Admin cant even admin my own computer!

G

Guest

Hump! Wonder when the day will arrive that Microsoft will finally come up
with a model for administration and user accounts that is simple to
understand, simple to use, and makes logical sense to us simple folks!

So my account that I log in under, is deemed to be an admin account under
Vista Home Premium. Yet when I login, I still cannot access some folders,
(such as My Pictures under My Documents under my home folder) nor can I
change the permissions nor can I do any darn thing with said folder. YET I AM
LOGGED IN AS AN ADMINISTRATOR account!

It sure seems to me that IF I am am logged in as an administrator, on my OWN
laptop, in my OWN network world, as the SOLE user of said laptop THEN I
should be allowed to use my own laptop as I see fit and not have to deal
with all this damn security nonsense. How in the world do I, a simple user,
in a simple home environment, get control of my own computer and run it in a
simple intuitive fashion? Why should it take me hours of fiddling around with
settings to set up my laptop to work in such a simple environment? I have
hunted and hunted and I still cannot figure out how to do the simplest of
tasks such as store pictures in a folder obviously meant for such a
purpose.... What a mess!
 
J

Jane C

Hi,

My Pictures and My Documents are not real folders in Vista. They are
junction points and are there for backwards compatibility. If you notice,
they are shaded out with a shortcut arrow on them. The 'My' designation is
not used in Vista.

C:\Users\YOURNAME\Documents is the Vista documents folder.

C:\Users\YOURNAME\Pictures
C:\Users\YOURNAME\Music etc.

You are only seeing the 'My Documents' type junction points because you have
elected to show hidden files and folders, and protected operating system
files.
 
G

Guest

Thanks Jane for your reply... It sounds like you may actually have some
inside knowledge or connections with the Vista designers so I am going to
reply from the perspective that I am talking to someone inside Microsoft. And
I speak from the perspective of being a long time software designer myself.

From my perspective, I think Microsoft has stepped off the edge of planet
Reality, and is headed down the rabbit hole.... Gosh I long for the days when
a folder is a folder, a file is a file, shortcuts ALWAYS work and assignments
of permissions to control who can and who can not view something is all done
following a few simple easy to understand concepts...

Of course I turned on viewing hidden files, in the past I have found it
absolutely necessary in order to gain some control back over my computer and
to help me understand it. (Save me from those who want to save me from
myself!) There is no excuse for the wizards at Microsoft not to design and
TEST a gui so that it effectively guides their users to the solutions they
need. Regardless of the user's experience level, novice or expert, and
regardless of whether they have turned on advance settings, the GUI's should
NEVER lead them into traps such as this one did me. When those wizards design
an interface that tells the user that they don't have permissions to open a
folder, or cannot change permissions on what appears to be a shortcut, that
message leads them to believe that there is a problem with permissions,
either with the users own account permissions or with the permissions of the
folder the shortcut is pointing to. In NO WAY does it lead me, or anyone else
living on planet Reality, to come to a conclusion that we are trying to open
some "junction point" backwards compatible nonexistant mystical link to
nowhereland.

Nor does this GUI design convey, in any sense, the meaning that a slightly
grayed out folder with an arrow on it means one is viewing a hidden "junction
point" file. Where is the handy nearby legend for your icon usage? Where is
the message/description/documentation about this icon? NOT in the Properties
where one might expect such. NOR in the error message I got that should have
taught me the meaning of this icon. If it is buried in some help file or
document elsewhere then how is it made easily discoverable by the user? I
have looked since and still cannot find anything on these slightly grayed out
folder icons with an arrow on em. And without a PhD in Vista operating
systems/GUI's how are we users ever suppose to guess that "My" no longer
means MY in this new Vista wonderland?

