Skip to content

How to Add Another Layer of Security in Windows 7 by Modifying User Account Control (UAC) Settings?

By Codrut Nistor

Posted in How-to, Windows-7

Many people think that User Account Control is not mandatory and it is quite disturbing when a user needs to do some administrative tasks. In terms of security however this is not true. User Account Control is a feature which was introduced in Windows Vista and now it is carried forward to Windows 7 and Windows server 2008. Because of User Account Control your computer remains safe from harmful virus attacks. Also a Windows 7 computer is protected from malicious running scripts which are written by destructive users in order to harm the computers of other users.

User Account Control has two types of prompts and are initiated at different credentials. This means that if a user is logged on with an administrative credential he will receive Prompt for Consent. In this prompt a user needs not to provide password if he wants to perform any administrative tasks. Instead he just has to click on "Yes" button to approve. On the other hand if a user is logged on to the Windows 7 computer with user credentials or limited access he will be presented with Prompt for Credentials in which the user has to provide administrator's password in order to perform any administrative task.

You can add an extra layer of security by configuring Windows 7 to prompt for credentials even when a user is logged on with administrative credentials. To do this you need to follow the instructions given below:

  1. Click on "Start" button.
  2. At the bottom of start menu in search box type "gpedit.msc".
  3. In the "Local Computer Policy" snap-in under "Computer Configuration" expand "Windows Settings".
  4. Expand "Security Settings".
  5. Expand "Local Policies".
  6. Select "Security Options".
  7. In the right pane double click on "User Account Control: Behaviour off the elevation prompt for administrators in Admin Approval Mode".
  8. In the opened window from the drop-down list select "Prompt for Credentials".
  9. Click on "Ok" button to accept and confirm your selection.
  10. Close "Local Computer Policy" snap-in.
  11. Click on "Start" button and go to "All Programs".
  12. From the list select "Accessories".
  13. Right-click on "Command Prompt" and select "Run as Administrator".
  14. In the "User Account Control" dialog box click "Ok" button to allow Windows to use your administrative credentials to run the program.
  15. In the "Administrator: Command Prompt" window type "gpupdate /force" (without quotes) and press enter key.

With the help of this method any malicious will not be able to run because it will ask for the password every time administrative privileges are required. This setting also ensures that if an administrator of Windows 7 computer wants to install any application it is a willful activity and is intended.