UAC's and why you need to learn to use then
Any One can say "I Do not care about security", "I can tell when I Have spyware", BUT here is the simple truth. When your computer crashes, you cannot work, you blame Microsoft. UAC is a way to reduce users from working as ADMINs. WE all should know that you work with least privilege access, BUT we do not, Companies hate support costs, Companies buy operating system, they said make it secure and MS heard the message. I have seen message posted here saying I would like to Install P2P software on my computer and make it secure! This is almost impossible, due to the way that most P2P software works. Now working with Vista for the last 16 months I have to tell you 3-5 time a week I get UAC prompts and that not bad. Yes when I install new software I get prompted but no spyware, and my system is running much better that XP. Lets look at the history of PC software The DOS and Windows 95/ 98 were great (no security) XP had some security XP/sp2 added additional security VISTA adds Lots more Think about this. ITS A NEW operating system and you need to learn how to use NEW technology. If you want XP use XP, But VISTA is not XP it a leap ahead in the basic security model. Same happens with all software, but as up upgrade you software you need to upgrade you apps, that just the way it is. The UAC Model is as follows A user works in VISTA as a Standard user, if that user does something that requires administrator privileges they get a prompt. If you are not an admin you get a Prompt. Just like XP. To continue type a administrator user name and password If you are an Administrator You get a Give you process an elevated privileges prompt where you grant security that Process only the rest of the OS keeps running at standard user mode. This is a very large difference in that in Vista only that Process is running in elevated mode. When you are in XP the full desktop is in elevated mode. In Windows Vista you will find that once you get beyond the setup phase on most systems, you can work just fine as a standard user. The problem was what to do when the user needs to complete a task that does require the administrator privilege. To address this need, we created a new capability in Windows Vista so that when a standard user tries to do something that requires the administrator privilege, the system prompts the user to have an administrator authorize the task by entering their credentials (or confirm the task if you are an administrator). Please review these articles to further understand UACs http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/23/security-features-vs-convenience.aspx http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/25/accessible-uac-prompts.aspx
March 1st, 2007 12:46am

I've started a poll to get a feel for how many people have disabled UAC and how many are living with it. Please take a few seconds to cast your vote: http://professionalinsight.net/vista_uac.aspx Thanks Al Degutis
Free Windows Admin Tool Kit Click here and download it now
March 29th, 2007 8:48pm

well, if a click keeps my stuff safe and working then so be it. atleast the next time i install a downloaded program i will have to take ownership rather then blame MS for a crash 2 days later. Sad part :the cute looking userscant claim 'It happened on its own' .
April 10th, 2007 2:30pm

I have very mixed feelings about UAC. I still can not see any security value when a single click of a mouse is supposed to stand between Nirvana and Hades. If I have repeatedly allowed a program to run, from the same account, so many times, why oh why can't MS allow some way of accepting an option such as: 'YES, I do really, really know this program and I would love you to bits if you accept my decision to run it for ever and ever, and I completely absolve MS from all responsibility - but PLEASE REMEMBER my choice and don't bother me ever again about THIS program in THIS user account. Thank you' Seriously, why can there not be a way of telling the security system to remember my choice? I voted in the poll with having disabled UAC. Where is the security there then! It must be a better option to allow a user to acknowledge program(s) and not have the constant pop up and yet still have UAC notify all others.
Free Windows Admin Tool Kit Click here and download it now
April 12th, 2007 3:48am

Les wrote: 'YES, I do really, really know this program and I would love you to bits if you accept my decision to run it for ever and ever, and I completely absolve MS from all responsibility - but PLEASE REMEMBER my choice and don't bother me ever again about THIS program in THIS user account. Thank you' Because what happens when a malicious application uses the flagged executable to launch an attack. Consider the (common) scenario in which a user decides to say "It is always ok to launch CMD elevated". From that day forth any application can elevate whenever it likes by running a batch file. The solution to too many UAC prompts is to fix the applications that unnecessarily require Administrator rights so that they never ever ask to elevate, not to hide the problem by making the OS elevate them silently.
April 17th, 2007 6:47pm

