Disable remote UAC in Windows Vista and Windows 7

In earlier versions of Windows, if you had files or folders with NTFS permissions assigned to the “Administrators” group (i.e., “Administrators” are allowed to edit the files but other users are not), they applied to all users in the Administrators group like you would expect.  In Windows Vista and Windows 7 (with UAC enabled), a process must be elevated and be running as a user in the Administrators group to be given these permissions.  This is fine when you’re dealing with stuff on your local machine… when you try to do something with a file that you need administrative permission to do, Windows just prompts you to elevate, and you may get a UAC prompt depending on your system settings.

But if you are dealing with stuff on a different machine, perhaps by Windows file sharing, there’s no way to elevate yourself.  So, if you are trying to access a shared folder that only “Administrators” are allowed to access, even if you are a member of the “Administrators” group, you will not be able to access it.

The fix for this is to disable remote UAC processing.  With this disabled, users in the “Administrators” group will be able to do what they have permission to do without elevating, if they are accessing the machine over the network.  To do this, create the following DWORD registry value (if it does not exist already):

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy

Set the value data to 0 to disable remote UAC processing and to 1 to enable it.

The reason I wanted to disable remote UAC processing is so that I can access the contents of local backups created by Windows Backup on Windows 7 remotely.  Windows automatically restricts access to the backup folder it creates to the “Administrators” group.  Even if you change the permissions, they will be reset next time the backup runs.  But I imagine that there are a number of situations where this would be helpful.

For more information, see this MSDN article.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\LocalAccountTokenFilterPolicy

One thought on “Disable remote UAC in Windows Vista and Windows 7”

  1. Article: Increase the number of pinned items allowed in the Windows 7 taskbar jump lists

    Your article does not say what to do if the number of recent programs to display: is grayed out. What do you do about that?

    Ron McDade

Leave a Reply

Your email address will not be published. Required fields are marked *

*