Disable UAC for standard accounts in Windows 10 (Please read full post before replying. Thanks.)

Thanks again Richard. I appreciate your help. I've now solved the problem. What I did was to download the Compatibility Assistant from MSDN, and created and installed a .sdb compatibility shim, with the setting "Run As Invoker". Everything now works exactly as it did under Windows 7. Thanks again. Ian

Thank you for your response, but I was not able to use an app manifest as I had no access to the source code. I've now solved the problem. Please refer to my response to Richard Deeming's reply if you'd like to know how I did it. Thanks again.

Thanks for your reply, Richard, and apologies for taking so long to reply. Unfortunately I didn't get a notification. Unfortunately, the "Do not store password" option probably won't work, because it will then request an admin password whenever the app is started. I'll have a look through the other links you've supplied. It looks like quite a steep learning curve, but I guess nothing worth doing was ever "easy"! ;-) It amazes me that no one has found a way to totally disable UAC in Windows 10 yet. It seems to be something that a lot of users need to do in order to provide backward compatibility for "badly written" old apps. It's all very well Microsoft trying to push us towards better security practices, and I agree that we need eventually to rewrite some of those dodgy old apps, but I don't know any company which can afford to ditch 15 years of R&D and go back to the drawing board in the few months we're being given, especially with the Intel gen7 processors refusing to install any older OS!

OK... Here's the issue: I've been tasked with migrating my company's kiosk music system from Windows 7 to Windows 10. We currently have about 40 machines out on rental. The machines are not internet-connected, and the kiosk launcher runs in a restricted "standard" user account, and uses Parental Controls and Group Policies to maintain its security. I'm currently rewriting the launcher shell in C#/.NET 4.6.2 following MS current security policy guidelines. The main music player app and its registration plugin were written (not by me!) nearly 10 years ago for Windows Vista, and needs read/write access to several files in %programfiles% folder and to registry keys in both HKLM and HKCU. We no longer have the original source code, and the company will not authorise a complete rewrite (despite my protestations!). In Windows 7, I simply disabled UAC across the entire system, and set the music player app and its registration plugin "Run As Administrator" for all accounts. That has worked for us for 7 years now, and caused us no security issues, due to the machines being "locked down" in so many other ways. With the advent of Windows 10, "Run As Administrator" results in the user being prompted for an administrator password every time the music player is started. I've failed completely to disable UAC on the standard restricted user account. Here's all the suggestions which haven't worked: 1) Drop the UAC slider to the bottom in the main Administrator account. This disables UAC on all Admin accounts, but not on standard ones. 2) Change "EnableLUA" to zero in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System. Same result as 1) 3) Create a shortcut to the music player EXE including the administrator password... Basically Aaaaaaargh! That would risk exposing the machine's administrator password and break our other security. 4) Create a task in Task Scheduler to run the app with administrator permissions. This is impractical because the machine administrator password has to be written into the task. All 40 machines have unique passwords, and there is no "automatic" way of writing that into the task. The systems need to be upgradeable with a sysprep'd clone. It also risks exposing the admin password to "local hackers" same as 3). 5) Write the "Run As Administrator" along with the password into the kiosk launcher shell prior to compilation. Gets around the chance of exposing the password, but I'd need to recompile the launcher for each machine, because they all have unique password

Thanks for your advice, Paul. I'll take a look at it as soon as I have a moment spare.

Thanks for your help, Sean. You've restored my faith! :-D

Thanks for your reply, Sean. I can't see anything except "closed". Apparently there was a comment on the article itself, but now it's closed, it is inaccessible, so I have no idea what the comment was about. I agree that it would be better in "Tips & Tricks". I thought that's where I'd put it.... Silly me! :doh: Could you maybe move it there for me, or do I need to redo it? I do hope not, as, being new to posting on here, it took me an absolute age to get the code to format properly. Incidentally, how DO you copy & paste here from VS2012?

Code Project has been a valuable resource to me as I try to get back into programming after a 30 year "sabatical". So... I thought I'd give something back to the community and publish a solution I found to a much-googled Windows 7 security issue. But... As soon as the article went up, it was closed again, because someone reported it as "unclear"??????????????????????????????????????????????????????????????????????????????????????????????????? No explanation, no message to ask if I could clarify whatever it was that was "unclear", no offer of any help to rework the article in a way that was acceptable to the "powers that be".... NO! Just "Closed". I won't be trying again. If anyone is interested in any of the work I'm doing, please feel free to message me, but I won't be trying to publish any of my code on here again. That's for sure.