INTRO: One of the main features of Windows Vista is the new user accounts security enhancements, but sometimes, defaults don't meet everyone's taste when it comes to how we deal with our PCs. I for one, always used full administrator accounts since I first knew what a Windows user account is, and never been hit by a virus/spyware/crap, using common sense, updated AV software and a decent firewall, so I don't want to give permissions to myself or face strange error messages every time I do a simple task on my computer.
We know UAC feature in Windows Vista, and we all know how to disable it, this is not the purpose of this thread, because even after you disable UAC, you'll have other prompts about folder/file permissions errors sometimes (I faced it in strange, unexpected occasions, like deleting an empty folder for a program left by the uninstaller), or you'll need to right click and select "Run as Administrator" for most applications to work/install correctly.
That's because Microsoft made the administrators accounts (in local administrators group) run as standard users, unless we give permissions for every and each administrative tasks, with a little difference when UAC is turned on/off
Enough talking, let's get our hands dirty ...
Remember that "Administrator" account you see when you login to safe mode in XP? That's the built-in administrator account, installed by default and disabled by default too. this tutorial will let you enable and use this account in normal mode, and with a little other tweak, enjoying an XP-like administrator experience, while UAC is left ON (or off, it doesn't matter), but with no prompts or right clicks.
For Windows Vista Ultimate/Business/Enterprise:
1- Click Start, and type "secpol.msc" in the search area and click Enter. (You may receive a prompt from UAC, approve/login and proceed)
2- In the left list, choose "Local Policies", then "Security Options"
3- Set "Accounts: Administrator account status" to Enabled.
4- Set "User Account Control: Admin Approval Mode for the Built-in Administrator account" to Disabled.
For Windows Vista Home Basic/Home Premium:
1- Click Start, and type "cmd" in the search area, right click on "Command Prompt" and select 'Run as Administrator".
2- In the command prompt type "net users Administrator /active:yes" (Note the capital "A" in Administrator) and press Enter, you will get a confirmation as "The command completed successfully".
3- Click Start, and type "regedit" in the search area and click Enter, navigate to: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Syste m]
Double click on "FilterAdministratorToken" and set it to "0"
Log-off, and you'll see new account named "Administrator" is available, click on it to login.
Now you are the master of your domain! I recommend, if you're going to use this method, to apply it as soon as you do a fresh install of Windows, so you can simply delete whatever administrator you've created in the setup process, and make this one the "real" administrator for your PC, also you can rename this new admin account or change its password like any other account from "User Accounts" in the Control Panel.
NOTE: disabling UAC takes Vista's IE7 Protected Mode with it.
This basically lowers IE7 to a Limited User (lower than the Semi-Admin you're logged in with). This is something IE7 users may not be aware of, even if you enable Protected Mode from Internet Options it stays disabled (just like UAC). However, there is a fix.
If you want UAC disabled but Protected Mode on use DropMyRights which was written for XP but works just the same in Vista, not only that but using it actually turns Protected Mode back on (i.e. instead of saying Protected Mode: Off it will say On). Therefore proving Protected Mode and DropMyRights are on and the same thing.
What is DropMyRights I hear you say, read on:
http://msdn2.microsoft.com/en-us/li...
It was written by a Microsoft Security Engineer but isn't officially supported. use the /c switch to make it even more secure. I've been using it for months and bar ActiveX installs (which need admin rights) not one website has fallen over. You can prove it works by trying to save a file into the SYSTEM32 folder, it won't let you.
The great thing is it's completely seamless, works on XP or Vista (probably 2000 too) and lets you get the good bits out of UAC without the bad. Just set the shortcut for each Internet enabled program to use it and make sure you choose Open "Minimized" and it's seamless.
