Prompting for Elevation on the Secure Desktop

One of the most annoying aspects of UAC is the screen dimming when you get prompted for elevation. The elevation prompt is being displayed on the special “Secure Desktop” where only trusted System-level processes are allowed to run.  This is done so malware can’t spoof the prompt.

For example.  If we didn’t have a Secure Desktop anyone could throw up a dialog that looks like the UAC prompt, including a webpage, and trick you into clicking the wrong button (like switching the text on the buttons).  Because the screen dims when switched to the Secure Desktop you’d notice it’s a trick right away by the lack of dimming.

This older post by the UAC team goes into more detail: http://blogs.msdn.com/b/uac/archive/2006/05/03/589561.aspx

The downside is that for people like me who frequently run apps that need elevation these desktop switches can be rather annoying as it can take a few seconds to prompt, during which time you’re completely blocked from using apps on the “interactive desktop.”  Since I know what I’m doing and only click the elevation prompt when I’m expecting it, on some of my desktops I disable switching to the Secure Dekstop.  For me the convenience outweighs the risk and I always have antivirus and anti-malware running to further minimize the risk.  The net result is a normal, non-modal popup for elevation, a quicker prompt, and I’m not blocked from working on something else.

The change is simple.  Open Local Security Policy (secpol.msc) and disable the following policy:

User Account Control: Switch to the secure dekstop when prompting for elevation

This policy is described here:

http://technet.microsoft.com/en-us/library/dd834746.aspx

Local Security Policy:

Disabling the Secure Desktop prompt via Local Security Policy.

Disabling the Secure Desktop prompt via Local Security Policy.

The policy explained:

As you can see from the first screenshot there are a number of different policies that control the UAC behavior.  I’ve found that by changing only this one policy the UAC prompts are now hardly noticeable and I sacrifice only a small amount of security.  For me that’s a reasonable tradeoff.

Cheers