Securing Windows With Password for UAC (A Pseudo-Sudo for Windows)

One of the most loathed attributes of Linux is security and the concept of root user,access rights for different user is a key to Linux’s Security. After I got my new laptop , I ran into a lot of issues with linux ,especially the drivers. Starting from the graphics drivers, sound drivers , to hotkeys, backlight control has issues. They never worked. So I decided to switch to Windows 7 as my primary OS and install Linux in a virtual machine. The one feature that I missed badly was the regular prompt for my password in linux which gave me a sense of security at-least from the hungry claws of my friends who eagerly wait for a chance to grab my laptop , screw up the settings and play a game of hide and seek with my files and end it with a “Guess The Password” game. For this very reason , I wanted some sort of password protection in windows , which would work like sudo , prompt me a password whenever settings / apps have to be started with admin privileges.So after a few seconds of Google-ing , I found out that Microsoft had an option to prompt for the password instead of the useless UAC dialogue box. In Windows 7/8 Professional/Ultimate , it is available in the security policy control panel. For others you need to change a registry value via Regedit.

 

Steps 

1) Go to Run (Win+R) and type “regedit” in the box.
ebf80-run
2) In the bar on the left, navigate to
 HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System
Click on System.
3)The registry key that we need to change is ConsentPromptBehaviorAdmin:
The key for that is :
0 = Elevate without prompting
1 = Prompt for credentials on the secure desktop**
2 = Prompt for consent on the secure desktop
3 = Prompt for credentials
4 = Prompt for consent
5 = Prompt for consent for non-Windows binaries
In our case , we need to set it to 1.
ca7ff-regedit
4)So right click on ConsentPromptBehaviourAdmin->Modify
Check Hexadecimal and set the value as 1.
Now exit the editor, logoff , restart the computer. The next time Admin privileges are required , it will prompt you for the password like below
63c38-popupnotifier_-_uac
Although , this is can be by-passed by certain software , your friends can’t bypass it . So  
Do Lock your computer whenever you are letting it alone!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s