SO withstanding your implication that this was my fault because I am dumb
enough to want to view hidden files, I remain firm in my belief that this is
yet another example of a poorly thought out user interface design on the part
of Microsoft engineers/management. THIS IS A BUG PERIOD! I say again it is
the responsibility of the GUI designers to design a user interface that leads
their users to a good and proper solutions for the tasks that they are trying
to accomplish. If I see an icon labeled "My Pictures" and I click on it,
regardless of the fact that I am viewing a hidden shortcut, what do you
suppose is the task I am trying to accomplish? And if I am told I don't have
permission to open said shortcut what do the Microsoft wizards think will my
new goal will become? Why isn't the GUI guiding me to a proper solution? (I
will admit that saying I don't have permissions is slightly better than many
Microsoft error messages that simply translate to "I'm sorry user, I can't do
that and I can't help you so go find some non-existent administrator to help
you, but nevertheless it did NOT help me find the correct solution to my
attempt to open the folder this apparent shortcut was pointing to.) It is
never excusable to put in something as misleading as these folders and the
associated error messages in the user interface and require the poor computer
user to have a PhD in Microsoft Vista software in order to understand what
they mean and why they cannot be used...

IMHO my experiences with Vista is leading me to believe once again that
Microsoft has focused on adding flashy bells and whistles, NOT on building a
solid well thought out user interface with an intuitive and robust operating
system behind it. This is NOT the only problem I have encountered in Vista,
just the first one I complained about on this forum..


Marc...
 
C

cquirke (MVP Windows shell/user)

On Fri, 29 Jun 2007 10:36:02 -0700, Marcc
Hump! Wonder when the day will arrive that Microsoft will finally come up
with a model for administration and user accounts that is simple to
understand, simple to use, and makes logical sense to us simple folks!

Heh - they keep changing things, then having to leave legacy
workarounds so last year's software will still work ;-)
So my account that I log in under, is deemed to be an admin account under
Vista Home Premium. Yet when I login, I still cannot access some folders,
(such as My Pictures under My Documents under my home folder) nor can I
change the permissions nor can I do any darn thing with said folder. YET I AM
LOGGED IN AS AN ADMINISTRATOR account!

It's not a permissions issue. What you are seeing - and seeing only
because you changed the shell settings to see "everything" - are
junctions, rather than actual folders.

A "junction" is like a shortcut, but it works at a deeper level of the
NTFS file system. It allows software that is expecting to find "My
Pictures" in "My Documents" to pass through to the new Pictures
location, which is no longer nested within Documents.

That's a very good thing, IMO. Pictures, Music and Videos are huge,
and embedding them within Documents makes Documents too large to
easily back up in toto, and forces one to store it on a large volume.
I prefer to un-nest these large stores, so that Documents can fit on a
small volume on its own and can easily be backed up.

But without those junctions, some old software wouldn't work. Sure,
it would work if it derived such paths from the registry, but
sometimes software is not written "properly" and may just read the
path for Documents and ASSume Pics etc. are under there.
It sure seems to me that IF I am am logged in as an administrator, on my
laptop, I should not have to deal with all this damn security nonsense.

In this case, it's not "security nonsense". The reaon you can't
navigate into those locations is not because you are not allowed to,
but because they aren't actually locations at all.

It's like finding a painting of your car on a wall, and wondering why
your car keys won't open the door :)


-------------------- ----- ---- --- -- - - - -
Tip Of The Day:
To disable the 'Tip of the Day' feature...
 
G

Guest

cquirke (MVP Windows shell/user) said:
On Fri, 29 Jun 2007 10:36:02 -0700, Marcc


Heh - they keep changing things, then having to leave legacy
workarounds so last year's software will still work ;-)


It's not a permissions issue. What you are seeing - and seeing only
because you changed the shell settings to see "everything" - are
junctions, rather than actual folders.

A "junction" is like a shortcut, but it works at a deeper level of the
NTFS file system. It allows software that is expecting to find "My
Pictures" in "My Documents" to pass through to the new Pictures
location, which is no longer nested within Documents.

That's a very good thing, IMO. Pictures, Music and Videos are huge,
and embedding them within Documents makes Documents too large to
easily back up in toto, and forces one to store it on a large volume.
I prefer to un-nest these large stores, so that Documents can fit on a
small volume on its own and can easily be backed up.

But without those junctions, some old software wouldn't work. Sure,
it would work if it derived such paths from the registry, but
sometimes software is not written "properly" and may just read the
path for Documents and ASSume Pics etc. are under there.


