Does anyone know of a way to turn User Account Control off with python 3.3 for Windows. Possibly editing the registry? I know this is not reccomended, but for my purposes this would be ideal. Please help!
Asked
Active
Viewed 3,986 times
-2
-
This is an essential part of Windows security. They wouldn't make it that easy. – Mark Ransom Dec 21 '14 at 02:30
-
Yes. But I have turned it off via the command line before using the registry. – Luke Dinkler Dec 21 '14 at 02:33
-
It is not recommended to turn of UAC. Why do you think you need to do this? – Bill_Stewart Dec 21 '14 at 20:20
-
Mostly for automation of system tasks. It's not like UAC actually secures much. Most people just press ok for anything – Luke Dinkler Dec 21 '14 at 20:22
-
You'd be surprised how helpful it is to stop people running as admin when they shouldn't be. UAC is an important part of that initiative. You should consider that maybe your design is broken rather than band-aiding it by disabling UAC. – Bill_Stewart Dec 22 '14 at 02:48
-
@Bill_Stewert You may want to see this thread: http://www.donationcoder.com/forum/index.php?topic=27383 – Luke Dinkler Dec 23 '14 at 02:12
-
@LukeDinkler - read this first - [FAQ: Why can't I bypass the UAC prompt?](http://blogs.msdn.com/b/aaron_margosis/archive/2007/06/29/faq-why-can-t-i-bypass-the-uac-prompt.aspx) - there is some good background in there for the purpose and design of UAC. – Bill_Stewart Dec 30 '14 at 19:26
-
1@Bill_Stewart It is not always best to have UAC enabled. I have Windows virtual machines that download and install our software and then perform automated tests on those installations. The virtual machines are themselves created by automated processes, so there's no point at which a user could click a button in a UAC dialog. I could automate the clicking of the button, but what would be the point? UAC serves no real purpose since the VMs are destroyed after testing. There are real reasons people need to disable UAC and it's not always faulty design. – mttdbrd Apr 03 '15 at 04:30
-
IMO, the automated processes should be designed to run with elevation such that the UAC dialog isn't provoked. – Bill_Stewart Apr 03 '15 at 14:52
-
@Bill_Stewart This doesn't even make sense! Some processes simply require Administrative access, and ALL administrative processes (according to Windows) should be channeled through UAC. – Luke Dinkler Apr 03 '15 at 16:03
-
One example is to configure the process to run elevated using the task scheduler. You can configure a task to run elevated and it will not provoke a UAC prompt. – Bill_Stewart Apr 03 '15 at 16:21
-
@Bill_Stewart I'm sure that you will agree that It is both tedious and unnecessary to configure each INDIVIDUAL process to run from a task scheduler. This is true with my purpose. I need to run over 50 unique admin processes. I'm sure not configuring them, for sure. – Luke Dinkler Apr 03 '15 at 16:24
-
This is not really the right place for an extended discussion for a discussion about the benefits or disadvantages of UAC. – Bill_Stewart Apr 03 '15 at 16:46
-
@Bill_Stewart I apologize for that, sir. – Luke Dinkler Apr 03 '15 at 16:56
-
1@Bill_Stewart And to use schtask to elevate a task with permissions, I need to log into the machine and click the UAC dialog to allow the task to be scheduled with admin privileges. That is a show stopper. What if I decide to change the tasks that run in the VM? I would need to *by hand* log in, modify the task (either through a GUI or on the command line) then click the UAC button. Better to disable entirely. – mttdbrd Apr 03 '15 at 19:58
-
This is not necessary due to the scheduler automation interfaces. But again: This is not the right place to discuss the theory behind UAC. – Bill_Stewart Apr 03 '15 at 22:31
-
@Bill_Stewart I am not talking about theory at all. These are entirely practical considerations. If you can tell me a way to achieve complete automation without clicking a single button that allows me to bypass UAC or to elevate a process, then I'm on board. Disabling UAC is simple enough from Linux. chntpw's reged can set a registry flag to disable UAC. It's 3 lines of code to mount the vm as a network block device, one line of code to disable UAC, then 2 more lines of code to unmount and disconnect the nbd. If you can do it in less than 6 lines of code (no clicking), I'll buy you a beer. – mttdbrd Apr 04 '15 at 15:59
-
This isn't really the right place for this discussion. It's probably more appropriate for serverfault than here. – Bill_Stewart Apr 04 '15 at 16:37
-
@Bill_Stewart Done. http://serverfault.com/questions/680490/correct-way-to-disable-uac-in-windows Show me what you got. – mttdbrd Apr 04 '15 at 22:28
1 Answers
1
Nevermind. I found the solution! I simply created a function that deletes just in case it already exists (otherwise it won't work) and recreates a registry entry. Here it is:
import win32com.shell.shell as win32shell
def disable_UAC():
command1 = 'reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA'
win32shell.ShellExecuteEx(lpVerb='runas', lpFile='cmd.exe', lpParameters='/c ' + command1)
command2 = 'reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f'
win32shell.ShellExecuteEx(lpVerb='runas', lpFile='cmd.exe', lpParameters='/c ' + command2)
Luke Dinkler
- 731
- 5
- 16
- 36
-
-
@mttdbrd That is to run the command. When you click 'Yes' to run the commands (both times) the basic UAC prompt will be disabled. (Most likely after a reboot) – Luke Dinkler Apr 02 '15 at 02:09
-
@mttbrd The warning dialog is being opened because of runas, which makes this an administrative command. – Luke Dinkler Apr 02 '15 at 02:20
-
I wanted a totally automated solution. I found chntpw, a Linux command. I need the Windows VMs I create to have no UAC. With chntpw's reged I can just overwrite the registry key after mounting the Windows vm as a network block device and i don't have to deal with Windows at all. Much better. – mttdbrd Apr 02 '15 at 02:24