Programmatically detecting whether UAC is enabled

An application may sometimes need to know whether or not the current user has administrative rights. This is complicated in Windows Vista by User Account Control (UAC) – the user may be in the Adminstrators group on the local machine, but nevertheless running with limited rights. When I came across this blog entry on COM elevation by Christoph Wille(thanks to Daniel Moth) I was interested to see the function he mentions called IsUACEnabledOS. I downloaded his code, but was disappointed to see this:

// a really simple check that does not account for possible UAC-disabledness via group policy
public static bool IsUACEnabledOS()
int majorVersion = Environment.OSVersion.Version.Major;
int minorVersion = Environment.OSVersion.Version.Minor;

return (majorVersion >= 6);

This just detects Vista or higher; in fact, it won’t always return the correct result, since Vista will lie about the version number if an application is running under compatibility settings. How then do we discover if UAC is enabled? The best I’ve come across so far is to query this registry entry:


If the entry does not exist or is 0, UAC is not enabled. Of course there is no guarantee that this always work, but it’s unlikely to change. I also haven’t checked that it is there in the base versions of Vista; again, it is probably the same.

Update: See the comments to this post for a better solution from Andrei Belogortseff, using the GetTokenInformation API call.  

I’ve now posted a C# implementation of Andrei’s code.

Technorati tags: ,

3 thoughts on “Programmatically detecting whether UAC is enabled”

  1. GetElevationType is useless for this, it will return TokenElevationTypeDefault if the user is non admin with uac ON, and it also returns TokenElevationTypeDefault if uac if OFF, so checking the registry for EnableLUA is the only way I have found to figure this out

Leave a Reply

Your email address will not be published. Required fields are marked *