In this case, it's not "security nonsense". The reaon you can't
navigate into those locations is not because you are not allowed to,
but because they aren't actually locations at all.

It's like finding a painting of your car on a wall, and wondering why
your car keys won't open the door :)



Tip Of The Day:
To disable the 'Tip of the Day' feature...
 
G

Guest

An example:
I have a simple notepad document that I want to save direct on to a
partition, not into a folder. There are 3 partitions on each of 2 hard drives
for me to choose from. When I choose to save to D E G or H, no problem. When
I chose C Vista produces a message: "You don't have permission to save in
this location. Contact the administrator to obtain permission. Would you like
to save in the Documents folder instead?" -No, I wouldn't; I want Vista to do
what I told it to do! Choice of F produces a different, more concise, but
totally incomprehensible jargon of a message: "A required privilege is not
held by the client". C through H all have their properties set to "Allow:
full control, change, read". I am the sole user of the computer, the
"administrator" - ridiculous word.
 
G

Guest

Thanks cquirke for your replay... Hmmm there are times I really HATE web
browser email forms! Looks like my reply to you got lost so I will have to
retype it..

IMHO, if you ask me, it seems as if Microsoft has wandered off the edge of
planet Reality on this one and gone down the rabbit hole. So now, in the
magical Vista Wonderland you are telling me that someone on the Microsoft
design team has come up with this marvelous notion of having folders/short
cuts/"junction points" that don't really connect to anything except for
backwards compatibility sake??? Nor do they inform the user in plain language
that clicking on them won't get you anywhere??? Nor why the paradigm we have
grown so accustom to has changed??? Nor why no magical
protection/permissions/privilege incantation is going to work anymore! !!???
Despite being TOLD that is what the problem really is! Despite being TOLD
that we are "administrators" with God like powers to rule over our own
computers??? Hump!!!

WOW!!! I wonder how many billions and billions they paid those knuckleheads
to frustrate their users? There just is no way that you or Microsoft can
convince me that this was a "good idea"!!! And you say their rational is -
that it breaks up folders that folks are using for large stores of
information just to make backup processes even harder to configure??? NO
SIR! I remain quite steadfast in my belief that this bit of the user
interface design stinks and in no way will it ever lead us poor users out of
the land of chaos! In plain English, this is a BAD idea, a BAD design and a
BAD implementation that was BADLY tested. The whole purpose of GUI is to act
as a guide that leads us users down the path to the realms of solutions where
we can find nirvana and SOLVE our own problems. NOT into new messes such as
this one, a goal the design teams at Microsoft seem to keep on
misunderstanding...

Marc.. (who is now wondering around in a maze of twisty little passages
somewhere in a hall of mirrors, on a quest for new adventures looking for a
Vista that is more than just a mirage full of junction points...)
 
J

Jimmy Brush

joxy said:
An example:
I have a simple notepad document that I want to save direct on to a
partition, not into a folder. There are 3 partitions on each of 2 hard drives
for me to choose from. When I choose to save to D E G or H, no problem. When
I chose C Vista produces a message: "You don't have permission to save in
this location. Contact the administrator to obtain permission. Would you like
to save in the Documents folder instead?" -No, I wouldn't; I want Vista to do
what I told it to do! Choice of F produces a different, more concise, but
totally incomprehensible jargon of a message: "A required privilege is not
held by the client". C through H all have their properties set to "Allow:
full control, change, read". I am the sole user of the computer, the
"administrator" - ridiculous word.

Hello,

Notepad has no business running with admin power 99% of the time (where
it doesn't need access to drive C).

So it doesn't get it.

Unfortunately, Windows doesn't differentiate (yet) between "the program
doesn't have access" and "the user doesn't have access".

To run notepad with admin power, you have to right-click it and click
run as administrator.

A less than perfect solution, but it makes your computer much more
secure, really puts you in control of what happens on your computer, and
it makes sense after you learn how it works.
 
