Run As Administrator does not work with UAC disabled

K

Kurt Harriger

After installing vista ultimate I created a new administrative account and
changed my account type to standard user then disabled UAC.
When I login as my standard user and use Run As Administrator the
application runs with no prompt as my standard user.

Anyone else have this problem?

Thanks,
- Kurt
 
G

Guest

Kurt Harriger said:
After installing vista ultimate I created a new administrative account and
changed my account type to standard user then disabled UAC.

don't disable the UAC!!!
 
K

Kurt Harriger

mik said:
don't disable the UAC!!!

I am using a standard user account because I want to be prompted with
credentials not continue for admin activities but when I use my
administrator account I want it to be an administrative account...
unfortuanatly with UAC disabled I was no longer prompted with credentials as
a standard user and IE protected mode doesn't work so I reenabled it and
enabled the built-in administrator account instead. IMHO UAC is worthless,
see my post on built-in administrator how I think it should have been
implemented.

- Kurt
 
K

Kerry Brown

What are you trying to accomplish? If you are running as a standard user why
do you want uac disabled? Knowing what you are trying to do would help.
 
K

Kurt Harriger

I was having difficulty accessing files on my usb drive. No surprise that I
was not able to access it as my standard user, as my vista user guid would
differ from my xp guid, it didn't even occur to me that I could have changed
the ACL from my standard user account I was rather looking for a way to open
the folder as administrator a feature explorer doesn't offer. But but I was
a bit frustrated and confused at first when I still recieved access denied
from my administrator account. I didn't at this time even think it was an
ACL issue I was logged in as a (vista) administrator and still couldn't
access it, but I had a good idea UAC was to blame and after I disabled it I
had no issue accessing the files. After a bit of research into why UAC
prevented me from accessing the drive I better understood the problem and
therefore the solution - a vista administrator is really an adminstrator
until an explicit elevation has occured, since explorer did not prompt me
for elevation it didn't even occur to me that I needed it, but once I
understood the problem the solution was as simple as changing the ACL.

It really shouldn't make a difference if UAC is enabled or not when using a
standard user account so I intended to just leave it disabled. However I
quickly ran into issues, without UAC enabled run as administrator from my
standard user account does not prompt for credentials (or elevate the
process) and IE Protected mode no longer works. But now that I have a
better understand the problem I have reenabled UAC, and I actually feel a
bit better knowing that if I can't perform the task as a standard user it
wont work as administrator either so I'm not going to be missing out on
anything by using a standard user account. I'll have exactly the same
issues as every other vista user running with a pseudo-admin account, for
better or worse at least I wont be alone :). I've even found some
advantages of using a standard admin account over a pseudo-admin account.
When logged in as an administrator Vista will prompt you for elevation
immediatly when running Computer Management, if you don't elevate it doesn't
run, but when running as a standard user launching comptuer management will
run as a limited user account allowing me to safely view the information
without accidentally changing anything (but only from administrative tools
though, right clicking computer->manage still prompts) , if I want to change
something I must right click and run as administrator or right click
comptuer->manage.

- Kurt
 
G

Guest

Try secpol.msc there a few option under UAC and standard accounts, though
there is still no option to turn off Mr UAC fanboy Mik ;-)

I do get asked to provide admin password in standard account with UAC off
though, perhaps I changed a setting in secpol.

Now that I don't have XP on my Vista box I haven't seen an access denied
message and now that I have Vista more or less set up I don't incur the
wrath of UAC that much. I don't think UAC is worth much but IE7 UAC aka
protected mode is something I'm barely in favour of.


If you haven't already have a look at security policies to see if you can
make Vista work better for you.

Colin T
 
G

Gerry Hickman

Hi mik,
you're just an ignorant man.

He's not! He's talking about the "proper" way of running a computer;
that's when you have one account for admin tasks and another account for
user tasks. This is how it's worked since NT 3.51, and it works well if
you bother to understand it.

The "problem" is that some people think it's ok to run user tasks as
Administrator, those are the "ignorant" people.

Kurt is right, the UAC is worthless; it's just a way to make it "seem"
like Vista has some kind of hardened security, BUT the reality is that
they should not have been running as Admin in the first place. It's the
wrong solution to the wrong problem.
 
K

Kerry Brown

I agree with you. I run as a standard user (with uac enabled) all the time
in Vista. I'm used to Linux so having to supply credentials to perfome admin
tasks seems normal.
 
J

Jimmy Brush

Kurt is right, the UAC is worthless; it's just a way to make it "seem"
like Vista has some kind of hardened security, BUT the reality is that
they should not have been running as Admin in the first place.

UAC is certainly not worthless, and the security is not fake :).

UAC hardens the admin accounts by running non-admin programs as a standard
user while still allowing admin programs to run as admin (after user
consent), and also hardens the seperation between admin and non-admin
programs.

Also, UAC makes it easier to run as a standard user (both as a real standard
user and with programs running as a standard user when logged in as an
administrator) by enabling app-compat features such virtualization.