JAYTF: Everything you say is true. That does not excuse one serious deficiency in the UAC scheme... people dont want to be constantly harassed by the operating system. There is no combination of spin andfear-mongering thatwill changethat. If my sister tells my mom that "I dont like Vista,it constantly pops these windows up every time I try to open my recipe program" then my mom is not going to shell out $159 for Home Premium, or buy a machine with it installed. It is that simple. Regardless of whose fault it is that ApplicationA.exe does not play well with the UAC, if I know what ApplicationA does, I want the option to tell Windows to shut its ignorant mouth and never ask me whether I trust it to run again. And spare me the social-engineering argument, etc. I have heard it. Life is risky. People smoke.Some live in L.A. Some eat at KFC.A computer disaster for them is losing the clips of their cat attacking the vacuum cleaner. Its fixed with a quick re-install. The bottom line is that system security is, for manyhome users, useful if it keeps its mouth shut and stays out of the way. When I sit down at my PC, I am not looking for a chance to explain my forthcoming actions to the operating system. It is good that is asks initially, but it quickly begins to wear. InVista's current state, its a choice between:either constant harassment (UAC is on) or constant harassment (UAC is off, and the security center takes over the harassment duties). That is garbage. But so is my moms computer, so I need to go get her a new one. Karen already warned her away from Vista, and mom only uses her machine for things like email, web surfing, etc. So, she gets a Mac for her birthday. Now, I am a .NET developer by trade, and I loathe Apple and their smug "I'm a Mac" TV campaign of half-truths (except the one targeted at UAC, which was right on), but my mom will be on the phone 100 times a day to verify that "its ok to tell this box thingy that I want to allow that Flash thingy to update ?" I cant bear that thought. So she gets a Mac.These are the ways people migrate away from a product, and no amount of public education on the dangers of....whatever... are going to change that. Fix the damn UAC, Microsoft.I dont want to hear any moresniveling to the tune of "But..but..but... its not broke, its you stupid users trying to use things."
Free Windows Admin Tool Kit Click here and download it now
April 23rd, 2007 8:41am

You say its not broke, and so you are quite obviously in denial. The perception of the paying customers is that UAC is broke, so UAC is broke. What you apparently dont understand, Andy, is that people dont think you know whats best for them. I believe you do, from a security standpoint, but my opinion does not matter either. But this: Because what happens when a malicious application uses the flagged executable to launch an attack. Consider the (common) scenario in which a user decides to say "It is always ok to launch CMD elevated". From that day forth any application can elevate whenever it likes by running a batch file. That is such a cop-out. Just quit it. Applications dont get to scour your system, looking for an elevated executable, find CMD.exe is elevated, write a batch file, and then set your monitor on fire. That is a pretty insulting post, to those of us with a highschool education. If it is dangerous to elevate portions of the operating system internals (ex: cmd.exe), then simply disallow the "never ask again" check box for that application. You might even go so far as to take the 10 seconds to add an explanation of why in that afore-mentioned message box. The point is, we have heard the defense of UAC, and we still dont care. If MS wont fix it, some dev. will, and that is like getting botox in somebodys basement ... My point is thatpeople are going to do it, you may as well make sure they do it with some semblance of safety.
April 23rd, 2007 9:07am

Jay, Ok, I agree with your goals in using UAC. I like the idea and have no problem dealing with the messages even though I often do things that require elevated rights. My problems are as follows: 1) There is no way to resolve conflicts that arise from UAC other than turning it off. Look at the problems with Adobe Flash and UAC (Flash only works on some Vista systems if UAC is off.) There are a number of threads on this issue on MS as well as other sites. Why doesn't MS have a facility for people to report such problems (especially with major vendors such as Adobe) so it can be resolved quickly rather than my just turning off UAC? 2) Most novice users I know simply click through the warning, not even bothering to read it. 3) There is no way to tell UAC that it doesn't need to bother me about a given situation in the future. For example, I manually add/change folders in the menus to arrange things the way I like them. Each step is time consuming - UAC pops up to create a folder (named New Folder), then to rename it, then to copy in a shortcut, etc. Again, I like UAC and think it is a good idea. I just wish that it had been tested with "real" users a little more (especially those with more advanced abilities.) But, in my case, it appears that I have no choice but to turn it off. Thanks, Fletcher
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2008 7:44pm

Hi allI did disable it but if you read my post here : http://social.technet.microsoft.com/Forums/en-US/itprovistasecurity/thread/e26d17d9-d4f0-4b02-a63b-60691f8e1365 you will see that I thnk that may well have been a mistake !!I have it back on now, as Windows Defender & NIS2008 seem to have been unable to protect me fully !
January 29th, 2009 2:20am

I have been running Windows 7, with UAC enabled for over a year and with NO virus scan software... not one time have I been hacked! Via the Web, via email, nothing! UAC is awesome... only thing is that if you need to run applications, install applications and you are logged in as a standard user... you might want to look at getting BeyondTrust Privilege manager to elevate these applications! DerekMVP and "MSPress Group Policy Resource Kit" author
Free Windows Admin Tool Kit Click here and download it now
October 5th, 2010 11:35pm

UAC has problems accessing certain folders using windows explorer. you can get an access denied even though you have access to the folder. This article I found explains why this occurs and how to fix it http://think-like-a-computer.com/2011/05/11/uac-access-denied-on-folders-for-administrators-windows-2008/
May 27th, 2011 1:55pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics