you know exactly WHAT the reason is? or do you blindly follow microsoft ‘propaganda’?
Finally someone did it! Thanks a lot!
It’s always a pile of shit if your computer tries to be smarter than you and thinks it has to protect you from yourself.
It’s as simple as this, if you know so little that you should be running in a loew privilage mode, DON’T BUY A COMPUTER.
Vista’s new security features do NOTHING to make your pc more secure from attackers, but they sure as hell make it harder to manage and maintain your pc.
It’s there for a reason, it’s there for a reason blah. Show me your microsoft certs and then I’ll give you the time of day.
Great guide Martin.
yeah great guide Martin!
i’m Mac User, i was thinking of installing vista on parallels so the tip will come in super handy:) great for the real users out there too…. but i’m going to wait until SP1….
nuff love rlslog!
Thanks Marting for publishing it
I hope I was helpful!
This is seriously a bad idea and I frown upon the writer/submitter of this article. This is taking a step backwards for windows. For far too long *nix users have been gasping at windows users for being given full admin rights - and for a good reason too- the spyware and malware boom post XP could have been nipped in the bud if Microsoft had discourated Admin rights since then. The first thing a Linux user comes across when setting up the system is how the distro/installer explains the importance of admin account and why its not a nice idea to do day-to-day activities as admin. This has been the key to linux’s security.
Look at how uneducated users and developers are when it comes to Windows and User Acess Rights. Fortunately though, popular software have been improved to take into consideration the LUA (Limited User Account) and doesn’t expect that you have to be an admin at all times. But there still are those old stubborn apps that might requre Admin rights, but you could quickly press Win+L and switch to Admin, or use RunAs.
But can you do everything and can you also be secure when you’re in a LUA? Yes. With the help of a couple of thirdparty tools, you can lockdown your XP system to be as secure as Vista’s UAC. These two tools are DropMyRights and MakeMeAdmin (gui alternative: SuDown).
DropMyRights has become quite popular. Just edit your unsecure program’s shortcut to add dropmyrights at the starting, and bingo, your app runs at lower privilidges. Set it to IE for example, and you could surf all the malware sites you like and you won’t get infected at all! Its been tested countless times, check out the website for more details: http://www.securityfocus.com/infocus/1848
Now a program thats opposite to DropMyRights is MakeMeAdmin. I guess the name tells everything. Gives your account temporary admin rights. A little less secure than RunAs, but if you want your to install the app to your own user profile instead of the admins’.. Anyways a GUI alternative to MakeMeAdmin is SuDown. Works sorta like Right Click -> RunAs.
Why am I telling all this? As in, how is it relevant to Vista? Well you could use the same principles in Vista if your having problems with UAC. Until the compatibility issues with UAC are sorted out, instead of running as a full Admin, I recommend working as a Limited User and using DropMyRights/MakeMeAdmin/RunAs (or sysinternals PsExec).
Finally, the problem comes as both Windows users and developers suddenly awaken to all this LUA/UAC/ACL stuff. Power users feel insulted and/or inconvenienced to run as a Limited User, and developers are yet to fully upgrade their apps for the changes. Blame Microsoft for all this.
I can hear the *nix users sniggering in the background: “I told you so!”.
Xp > Vista
Blah just another reason for not buying that crappy Vista. XP ftw!
Thnx Martin… But i this post kinda late for me.. considering due to the UAC controls made me re-install XP over VIsta.. Shyame..
Guess its for the best.. Vista so not cool.
[deXter]: you are right on the spot there!
The fundamental problem is that people want an OS to be exactly like what they’re use to, yet be different and better at the same time. These are the same people that would use this method and then bitch about how “Vista is an unsecure piece of crap.”
If you use *nix you get very use to having to type in a password for performing tasks that have system-wide consequences. That’s just the way it is, and you learn to find it normal.
As for these new Vista users that find the UAC annoying, they should get use to it rather than finding ways to circumvent the layer of protection it offers. To me it’s the same as disabling your firewall because you’re too lazy to deal with the alerts it generates.
How about just turning UAC control off for users, will do you the same
quite simply, run as a user and you’ll only get your account owned. run as administrator and get your entire box owned.
“It’s as simple as this, if you know so little that you should be running in a loew privilage mode, DON’T BUY A COMPUTER.”
if you know so little that you don’t understand why running everything as root is a bad idea, DON’T RUN AS ROOT.
There is no reason for anyone to be using Vista at this point, except for curiosity.
Only after SP1, at the end of this year, is it going to be mildly interesting, but certainly not a necessity.
