My Vista adventure has been going for a few days now and I’m very tired of the User Access Control (UAC) prompt. Whilst I do appreciate the added security afforded by this ‘feature’ I’m finding it difficult to live with.
Turning off UAC isn’t a real option. If I (could afford and) bought a Porsche I’d wouldn’t want to drive around in 1st gear all the time. UAC is a valuable feature (that I paid for) so I want the facility… just without the pain. Reducing UAC’s interference is the desired outcome and I found a handy article on exactly this on PTFB Pro’s Vista notes.
Unfortunately, for us mere Home Premium users, the article refers to the Windows security configuration tool ‘secpol.msc’ which is only available in more expensive versions of Vista (‘Business’ only, I suspect). However all is not lost. There is another, albeit more convoluted way, of changing the required settings. It is the snappily named ‘Security Configuration and Analysis’ tool… just roll’s off the tongue, don’t it.
The main purpose of this tool is to allow for the creation of a specific set of settings for any Windows installation, the application of those settings to a specific installation and then the subsequent monitoring of those settings over the life of the installation. The settings control lots of Windows’ under-the-hood features and security from required password length and age to auditing to registry permissions.
The ‘Security Templates’ tool lets an administrator create the set of settings and save these (as .inf files). These settings are then loaded into the ‘Security Configuration and Analysis’ tool to create a ‘database’ of settings. The settings can then either be applied to an installation or checked against the existing settings of the installation or, more commonly, both. The admin applies the settings then monitors them over time to ensure the installation is still configured correctly.
Let’s get started with these tools:
- First, start with an empty Microsoft Management Console (MMC) by opening the ‘run’ command and typing: mmc
- Click OK
- Open the File menu and select Add/Remove Snap-in…
- Add the ‘Security Configuration and Analysis’ and the ‘Security Templates’ snap-ins
- Click OK
Now you have a console with tools able to configure settings that are controlled using ‘secpol.msc’ in other Windows versions. Just a couple of more steps and you can go back to the steps in the PTFB Pro article.
- Create a new security template by right clicking the ‘Security Templates’ snap-in and selecting New Template, save it wherever you like but the default location is probably best (\Users\<username>\Documents\Security\Templates).
- You can set the desired settings here if you want to use the configuration on other machines. Don’t forget to save the template if you do configure the settings (right click the tool and select Save)
- Load the template into the ‘Security Configuration and Analysis’ tool by right clicking that tool and selecting the somewhat mis-named ‘Open Database’ (it can also create a new database)
- Type in a name and select a location, again the default location is probably best
- Click Open, this will create a new database with all the settings unset (unless you chose to set some settings in the ‘Security Templates’ step, above)
- Set the settings as per the PTFB Pro article.
- Save the database by right clicking the tool and selecting ‘Save’
- Apply the settings to Windows by right clicking the tool and selecting Configure Computer Now…
- Analyse the settings by right clicking the tool and selecting Analyze Computer Now…
If you now go and look at the settings you’ve configured you can compare them against the installation’s actual setting (there should now be an extra column named ‘Computer Setting’).
The ‘Security Configuration and Analysis’ tool can be a little confusing at first but it can also be a powerful ally when it comes to configuring Windows and making sure those settings stay set as intended.