An administrative user now has the best of both worlds - they can easily run
administrative programs, and they can be confident that they will KNOW when
running a program with admin permisions because of the prompts, but they can
also run non-admin programs from inside their administrative account.
Seriously, what is wrong with doing this? How is this "fake" security as you
seem to imply? What do you think the right question and the right answer is?
 
K

Kerry Brown

I agree with Jimmy on this. If uac is so flawed what should Microsoft have
done that would allow the greatest number of older programs to run and cause
the least amount of disruption to users while still having good security?
UAC obviously is new to Windows and will evolve as service packs then new
version of Windows come out. It will also get much less obtrusive as
programmers start programming for it. But for all the uac detractors out
there - what should Microsoft have done differently?
 
G

Gerry Hickman

Hi Jimmy,
UAC hardens the admin accounts by running non-admin programs as a
standard user while still allowing admin programs to run as admin (after
user consent), and also hardens the seperation between admin and
non-admin programs.

This is not correct. The true "separation" is when you keep the Admin
account and User account completely separate. UAC blurs the separation
and weakens security.
Also, UAC makes it easier to run as a standard user

No it does not! A standard user will not even see UAC; only a pseudo
Admin will see it.
(both as a real
standard user and with programs running as a standard user when logged
in as an administrator) by enabling app-compat features such
virtualization.

But we don't need "app compat" and we certainly don't need
virtualization. Both these are a step backwards damaging the Windows
Application Specification and writing files and registry keys to
locations where they are not safe.
An administrative user now has the best of both worlds - they can easily
run administrative programs, and they can be confident that they will
KNOW when running a program with admin permisions because of the
prompts,

There is no such thing as an "Administrative user". You have
Administrators and you have users. Two different things.
 
G

Gerry Hickman

Hi Kerry,

Microsoft had a golden opportunity to improve the security in Windows by
changing the default home user account from an Admin account to a user
account. They didn't have the guts (or the brains) to make this simple
change, and this means home users will now pay the price.

You say UAC will "evolve", can you clarify? Evolve how exactly?

UAC changes nothing, all it does it put an annoying dialog on the
screen, but home users will never know if the operation is safe or
unsafe, and big corporations (like Sony) will know hoe to "trick" them
into saying "OK", even when it's not OK. Here's an example:

"Click OK at the next screen to activate Sony music downloads"

Are you seriously telling me the user will NOT click "OK"??

The correct way to stay safe is to run as a user, NOT as an
Administrator or Pseudo Administrator.
 
J

Jimmy Brush

This is not correct. The true "separation" is when you keep the Admin
account and User account completely separate. UAC blurs the separation and
weakens security.

UAC doesn't blur anything - an admin is still an admin, a user is still a
user. However, UAC does make it so the admin can control when their admin
power is used.

I don't see how this weakens security at all - this greatly enhances it.
Admins now have control over their power, and standard users have an easier
time running mishehaved programs thanks to app-compat features of UAC.

If you want to run as a standard user and only use the administrator account
for system admin tasks, that is your perogative - Kerry and many others do
just this. And this is a very secure way to run things.

But, running as an administrator now has the same security benefits, thanks
to UAC, because the admin controls how their admin powers are applied, in
semantically the same way that
standard-user-authenticating-to-admin-when-necessary accomplishes.

I honestly don't see any negative security aspects of this model.
No it does not! A standard user will not even see UAC; only a pseudo Admin
will see it.

Here I am referring to the app-compat features of UAC, such as
virtualization.
But we don't need "app compat" and we certainly don't need virtualization.
Both these are a step backwards damaging the Windows Application
Specification and writing files and registry keys to locations where they
are not safe.

I agree that it would be better not to put app compat in, but I am a
reasonable person and understand that there's no way UAC would fly without
these things. Nobody is going to use a version of Windows when NONE of their
apps work!

And I still don't see how virtualization is unsafe or negatively affects
security.
 
J

Jimmy Brush

The correct way to stay safe is to run as a user, NOT as an Administrator
or Pseudo Administrator.

But running as a standard user is just putting another barrier, another
"annoying dialog", in the way. Instead of "click ok" it will be
"authenticate with your admin password".

Running as a standard user and authenticating as an admin is semantically
the same as running as an administrator and approving admin actions, in
Windows Vista at least, for the case where the user running the computer
owns the computer and is both the standard user and the administrator.

It doesn't matter how you try to slice it up, if the user at the screen is
the person who is in charge of the computer, they will do what they want to
do regardless of the security model :).

What I am saying, is that the administrator-UAC model is as secure as the
standard-user-authenticating-as-admin model, because they are the same
model. And this is a big accomplishment, and a big step forward in the right
direction. Never before has the default, out-of-the-box installation of
Windows that the majority of users will use been equivalent in security to
the best security practice of the times.

Granted, this doesn't mean that users will take advantage of it - but this
would be true even if Windows worked exactly like you think it should -
where the default user is a standard user and there is no virtualization.

