How to decide UAC allowance on Windows on a case-by-case basis?

How to decide UAC allowance on Windows on a case-by-case basis?

UAC is a neat Windows feature, that may warn you, or even outright prevent it from happening, when a malicious app tries to take full control of your computer. And while useful, it also has some serious limitations, that may be frustrating in some use-cases.

UAC warning popup

Let's say that you have an app that you want to be run on startup, and it needs elevated rights. In my case it was Everything, that is a backbone of Wox - app that mimics MacOS' Spotlight search option on Windows (I seriously recommend to check it out, even if you've never worked on Mac - a great productivity tool once you get to know it).

About the only problem I had with this software was that each time I logged in, a wild UAC would appear and demand, that I decide if I think Everything should be allowed elevated priviliges or not. Which got quite annoying pretty fast. So, naturally, I set out to see if there is any way to tell my Windows – allow this one, and only this one app permanently.

Unfortunately, nope. For UAC it's either a rule for all... or a rule for all. The only knob to tinker with is the main one, deciding the general security level:

UAC settings control window

Which is far from optimal. There is no way to decide access control on a case by case basis, and I can only lower the security for all, or keep it as is and accept that daily UAC popup is my fate, apparently.

Or not. How to disable UAC for single program?

Turns out there is a way to actually bypass it. Granted, it's not a straightforward one, feels actually a little bit hacky, but the most important thing is - it works.

To do this, we'll need a system app cald Task Scheduler. Pay attention - not Task Manager, but Scheduler.

Task Scheduler icon and name

Once inside, you'll most likely want - to keep it organized and clean - create a new Folder for your own tasks. Click on Task Scheduler Library, and then, on the right hand menu, New Folder.... Then click on the folder you created, and choose Create Task... action.

In the new window you will want to name it as something, that will be easy to recognize later on, just in case. For me, the standard I chose is AutoElevateAppName. The second setting to be changed here, and possibly most vital part in the whole process, is to make sure that the "Run with highest priviliges" option is checked.

Checkbox allowing us to bypass UAC

Bingo!

This is, basically, an equivalent to giving the app an "OK" every time in the UAC - except automatically.

Next, you need to visit tabs with Triggers and Actions, to define what exactly we want to be run with elevated rights. Let's start with Actions.

View of Actions tab in Task Scheduler

Here you need to provide a path to an app that you want to run...

View of Triggers tab in Task Scheduler

And here, in the Triggers tab, you specify when should this action be fired. For me it was at log on, however there are many other options that you can tinker with to fine-tune it to your liking.

And that's it, I suppose. Just OK all popups, and there you have it - we just bypassed UAC for a single program, without lowering the overall security level.

I just wish it were easier, and not so hacky.

Show Comments