ANS: "What's the deal with UAC (Windows Needs Your Permission screens)" and "...But I thought I was

[Marjay]

BTW, if you use gpedit to turn off UAC, doesn't it leave a security
icon in your notification area and bug you about turning it back on
all the time??

 

[Robert Koechl]

Hello,

I don't think one should turn off UAC, on the contrary, I think it
should be left on. What I was referring to was to specifically grant
normal users write access to DVDs - You can do that using the policy
editor - however, as I have never done that I am not sure if this would
solve Adams problem. The real solution to his problem, however, is to
get a new version of the program which works with user rights and
doesn't need admin rights.
Robert

 

[GP]

I'd agree, but I dont care for security and I dont want to see it at all -
after all it's MY computer and no one else is working on it. Yes, I want to
have a firewall to give me security against those bad boys from the www. But
Vista's paranoic way to deal with ANY user - including admins - is
ridiculous! Nag screens everywhere, idiotic and sometimes absolutely wrong
error messages. Switching UAC off will result in warnings which will come up
every now and then. No way to say: I don't want UAC and please, Big Brother,
accept that and don't ask me anymore, just forget it! I'm still at loss to
see my Vista PC from any of the XP PCs at home, there's no way to copy ANY
file from XP to Vista, I managed to get it working from Vista to XP. Copying
a file from another computer in the network to a Vista folder is an
endeavour, deleting or overwriting exe files is most times possible only
with UAC off. It's no wonder that users are going back to XP by the
thousands. No one can understand that an admin + installer with all rights
to the computer and to a certain folder - I can SEE that, Vista shows it! -
gets a blah-window denying the deletion of exactly that folder. Sick. I'll
recommend to all of my customers to stay with XP and not to touch that weird
piece of ... Richard

 

[Lew]

Ihave severial folder set-up as shared and co-owner and I can swap files all
day long

 

[Guest]

--
bettyboopsblue

Hello,

I've noticed that a lot of the questions in these newsgroups are either
directly or indirectly related to UAC (User Account Control). In this post,
I will go over what UAC does, how it works, the reasoning behind it, how to
use your computer with UAC on, why you shouldn't turn UAC off, and answer
some common questions and respond to common complaints about it.


* What is UAC and what does it do?

UAC mode (also known as Admin Approval Mode) is a mode of operation that
(primarily) affects the way administrator accounts work.

When UAC is turned on (which it is by default), you must explicitly give
permission to any program that wants to use "administrator" powers. Any
program that tries to use admin powers without your permission will be
denied access.


* How does UAC work

When UAC mode is enabled, every program that you run will be given only
"standard user" access to the system, even when you are logged in as an
administrator. There are only 2 ways that a program can be "elevated" to get
full admin access to the system:

- If it automatically asks you for permission when it starts up, and you
click Continue
- If you start the program with permission by right-clicking it, then
clicking Run As Administrator

A program either starts with STANDARD rights or, if you give permission,
ADMINISTRATOR rights, and once the program is running it cannot change from
one to the other.

If a program that you have already started with admin powers starts another
program, that program will automatically be given admin powers without
needing your permission. For example, if you start Windows Explorer as
administrator, and then double-click on a text file, notepad will open and
display the contents of the text file. Since notepad was opened from the
admin explorer window, notepad WILL ALSO automatically run WITH admin
powers, and will not ask for permission.


* What's the point of UAC?

UAC is designed to put control of your computer back into your hands,
instead of at the mercy of the programs running on your computer.

When logged in as an administrator in Windows XP, any program that could
somehow get itself started could take control of the entire computer without
you even knowing about it.

With UAC turned on, you must know about and authorize a program in order for
it to gain admin access to the system, REGARDLESS of how the program got
there or how it is started.

This is important to all levels of users - from home users to enterprise
administrators. Being alerted when any program tries to use admin powers and
being able to unilaterally disallow a program from having such power is a
VERY powerful ability. No longer is the security of the system tantamount to
"crossing one's fingers and hoping for the best" - YOU now control your
system.


* How do I effectively use my computer with UAC turned on?

