Apps Enable or Disable UserChoice Protection Driver (UCPD) in Windows 11 and 10

  • Thread starter Thread starter Brink
  • Start date Published: Start date Updated Updated:

Default_app_banner.png

This tutorial will show you how to enable or disable the "UserChoice Protection Driver" (UCPD) service for all users in Windows 10 and Windows 11.

Microsoft has quietly introduced the UserChoice Protection Driver (UCPD) service that is enabled and running by default to block third-party apps access to UserChoice registry keys to prevent changing default apps choices set by users.

UCPD will still allows access, but only if the process is signed by Microsoft and not on the deny list. This means third-party programs will be blocked from making changes to default apps. The deny list includes Windows tools (ex: regedit.exe, reg.exe, or powershell.exe) to prevent third-party app developers from using them as workaround to make changes to default apps.

UCPD does not prevent users from manually making changes to their default apps settings. UCPD only affects third-party apps.


UCPD can be a good security feature to prevent third-party apps from making unwanted or unknown changes to your default apps choices.

However, if UCPD is blocking a third-party app you want to use to make changes to your default apps, you are able to disable UCPD to allow third-party apps to make changes to default apps again.

Reference:

Windows UserChoice Protection Driver UCPD / UCPD.sys / UCPDMgr.exe – Gunnar Haslinger

hitco.at hitco.at


Contents





Option One

Check if UCPD is Currently Enabled or Disabled


1 Open Windows Terminal, and select either Windows PowerShell or Command Prompt.

2 Copy and paste the appropriate command below into Windows Terminal, and press Enter. (see screenshots below)

Command Prompt:
sc query ucpd

OR​

Windows PowerShell:
Get-Service ucpd

3 Look to see if the STATE (command) or Status (PowerShell) shows as Running (enabled - default) or Stopped (disabled).

query_ucpd_command_running.png
query_ucpd_command_stopped.png

query_ucpd_PowerShell_running.png
query_ucpd_PowerShell_stopped.png





Option Two

Enable or Disable UCPD


You must be signed in as an administrator to use this option.


1 Open Windows Terminal (Admin), and select either Windows PowerShell or Command Prompt.

2 Do step 3 (enable) or step 4 (disable) below for what you want.

3 Enable UCPD

This is the default setting.


A) Copy and paste each appropriate command below into Windows Terminal (Admin), and press Enter after each command. (see screenshots below)​

Command Prompt:
sc config UCPD start=auto

schtasks /change /Enable /TN "\Microsoft\Windows\AppxDeploymentClient\UCPD velocity"

OR​

Windows PowerShell:
Set-Service -Name UCPD -StartupType Automatic

Enable-ScheduledTask -TaskName "\Microsoft\Windows\AppxDeploymentClient\UCPD velocity"

B) Restart the computer to apply.​

enable_ucpd_command.png
enable_ucpd_PowerShell.png

4 Disable UCPD

A) Copy and paste each appropriate command below into Windows Terminal (Admin), and press Enter after each command. (see screenshots below)​

Command Prompt:
sc config UCPD start=disabled

schtasks /change /Disable /TN "\Microsoft\Windows\AppxDeploymentClient\UCPD velocity"

OR​

Windows PowerShell:
Set-Service -Name UCPD -StartupType Disabled

Disable-ScheduledTask -TaskName "\Microsoft\Windows\AppxDeploymentClient\UCPD velocity"

B) Restart the computer to apply.​

disable_ucpd_command.png
disable_ucpd_PowerShell.png


That's it,
Shawn Brink


Related Tutorials

 
Last edited:
Click to expand...
Marcus Vinicus said:
It has never popped up and harmed my computer's, so it is not worth me getting worked up about something from my perspective that is a storm in a tea cup. There are more annoying stuff in Windows than UPCD.
Click to expand...