Indeed, XP>Vista
Im a genius in the programming field having created my own antivirus/anti-spyware/firewall/ipblocker and creating my own OS. The UAC does nothing for users except to make it harder for the users. Look up the coding behind vista it doesnt affect anything outside the user so it does nothing for people getting into ur computer and messing it up. I Repeat IT DOES NOTHING TO GIVE YOUR COMPUTER MORE PROTECTION FROM ANYONE ELSE EXCPET THE USER. It was put there only to give the user the appearance of being more secure. i dont know who the —- told anyone that having no access to ur OWN computer benifitted anyone in any way but they are DEAD WRONG. If u are that freaking cautious then please dont buy a computer and if u have one which i assume u do then please ddestroy it. Vista is a great OS just Microsoft tried to be to catious and in Vista. They crossed the line of being paranoid about computers.
There are 2 types of computer users: people who know how a computer works (Type A) and people who don’t know how a computer works (Type B). When Type A encounters any pop ups that asks him to execute an action (install/delete/whatever), he knows what’s going to happen. UAC is a nuisance to him. When Type B encounters the same pop up, he freaks out and clicks cancel. He might call up a Type A and asks what to do, or go online and do a search if he is cautious. UAC protects Type A people from Type B’s he shares the computer with. UAC also protects Type B’s from themselves.
UAC is useful but badly presented.
thank you for the great work, if your incapable of making a decision on your own and require your OS to make doing anything a pain in the ass just so u wont do anything at all and possibly reduce the risk of breaking something, disreguard this tweak, but dont flame it. for any savvy computer user looking to do more with their system than click through endless “are you sure you really want to open the next pop up that will ask you if you are ready to look at an app that was blocked from the internet so u can decide if you want to unblock it and get 20 more pop up prompts which you must click through in otder to use the app you just installed” prompts, this is a perfect tweak. so shut up if you dont like it and go away. no one cares if your too afrade to use ur computer, real users want the power to control the things they pay money for. once again, thak you for the exelent mod, im a system builder and ive used it on several systems so far, works like a charm, kudos.
Computers are meant to be *productivity* tools. If my computer is getting in the way of my productivity, I’m gonna switch off the annoying stuff, simple as that. Frankly, if that makes my pc a bit more prone to malware, then so be it. It’s never caused me a problem in the past. I’ve always taken reasonable precautions against such things (firewall/av/anti-spy etc), so why not have the choice to switch this obstructive UAC off? It’s only power users who’ll seek out this kind of article, so what’s the problem? It’s not like my Granny, who doesn’t run the tightest security ship in the world of home computing, is going to scour the Net in an effort to disable UAC on her new Dell Dimension, is it?
okay… im having this very annoying adminstrative problems with my vista… its telling me im not the adminitrator and not letting me change the settings, etc. i tried searching for secpol.msc, but my laptop says nothing by that name can be found! im getting so annoyed. i keep asking for help at various places like his and am getting NONE. ajfajfs.
thats cos your ghey.
Admin is safe? HA, my ass! just force a vista computer to start in safe mode and you got access to admin account without password! just fallow his steps and and add a password to the admin account and you will be alot more safer!
Look when I cant change my menus then this is a piece of crap.
Is MS really saying I need protection from myself when I want to edit the start menu?
Some of us know what were doing and don’t need big brother telling us what we should and shouldn’t do. If I screw up my computer I have a disk to rebuild it. MS should learn to leave some things alone.
I love how everyone starts chiming in about how ‘in *nix it works like XYZ!!’ Guess what guys, there is a reason Microsoft has mopped the floor with hard to use and user unfriendly software for years and will continue to do so in the forseeable future in the client space. It isn’t unfair business practices despite what you may think, it’s that it strikes a pretty good balance. You can install it for grandma to get pics of the kids and if you want to get obscure and arcane, you can do that too. But you don’t need to be a friggen engineer on the command line to make it do those things. If you like dinking with your computer more than you like -using- it I suppose *nix clinets are right up your alley. Yes, there are certainly niche applications you just can’t get in the Microsoft world, primarily in networking, but for the vast majority of us, ‘it works that way in *nix’ is really not a good selling point. You open source guys have just been jealous of my rights to modify files in the ‘Program Files’ directory for years, and now that I’m trying to get them back you are out of the woodwork telling me that I should to go to your method because it’s ‘better’. Same song, different words. We still aren’t listening.
pls help
i tried typing tht spcol but nothing showed
why is this happening?