Microsoft has provided the security model to their users - it is up to the
users to play it safe.
 
K

Kerry Brown

Gerry said:
Hi Kerry,

Microsoft had a golden opportunity to improve the security in Windows
by changing the default home user account from an Admin account to a
user account. They didn't have the guts (or the brains) to make this
simple change, and this means home users will now pay the price.

I agree with you 100% on this. The problem is that in the Windows culture
everyone runs as an administrator. If the only change Microsoft made was to
have the default user be a standard user many people would immediately
create an administrator user and use it for everyday tasks because "It's my
computer dad gummit. I know exactly what I'm doing and nothing can harm me".
This is the Windows culture. UAC does an end run around this. Yes many
people will turn uac off but I believe not as many as would create an
administrator user and use it instead of a standard user.
You say UAC will "evolve", can you clarify? Evolve how exactly?

I don't know, Security in XP evolved through service packs so you have to
assume the same for Vista. It's very early to predict what the changes will
be. Hopefully Microsoft will listen to discussions like this and take notes
:)
UAC changes nothing, all it does it put an annoying dialog on the
screen, but home users will never know if the operation is safe or
unsafe, and big corporations (like Sony) will know hoe to "trick" them
into saying "OK", even when it's not OK. Here's an example:

"Click OK at the next screen to activate Sony music downloads"

Are you seriously telling me the user will NOT click "OK"??

The correct way to stay safe is to run as a user, NOT as an
Administrator or Pseudo Administrator.

I've been running Vista as a standard user for months now. It's a tribute to
Vista that it works. In XP it's pretty much impossible in most environments.
I also agree that many people will blindly click OK the first few times they
see uac. Once they get some malware and realise how it got there they will
be more careful. Some current software firewalls act much like uac. They
have many popups that most people don't understand and initially click on
allow. After they've been burned once or twice they change their habits. Uac
is similar. I see it as a way to force the Windows culture to change to a
better security model despite themselves.

My question wasn't meant as a defence of uac. Personally I think it has good
points and bad points. For me the good outweighs the bad but I can see both
sides of the argument. My intent was to start a serious dialog about how uac
could be improved, not to start an argument about whether it is a good or a
bad thing.
 
D

David J. Craig

I can think of some instances where UAC would work for admins using the
concepts of admin and user. If an admin is doing user maintenance but needs
to browse to Microsoft or some other site to see how to do something, it is
nice that the browser will cause UAC to activate if some exploit tries to
gain access. It is not frequent, but for system admins in large companies
it can happen frequently. They may also have special scripts on their
servers that need to be run to install company software or configure options
on a user's computer. Each time they run something that requires admin
capabilities they will get a way to make sure it is what they are doing and
not some background task trying to sneak in a rootkit or something. There
is nothing wrong with UAC. It might also be an incentive for more home
users to actually create normal user accounts and use them except when
necessary. Most probably use one automaticlly logged in account that
happens to be the admin with XP. Sometimes you need a baseball bat to get
the user's attention.
 
K

Kurt Harriger

Gerry Hickman said:
Hi Kerry,

Microsoft had a golden opportunity to improve the security in Windows by
changing the default home user account from an Admin account to a user
account. They didn't have the guts (or the brains) to make this simple
change, and this means home users will now pay the price.

I don't think it is quite so bad though, with UAC enabled Administrators ARE
standard users... until they click continue or explicitly run as
administrator. The only difference between an administrator account and a
standard user account is that a standard user account prompts for
administrator credentials whereas and administrator account prompts for
concent. Most home users are the administrator and therefore would have the
administrative credentials to perform the action so asking for credentials
only requires more keystrokes, if the user is intent on performing the
action he can do so either way. Granted prompting for credentials will
probably make the user think a bit longer before blindly clicking continue
but may also frustrate users who change their standard user account password
and later forget the administrator password if they don't (and hopefully
won't) need to use it much.

You say UAC will "evolve", can you clarify? Evolve how exactly?

UAC changes nothing, all it does it put an annoying dialog on the screen,
but home users will never know if the operation is safe or unsafe, and big
corporations (like Sony) will know hoe to "trick" them into saying "OK",
even when it's not OK. Here's an example:

"Click OK at the next screen to activate Sony music downloads"

Are you seriously telling me the user will NOT click "OK"??

The correct way to stay safe is to run as a user, NOT as an Administrator
or Pseudo Administrator.

Many experienced administrators well aware of the risks have probably
installed this application because they mistakenly trusted the Sony name.
If the user wants listen to his music he's going to install the application
even if he has to login as administrator to do so. Most applications
require administrative priviliages for installation and this is not at all
concidered an unusual. It just shows the need for greater control and
transparency of all application activities. With or without prompting for
credentials, Vista makes the need for administrative privilages transparent
to the user and gives him the power to deny those priviliages regardless of
which account type he is using. This is a step, but more needs to be done
to prevent this type of betrayl of trust.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top