I'm not "worked up" about it, but a quick disablement that only takes a second still makes me feel better, anyway. 😉 😇
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 build: (26200.7623)
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Pro
    Memory
    32GB
  • Operating System
    Microsoft 25H2 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell Pro 14 - PC14250
    CPU
    Intel Core Ultra 7
    Memory
    64GB
    Graphics card(s)
    Intel Integrated Graphics
    Hard Drives
    Micron 1TB SSD
garlin said:
Can you post a screen capture of winver?
Click to expand...
I'm on my work computer again but I do have 25H2, at some point it also enabled the new start menu for me and i'm not a fan so I found the command to roll that back for now. I didn't try running the commands again as I was really busy last night but wintoys said it was enabled so I guess if need be I can just shut it off that way. Thanks for all your help though everyone.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    CyberPower PC
donphillipe said:
Looks like that UCPD is overridden by a new upgrade to Windows 11 that blocks programmatic FTA changes, called "User Choice Latest"
Click to expand...
If you read Kolbicz's article, MS has moved to using a differently computed hash value since they know about SetFTA and it's ability to correctly compute the old hash. Presumably if Kolbicz can reverse-engineer the hash algorithm, then a determined malicious actor can do the same.

UCPD continues its original role of protecting specific Taskbar reg settings and the original hashes from user modification, but now adds the new hashes to its protection list.

Furthermore, he suggests you can prevent Windows from using the newer hashes with ViveTool.
Code: 
ViveTool.exe /disable /id:43229420,27623730

AppDefaultHashRotation 43229420 - (create new hashes for new apps)
AppDefaultHashRotationUpdateHashes 27623730 - (replace old hashes on existing apps)
 

My Computer

System One

  • OS
    Windows 7
I'd venture a guess it's never been about security. Microsoft easily maintains their own products FTAs but will not preserve settings supporting other vendors Had they simply respected things like user choices of Adobe Acrobat, etc., Photo Editor, Music and Video player with Win11 they would not have this hacking game going on. I noticed with a test version of W11 that they also now hijack the photo viewer, video player etc, with Win updates. It could not be clearer that MS's goal is to do this (reset "competitor" products to their own product defaults and at a frequently high enough that users will eventually be frustrated enough to abandon searching through an "associated file types" list to piece-meal through defaults constantly getting reset. If FTA resetting is not by design, they wouldn't somehow be able to protect their own apps while resetting others. e.g. I'm using a 20 year old version of Outlook, something MS has never reset the FTA on and even with Outlook 360 installed on the machine by default.. But that's Microsoft on Microsoft, no problem maintaining user choices for those, yet PDF resets with the smallest system update. If MS would simply leave user choice alone or should i say maintain it until user changed again, no one would be hacking this area.

I have it FTA settings working now with boot up script but who knows for how long.. The only thing that keeps me on MS is Adobe Premier and once it becomes available for LInux, I'm done with Windows.
 

My Computer

System One

  • OS
    Windows 10
    Computer type
    Laptop
    Manufacturer/Model
    HP Business
You must log in or register to reply here.

Similar Windows 11 Tutorials

  • Article Article
Privacy and Security Enable or Disable Enhanced Security and Performance for Batch and CMD files in Windows 11
Replies
0
Views
1K
Brink
Brink
  • Article Article
Privacy and Security Enable or Disable Let Apps Take Screenshots and Record Screen in Windows 11
Replies
3
Views
2K
Ghot
Ghot
  • Article Article
Privacy and Security Enable or Disable Passkey Autofill Access for Apps in Windows 11
Replies
1
Views
4K
Brink
Brink
  • Article Article
Accounts Enable or Disable Passkey Managers in Windows 11
Replies
0
Views
14K
Brink
Brink
  • Article Article
Privacy and Security Enable or Disable Passkey Access for Apps in Windows 11
Replies
1
Views
7K
Brink
Brink
  • Article Article
System Enable or Disable Quick Machine Recovery in Windows 11
Replies
15
Views
13K
garlin
G
  • Article Article
Devices Enable or Disable Print Logging in Event Viewer in Windows 11
Replies
1
Views
11K
garlin
G

Latest Support Threads

Latest Tutorials

Back
Top Bottom