I am impressed by the quality of this reply; especially the recognition of the difference between a solution and a workaround. Well done.
Originally Posted by TairikuOkami
I've had UAC turn off two or three times in the few months I've been running Win10. No clue why this is (or was) happening, but I know I do not have a malware issue.
My own workaround--which it seems was not working well all this time--was to create a scheduled task that runs upon system startup, and then every hour thereafter, to set the aforementioned registry value. I have the task set to run as "SYSTEM" with "Run with highest privileges" enabled. The "Program/script" I use is:
The "Add arguments (optional)" string I use is:
Thanks to this thread, I just found out this was not cutting it. You also need to set the "ConsentPromptBehaviorAdmin" and "PromptOnSecureDesktop" values.
/c %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 1 /f
In my case, I want maxed UAC settings, so I need to set those to 2 and 1, respectively. In order to effect the UAC settings shown in the first post (i.e. the second-highest setting; "Notify me only when apps try to make changes to my computer (default) ... Don't notify me when I make changes to Windows settings", it's necessary to set those values to 5 and 1, respectively.
This is easily done by adding two more actions to the aforementioned scheduled task to set each of those values. The same "Program/script" as above, with the following "Add arguments (optional)" strings:
/c %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f
I just tested this, and it works fine. So UAC may become disabled, but it won't stay that way for long.
/c %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v PromptOnSecureDesktop /t REG_DWORD /d 1 /f
I hate resorting to kludges like this, but despite what some people claim, UAC is an important core security function, and I think I'll keep this task in place permanently, even if I find out what was going on to disable it. Better safe than sorry.