C

cquirke (MVP Windows shell/user)

On Fri, 6 Jul 2007 00:32:02 -0700, Marcc
Thanks cquirke for your replay... Hmmm there are times I really HATE web
browser email forms! Looks like my reply to you got lost so I will have to
retype it..

Tell be about it... try creating content on a Wiki that logs you out
if "inactive" for 5 minutes, so that your edits are rejected and lost.

Doesn't always happen; only when you've spent > 5 minitues, and
therefore have more effort to waste.

The key here is that when you edit via IE, you are editing a local
file as managed internally by IE. Unlike Word, IE has no
auto-save/recover facility for such material.

Because your editing is done locally in IE, no keystrokes go to the
site you assumed you were editing on.

When no keystrokes arrive in X minutes, the site reasonably assumes
you closed the page without logging out (a significant and common
security risk) and kicks you off.
IMHO, if you ask me, it seems as if Microsoft has wandered off the edge of
planet Reality on this one and gone down the rabbit hole.

No, they just listen to the loudest voices from those who buy the most
expensive stuff (server OSs etc.) and who speakl their language - the
professional IT system admins from the corporate world.

There may be more of us in consumerland, but there are many reasons MS
may not give us the attention we deserve:
- there's no "voice" that represents us
- what "voices" they are, don't speak the same (tech) language
- we don't spend enough on MS products, comparitively speaking
- our market is mainly fed via OEM, so MS talks to OEMs instead
- no competitive threat (Linux is best suited to server/back-end)
- we don't really matter, i.e. don't create "important" data etc.
- all we need is "ease of use"

So what we get is glossed-over hand-me-downs, i.e. products developed
for the corporate world with some features ripped out and bigger dummy
icons to be "easier to use".

The realities are:
- most consumers are buying replacement, not first, PCs
- our needs are fundamentally different to corporate slaves

I use the word "slave" in the sense of "wage slave". Corporates have
the right to overrule user's control of the PC, but we as "home
consumers" are supposed to be free. We aren't treated as free,
though; all that happens is there's no-one holding the reins that are
welded into the products we use, so they are left up for grabs.

The whole idea of assigning rights according to "who" logged on, is
totally misplaced in our world. Instead, we need limitation of rights
assigned at the level of which program we are using.

There's a slow sense of this clue in the Vista age, what with UAC that
allows users to override what alleged "administrators" are trying to
automate, and IE7's Protected Mode.

Sure, it's ugly, but then again; how elegant were the first horseless
carriages, compared to modern cars? Should we have stayed with horses
forever, even when they don't "work" for city commutes?
Vista Wonderland you are telling me that someone on the Microsoft
design team has come up with this marvelous notion of having folders/short
cuts/"junction points" that don't really connect to anything except for
backwards compatibility sake???

The MS design team's assumptions would be:
- if you don't change default settings, you won't see them
- if you do change default settings, you'll understand what you see

The above is not unreasonable if you think that the defaults are OK.
But once you realise the defaults also limit your ability to assess
risk, and so increase the opportunity for malware to spoof you...

http://cquirke.blogspot.com/2006/10/rungbua-exploits-bad-design.html

....then you're more likely to turn on the ability to see things like
junctions, even though you didn't really want to see them and don't
have the (new) skills needed to understand what you see.
Nor do they inform the user in plain language that clicking on them
won't get you anywhere???

You aren't supposed to see them. If you do see them, there's an arrow
on the icon that differs from the usual "shortcut" arrow. Once you
understand what a junction is, you will know what to expect the next
time you see those sort of arrows :)
Nor why the paradigm we have grown so accustom to has changed???

Frankly, MS's approach to user data has sucked ever since they started
dabbling with it (when MS Office first imposed the "system object that
cannot be changed" My Documents on us in Win9x or earlier.

It sucks slightly less as time goes by, but they are still playing in
a field they should either stay out of, or think through properly AND
provide us with an easier UI to manage properly.

