Windows 7 UAC – Prompt for Password on Admin Account

The original question was different, but I have actually provided an answer to this question before. See my post in the question "Always display the last / default user Windows 7 welcome screen" - it explains how to set up UAC and hidden accounts together so you can authenticate to the account via UAC but not log into it from the welcome screen.

Essentially, what you need to do is configure UAC to prompt for the user to enter both their username and password manually, allowing you to enter a username which is hidden from the login screen but still enabled. Instructions on how to do this are on the linked post.

In the meantime, it should still be possible for you to recover the account without doing a full reinstall. Open a command prompt (cmd.exe), and type runas /user:USERNAME regedit.exe, where USERNAME is the name of the administrative account. It will prompt you for that user's password; enter it and hit enter. This will open the registry editor running as that user, from which you can go in and revert the changes you made, adding back the account to the login screen.

Re-read your question and noticed that you said run-as won't work. What happens when you try booting into safe mode? I seem to recall that with Windows 7 Home Premium, the built-in administrator account is disabled by default, but is enabled in safe mode, allowing you to log into it and make changes. Unless you have hidden the built-in account in addition to whatever account you set up, this may work.

Finally, if all else fails, you could try running a system restore from the recovery console. Boot onto your Windows 7 installation disk, and choose to "repair a windows installation" instead of install. You can select your installation, then will eventually get to a screen where you can choose to do a restore. This should change the registry back to how it was before you made the change, if it has an old enough restore point. Your files will not be modified by a system restore, although some system settings might be.

(Reference: In 2009, Microsoft engineers specified that UAC is "not a security boundary.")

And they are perfectly right. Your concern should be your user role on the system. If you setup yourself as a regular user, but are always seeing UAC prompts or having to elevate your privileges through a password prompt in order to do your work, you are effectively an Administrator of your system and you should log on as one.

UAC prompt security would in fact be compromised if you didn't, because invariably you are going to start to hit prompt options mechanically and essentially reducing the UAC prompt to just a subconscious confirmation layer between you and your daily actions. Soon enough you won't be able to distinguished between a rightful prompt and a prompt you should actually be suspicious of.

So, in short, if you are administering your machine, if you are constantly requiring administrative access to your computer, you are your computer Administrator and you should set your account as such.

Conversely, a regular user shouldn't see many prompts. Their daily operations of opening applications, sending documents to be printed, reading and replying emails, aren't (or shouldn't be) operations that require administrative privileges. It's when they try to do something they shouldn't, like installing an application or trying to change system settings that UAC will step in. Then they call in for the system administrator to take a look and either elevate their privileges for that operation by writing his password, or refuse to take part of that folly.

...

Security is thus still mostly a user concern and responsibility. UAC helps, no doubt. But by establishing responsibility boundaries by clearly separating the user and administrator roles (something we didn't have on Microsoft desktop operating systems before Vista). Doing this, UAC helps ensure that most (if not all) security concerns are delegated to the administrator.

It certainly introduces features that complicate certain malware. UAC Virtualization is one of them. But UAC doesn't want to replace user roles. Again, if you are an administrator, log in as an administrator.

For a deep understanding of UAC, Read Inside Windows 7 User Account Control, by none other than Mark Russinovich, one of the professionals responsible for it. I suggest in particular you follow his links as you read the whole text. Most particularly the conference video, and the ones that read "UAC Internals" and "revisit the relationship between UAC and security", in the Contents section. But generally speaking you should hit all links to gain a deep understanding of this feature. All you probably ever wanted to know, is there.

It took me about 3 days to fully read and interiorize all the concepts within. But it's well worth it if you take it at your own pace.