Hi, folks. I'm a tech support guy at a large school district, and I'm testing Win 7 RC (after trying out Win Vista). So far, even as just an RC, it seems obvious that Win 7 is an improvement over Vista and XP. Lots of nice interface improvements, performance seems equal to (or greater than) XP's, and UAC can be customized. Cool. But I've heard some people make UAC sound like an incredibly crucial security feature, but frankly -- so far -- I don't buy it. If it were up to me, for an entire organization, if I used UAC at all, I'd find some way to make UAC do a better job of shutting up. (BeyondTrust Privilege Manager, maybe?) Viz: 1) Is UAC the only technology that makes Win 7 more secure than XP? That seems hard to believe. 2) If I'm paying 200 bucks (probably) for Win 7, I expect it to do a reasonably good job telling the difference between valid user-initiated actions, its own valid code, and malicious code, rather than... 3) ...bombarding the user with annoying and time-wasting "are you sures," which is all UAC appears to do. I've seen malware that's less irritating. (And I'm sure Mac users would gleefully assert that Windows UAC "is," in effect, "malware.") Prediction: if we use UAC, my district's frustrated users, not wanting to call Help Desk for clarification every five minutes, will eventually just click "OK" on practically everything. And wouldn't that render UAC moot anyway? (And I'm betting that some timid users will just freak out and click "Cancel" on practically everything -- and perhaps bombard Help Desk with calls, at least at first. So much for productivity.) 4) One tech article I read recently said, basically, "get UAC or get Conficker." Well, now. I didn't get Conficker, and neither (I hear) did more than maybe a dozen of our thousands of users in this district, and we're almost all running XP Pro. Infections here are very rare. Why so few infections? Well, here's my hypothesis: because we follow safe, common-sense computing practices -- strong firewall, strong Web and e-mail filters, auto-updated anti-virus defs, regular Win Updates, and in some buildings, anti-spy immunization via freeware utilities. And I'm experimenting (on my own PC) with dropmyrights to set mail and Web apps to run as normal (non-admin) users. (Dropmyrights appears to work not only in XP, but also on my UAC-disabled Win 7 PC.) 5) As we all know, security generally means less convenience. However, this begs the question: how much convenience should we trade away, and how much security are we getting in return? (Maybe we'll never find that balance, but the point, I'd say, is to keep looking for it.) Frankly, UAC seems a bit silly, like the equivalent of taking off your shoes before you board a plane (because one guy, one time, seven years ago tried a shoe bomb on a U.S. flight; pray that nobody ever tries an underpants bomb). UAC also seems like the equivalent of the airport guard asking, "did you pack your own luggage?" To which the answer will always be, "yeah, sure." So, most airport security measures, and UAC, seem not only inconvenient, but inefficient and ineffective. I do care about security -- a great, great deal. I'm not naive; cyberspace has its share of sharp teeth. But I'm far more interested in the aforementioned effective, efficient, unobtrusive security. (Not invisible, necessarily; I'd say it's reassuring to the user to know that the security is there -- just don't bug him about it.) 6) Most annoyingly for me, my tests suggest that "never notify" is the only UAC setting (Win 7 RC) that will allow users to run (unmodified) fully-functional batch files from network shares -- a crucial aspect of my productivity. When I tried to run batches from shares while using any higher level of UAC, I got "you don't have permission to do this"/"I'm sorry, Dave"/"what kind of girl do you think I am" sorts of errors -- not for all commands, but many -- in effect, nullifying the batch. Or the batch wouldn't run at all. It didn't matter whether I ran the batches straight from the share, whether I ran them straight from the share "as administrator," or whether I ran them from a shortcut on my desktop which was set to "run as admin." Likewise, on anything above "never notify," I couldn't even run batches (without errors) from flash drives, except by right-clicking them and selecting "run as admin." I rather enjoy the freedom to run a batch from anywhere by double-clicking on it. Being reduced to only being able to run batches from flash drives (and probably local hard drives), and only by right-clicking and selecting "run as admin," is a bit galling, really. Even more galling: except when run as admin from a flash drive, my batches' CHKDSK-scheduling was blocked by UAC ("you must run this app in elevated mode," or something). CHKDSK, for the love of God. We're actually worried about CHKDSK now? After years of scheduling CHKDSKs from batches, why the heck should I have to open "My Computer," right-click on C:, select the "Tools" tab, etc., etc., etc.? I've Googled and Googled, but can't find a way around this. So if there's a way to modify batches to make them work (completely) from network shares and flash drives, via a simple double-click, with UAC in Win 7, without rendering the batches inoperative for WinXP, I am all ears. Having said all that, I won't be surprised if my district adopts Win 7, and I'll definitely install it at home. Speaking for myself, I'm not getting Win 7 because of UAC, but for the general non-UAC improvements, and because MS (and vendors) won't support XP forever. I hope these questions/concerns are taken as the candid-but-basically-polite critique of UAC that they're meant to be; I can be a bit of a wiseacre, sometimes. :-) Bottom line: we're all on the same team here. We all want happy, secure, productive users. And I'm willing to be convinced that UAC is worth the annoyance, at least in some environments; I'll just need a lot of convincing. --Chaz Geary, St. Louis County, MO USA

Regarding CHKDSK. Why don't you create a scheduled task for it and start that when needed? You don't need elevation to start a task in the Task Scheduler.I answered a couple of you other comments in my other post.Ray