LKBEN10745: Howto deactivate User Account Control (UAC) for specific applications in VISTA


Older Installations of third party applications might not function properly or security dialogue should be suppressed


By design


User Account Control (UAC) is intended to enforce security on Vista Systems or to keep you from damaging your system while logged on as an administrator.
This from Linux Systems known behavior has been asked for since Microsoft built Windows Operating Systems - now there it is and nobody is happy...

If you need or want to keep this security feature, you might run into a problem with older applications, good old WinRAR for example:
- After Installation, WinRAR offers several entries in the Explorers Context Menu - they just don´t work.
- upon starting WinRAR, you´ll get the UAC-Dialog to enter administrative credentials.

Deactivating UAC helps; if you want to teach your system to work this application without question, you need two things:
- a .sdb database file ("security database") for your application
- run commandline tool "sdbinst"

How do we get a specific sdb-file? First, you need the Microsoft "Application Compatibility Toolkit" (ACT), which can be downloaded from MS for free.
After Installation it can be started with the "Compatibility Administrator" (with "run as Administrator" if UAC is enabled!).

1) under "custom databases" right click the database and select "create new" --> "application fix"
2) in the following Wizard you can enter a custom name and -vendor and you can browse the wanted application (in the example above, something like "C:\Program Files\WinRAR\WinRAR.exe")
3) in the next screen select "none", since no Operating System - simulation is needed
4) now this is the important section: in the following screen named "Compatibility Fixes" search and select "RunAsInvoker"
5) in the following last screen of this wizard you can select several items about identifying the application to enforce security. To keep it simple I would not encourage this, better use other means of real security like NTFS-Rights.

Back in the Application Compatibility Tool, we need to save this setting into a database file:
- you see your entry under the new databases - applications; if selected you can check your settings in the right pane.
- select "save" or "save as.." from the "file-menu"
- asked for a database name, select something appropriate. If you choose to configure several application settings, prefer an independent name ;)
- next, choose a filename
that's it. The .sdb-file can be used for custom-installations like for enterprise clients, just copy it to the appropriate installation- or network share and use the following command.

Finally, you need to get this setting into your Vista:
- open a CMD as Administrator
- run "sdbinst [Directory\]sdb-filename"

To return setting to normal, it can be reversed by using the uninstall switch: sdbinst -u file.sdb

All Switches can be seen with: sdbinst -h or -?.


The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!

About the Author

Author: Wim Peeters - Keskon GmbH & Co. KG

Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.