How can I disable the User Account Control (UAC) feature on my Windows Vista computer?

Windows Vista has the built-in ability to automatically reduce the potential of security breaches in the system. It does that by automatically enabling a feature called User Account Control (or UAC for short). The UAC forces users that are part of the local administrators group to run like they were regular users with no administrative privileges.
Read more about UAC here: What's User Account Control in Windows Vista?
Running Windows 7? Also see our article on disabling UAC for Windows 7.
Although UAC clearly improves the security on Windows Vista, under some scenarios you might want to disable it, for example when giving demos in front of an audience (demos that are not security related, for example). Some home users might be tempted to disable UAC because of the additional mouse clicking it brings into their system, however I urge them not to immediately do so, and try to get used to it instead.
Anyway, if required, you can disable UAC by using one of the following methods:

Method #1 - Using MSCONFIG

1. Launch MSCONFIG by from the Run menu.
2. Click on the Tools tab. Scroll down till you find "Disable UAC" . Click on that line.
   
3. Press the Launch button.
4. A CMD window will open. When the command is done, you can close the window.
5. Close MSCONFIG. You need to reboot the computer for changes to apply.

You can re-enable UAC by selecting the "Enable UAC" line and then clicking on the Launch button.
*Recommended: Speed up Vista boot times by reducing the number of programs that load at startup. Control your Vista startup list with this Vista app

Method #2 - Using Regedit

1. Open Registry Editor.
2. In Registry Editor, navigate to the following registry key:

   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

3. Locate the following value (DWORD): EnableLUA and give it a value of 0.
   
Note: As always, before making changes to your registry you should always make sure you have a valid backup. In cases where you're supposed to delete or modify keys or values from the registry it is possible to first export that key or value(s) to a .REG file before performing the changes.
4. Close Registry Editor. You need to reboot the computer for changes to apply.

In order to re-enable UAC just change the above value to 1.

Method #3 - Using Group Policy

This can be done via Local Group Policy or via Active Directory-based GPO, which is much more suited for large networks where one would like to disable UAC for many computers at once.
If using Local Group Policy you'll need to open the Group Policy Editor (Start > Run > gpedit.msc) from your Vista computer.
If using in AD-based GPO, open Group Policy Management Console (Start > Run > gpmc.msc) from a Vista computer that is a member of the domain. In the GPMC window, browse to the required GPO that is linked to the OU or domain where the Vista computers are located, then edit it.

1. In the Group Policy Editor window, browse to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options.
   
2. In the right pane scroll to find the User Access Control policies (they're down at the bottom of the window). You need to configure the following policies:
3. You'll need to reboot your computers.

Method #4 - Using Control Panel

1. Open Control Panel.
2. Under User Account and Family settings click on the "Add or remove user account".
   
3. Click on one of the user accounts, for example you can use the Guest account.
4. Under the user account click on the "Go to the main User Account page" link.
   
5. Under "Make changes to your user account" click on the "Change security settings" link.
   
6. In the "Turn on User Account Control (UAC) to make your computer more secure" click to unselect the "Use User Account Control (UAC) to help protect your computer". Click on the Ok button.
   
7. You will be prompted to reboot your computer. Do so when ready.
   

In order to re-enable UAC just select the above checkbox and reboot.
Related Vista Note: Some users have asked if we can help with a missing DirectX dll files in Windows Vista required to play some games.  You can download the d3drm.dll file here

Unable to Logon to Windows 2003 Domain Due to Windows Cannot Connect to the Domain Error

some IT admins report issues with Windows XP workstations that are joined to a Windows 2003 Active Directory domain. These workstations are part of the domain, however, when a domain user tries to authenticate and logon to the domain from one of these workstations they cannot login and receive the following error message:

Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear contact your System Administrator for assistance.

This error is received even though the computer account for the workstation and user account for the user both exist.

This or error may appear when a PC is replaced with another computer with the same computer name without first deleting the duplicate computer name from the Active Directory domain before joining the new workstation to the domain with the same duplicate name.

The funny part is that the symptom may either appear immediately at the first try, or even after a few successful logons.

The cause of the error is usually related to security identifier (SID) issues. Another possible cause for the error is that the computer account for the workstation was accidentally deleted from the Active Directory domain.

Another common cause for the error is using Norton Ghost or any other similar disk cloning software. This happens when the administrator has cloned one XP machine and reproduced it to many other new computers without first using and running Microsoft's SYSPREP utility (read more on that in a different article).

In most cases, the error does not have anything to do with the user account part, only with the computer account.

The resolution to the above error is:

1.    Login to the Windows Server 2003 Domain Controller, open DSA.MSC (Active Directory Users and Computers) and delete the computer account object from the domain.

2.    Login to the Windows XP workstation as a local administrator. If you cannot logon as local administrator, try to disconnect the network cable and login to the computer by using a domain administrator user that was used to logon on the PC before. This will be made possible because of the cached logon credentials feature that remembers the last 10 successful logons.

3.    Go to Control Panel, then click on System icon, then go to Computer Name tab. You can also do this by right-clicking My Computer, and then Properties or by pressing the Windows logo key ÿ and Break.

4.    Remove the computer from the domain by clicking on “Change”. You should see that Domain button is now selected. Remember your domain name in the text box. Select the “Workgroup” radio button to remove the computer from the domain, and put any workgroup name in the text box (e.g. workgroup).

5.    Click OK to exit and reboot the computer.

6.    After the computer restarts, go back to Control Panel > System > Computer Name tab, and click Change.

7.    Rejoin the domain by chocking the Domain button. Enter the domain name noted in step 4.

8.    You might be prompter to enter the credentials of one of the Domain Admin users. This can be bypassed if one of the Domain Admins manually creates a computer account in Active Directory Users and Computers for the workstation you're about to join.

9.    Click OK to exit.

10. Reboot the PC.

Done.