In that sense, the changes in Vista...
- bulky My Pictures/Videos/Music no longer nested in MyDocs
- moving malware-risk downloads out of the MyDocs "data" set
- shallower paths to these data locations
....are worthwhile. What we still need:
- ability to pre-set shell folder paths for new-account prototype
- better UI to relocate these objects
- less bugginess when these objects are relocated
- ability to create arbitrary new shell folder types and behaviors
- safer defaults for hi-risk locations

There's no risk awareness at all, though at least we have IE dumping
downloads in Downloads instead of Documents. We still have IM clients
dumping unsolicited incoming files in Documents, and email attachments
are still hidden in message stores (though in a seprarate file per
message); I'm still waiting for MS to catch up with what I've been
doing since 1995. As others will have other ideas on where things
should go, we really need a more open, flexible system.
Nor why no magical protection/permissions/privilege incantation is
going to work anymore! !!???

You're still missing it; junctions are not inaccessible because they
"don't allow you" to access them, they simply are not capable of doing
what you are trying to do with them.
The whole purpose of GUI is to act as a guide that leads us users
down the path to the realms of solutions where we can find nirvana
and SOLVE our own problems.

See tag.

Some things can't be safely glossed over by an abstraction layer that
ignores differences that matter - such as "open" vs. "run program",
"edit data", "view data", or the differenvce between unique data you
create and off-the-peg (possibly infected) material that you get from
elsewhere, or arrives by unsolicited delivery.

General advice: Learn now, rant later.

IOW, pin down what things are (and maybe why they are so) rather than
immediately ranting about what may be mistaken assumptions on your
part. Yes, it's a problem if you aren't aware your assumptions no
longer fit, but it is a different kind of problem.


------------ ----- --- -- - - - -
Things should be made as simple as possible,
but no simpler - attrib. Albert Einstein
 
J

Jimmy Brush

There may be more of us in consumerland, but there are many reasons MS
may not give us the attention we deserve:
- there's no "voice" that represents us

Hopefully MS listens to our feedback as MVP's and from techbeta to
represent the consumer viewpoint :)... well, I know they listen, but
hopefully they take action based on this info (and I believe they do).

The whole idea of assigning rights according to "who" logged on, is
totally misplaced in our world. Instead, we need limitation of rights
assigned at the level of which program we are using.

AMEN!

Sure, it's ugly, but then again; how elegant were the first horseless
carriages, compared to modern cars?

This is a good analogy; I view UAC in the same sort of way. I certainly
hope Microsoft is thinking this way too.

Frankly, MS's approach to user data has sucked ever since they started
dabbling with it (when MS Office first imposed the "system object that
cannot be changed" My Documents on us in Win9x or earlier.

Agreed. I can't wait for the next generation data abstraction model,
whatever it might be.

I think in combination with a more fully fleshed out UAC, this could get
very interesting (differentiating between files/data created by
applications vs. created by the user [imagine full isolation of files
and settings between applications, while still allowing the user to
access the files and settings that they actually created themselves
between apps], access controls on data per-app instead of just per-user,
knowing which app created every file and registry setting, etc).
 
C

cquirke (MVP Windows shell/user)

cquirke said

Hopefully MS listens to our feedback as MVP's and from techbeta to
represent the consumer viewpoint :)... well, I know they listen, but
hopefully they take action based on this info (and I believe they do).

That's what I see as the best contribution I could make as an MVP, as
we are well positioned to act as "interpreters" for our clients and
the techs who deliver client-orientated (as opposed to
vendor-obligation) service.

It's great making 1000 posts a year for 3 years helping people clean
up Word macro viruses - but imagine if you could have been the missing
voice of sanity that might have meant no version of MS Office ever
automatically ran macros in "data" files?

A large organization uses its people the way a stand-alone consumer
uses their programs.

For example, a bank will have people who do telephones, others with
access to client records, and others who enter the vaults, etc. so any
one of these people can walk up to any PC, login as their known and
pigeon-holed identity, and be able to do (only) what they have to do.

A consumer on a single PC does the same as the bank; they may have a
spreadsheet open with client data in it, take a fax via some
bundleware, play a game while waiting on the phone, catch the latest
gossip and "dancing pigs" via email, etc.

Each of these programs has different things the user expects them to
(not) do, e.g. games have no business scratching in the data set,
screen savers whould not "call home", email "message text" should not
automate the PC etc. In the corporate world, 90% of these apps would
not be there, and the user would be limited to appropriate tasks, so
the problem is less acute than it is in our world.
This is a good analogy; I view UAC in the same sort of way. I certainly
hope Microsoft is thinking this way too.

I hope so too, but who knows? MS is people, with different ideas as
well as "blind spots" common to many of these, and to some extent it
goes about which ideas prevail and get backed.

UAC itself will prolly pass on; it's a bridging stopgap "shim" between
XP's world of "programs rule, OK" to Vista's world where just because
the logged-in user is "admin" doesn't mean every bit of code that runs
gets full admin rights. There are (new) ways to write sware for Vista
that won't throw up UAC prompts, and when these are widespread, we
should see less "noise". A bit like Win32s in the 3.yuk era.
Agreed. I can't wait for the next generation data abstraction model,
whatever it might be.

Oh, I can wait... it's like watching an un-coordinated 8-year-old
flailing around with a chainsaw (nervous laughter) :)
I think in combination with a more fully fleshed out UAC, this could get
very interesting (differentiating between files/data created by
applications vs. created by the user [imagine full isolation of files
and settings between applications, while still allowing the user to
access the files and settings that they actually created themselves
between apps], access controls on data per-app instead of just per-user,
knowing which app created every file and registry setting, etc).

You're talking context propagation, as facilitated (or at least, made
tolerably efficient) by post-FATxx file systems. That's tough, and is
the main reason why I recommend new design approaches as opposed to
expecting these to have been done already.

The problem is, that the internal surfaces between contexts will be
massive in surface area, and (code being code) likely to be porous, so
you can expect "context drift" exploits. We already have this between
user account rights and security zones, as well as raw data-to-code
exploits through buffer flaws etc.

Designing and coding "the system" is only part of it - you have to
also keep it responsive, as yesterday's safe data type could be
today's exploit. The trick is to allow flexibility while preventing
this from being automated, as is the case with malware attacks on the
settings that control Safe Mode, firewall, zones, file associations,
etc. It's also hard to retro-fit a per-program context trail to an OS
that is built on OLE, and its extension to ActiveX.

Step zero is to go back to safety basics, and check every new feature
against these. I don't think the "Gates email" rethink on "security"
got this; the impression I get is that the message was applied mainly
at the trees-and-bark level of coding and sysadmin stuff, without
informing the top level of UI design etc.

Here's some conceptual arithmetic..
(Easy to use safely) - (Easy to use) = (Safety Gap)
1 / (Safety Gap) = (Trustwothiness of Computing)
....oversimplifying "Trusted Computing" to refer to only the middle and
lower levels of the "trust stack", as per...

http://cquirke.blogspot.com/2006/08/trust-stack.html


-------------------- ----- ---- --- -- - - - -
Trsut me, I won't make a mistake!
 
G

Guest

I can sympathise with you here, last update came just as I was switching
down as the local power company was switching off power for maintenance.
So halfway through “do not switch off Microsoft down loading†the power was
cut and in mid update to.
On login I was surprised to see a deactivated user account of mine in place
of what was before switch off an administrator user login.
Now on log in I found either can I create a new admin user as it states
there is already one, but I have lost not just connection logins but also the
files to connect them.
Admin is still well and health on the HD but I cannot get admin back into
login and this user deleted.
Frustrated, to dammed right I’m, like having the right key to your house but
you can not get in unless some one unless lets you in and you are not allowed
to touch or use anything!
Microsoft cocked it up with an unscheduled upgrade as I set them at 4 in the
morning and this was daytime.
So I understand this, mind strangely enough, updates after 6 or more months
of new Windows on market, cause crashes.
Only problem is I like others have been suffering this virus that gets into
the recovery system files, which have to be deleted?
Never been a conspiracy theorist but after having Windows since my first and
it was the first Windows to, the old 3.0, there has been 1 consistency in
Windows systems?
I wish you luck, me?? All I can see is expense of 200 or more DVD’s backing
up and then starting “ALL OVER AGAINâ€, yeh I’m happy about that!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top