It's easy. Just keep in mind that programs don't have admin access to your
computer unless you give them permission. Microsoft programs that come with
Windows Vista that need admin access will always ask for admin permissions
when you start them. However, most other programs will not.

This will change after Windows Vista is released - all Windows Vista-era
programs that need admin power will always ask you for it. Until then, you
will need to run programs that need administrative powers that were not
designed for Windows Vista "as administrator".

Command-line programs do not automatically ask for permission. Not even the
built-in ones. You will need to run the command prompt "as administrator" in
order to run administrative command-line utilities.

Working with files and folders from Windows Explorer can be a real pain when
you are not working with your own files. When you are needing to work with
system files, files that you didn't create, or files from another operating
system, run Windows Explorer "as administrator". In the same vein, ANY
program that you run that needs access to system files or files that you
didn't create will need to be ran "as administrator".

If you are going to be working with the control panel for a long time,
running control.exe "as administrator" will make things less painful - you
will only be asked for permission once, instead of every time you try to
change a system-wide setting.

In short:

- Run command prompt as admin when you need to run admin utilities
- Run setup programs as admin
- Run programs not designed for Vista as admin if (and only if) they need
admin access
- Run Windows Explorer as admin when you need access to files that aren't
yours or system files
- Run programs that need access to files that aren't yours or system files
as admin
- Run control.exe as admin when changing many settings in the control panel


* UAC is annoying, I want to turn it off

Having to go through an extra step (clicking Continue) when opening
administrative programs is annoying. And it is also very frustrating to run
a program that needs admin power but doesn't automatically ask you for it
(you have to right-click these programs and click Run As Administrator for
them to run correctly).

But, keep in mind that these small inconveniences are insignificant when
weighed against the benefit: NO PROGRAM can get full access to your system
without you being informed. The first time the permission dialog pops up and
it is from some program that you know nothing about or that you do not want
to have access to your system, you will be very glad that the Cancel button
was available to you.


* Answers to common questions and responses to common criticism

Q: I have anti-virus, a firewall, a spyware-detector, or something similar.
Why do I need UAC?

A: Detectors can only see known threats. And of all the known threats in
existence, they only detect the most common of those threats. With UAC
turned on, *you* control what programs have access to your computer - you
can stop ALL threats. Detectors are nice, but they're not enough. How many
people do you know that have detectors of all kinds and yet are still
infested with programs that they don't want on their computer? Everyone that
I have ever helped falls into this category.


Q: Does UAC replace anti-virus, a firewall, a spyware-detector, or similar
programs?

A: No. Microsoft recommends that you use a virus scanner and/or other types
of security software. These types of programs compliment UAC: They will get
rid of known threats for you. UAC will allow you to stop unknown threats, as
well as prevent any program that you do not trust from gaining access to
your computer.


Q: I am a system administrator - I have no use for UAC.

A: Really? You don't NEED to know when a program on your computer runs with
admin powers? You are a system administrator and you really could care less
when a program runs that has full control of your system, and possibly your
entire domain? You're joking, right?


Q: UAC keeps me from accessing files and folders

A: No, it doesn't - UAC protects you from programs that would try to delete
or modify system files and folders without your knowledge. If you want a
program to have full access to the files on your computer, you will need to
run it as admin. Or as an alternative, if possible, put the files it needs
access to in a place that all programs have access to - such as your
documents folder, or any folder under your user folder.


Q: UAC stops programs from working correctly

A: If a program needs admin power and it doesn't ask you for permission when
it starts, you have to give it admin powers by right-clicking it and
clicking Run As Administrator. Programs should work like they did in XP when
you use Run As Administrator. If they don't, then this is a bug.


Q: UAC keeps me from doing things that I could do in XP

A: This is not the case. Just remember that programs that do not ask for
permission when they start do not get admin access to your computer. If you
are using a tool that needs admin access, right-click it and click Run As
Administrator. It should work exactly as it did in XP. If it does not, then
this is a bug.


Q: UAC is Microsoft's way of controlling my computer and preventing me from
using it!

A: This is 100% UNTRUE. UAC puts control of your computer IN YOUR HANDS by
allowing you to prevent unwanted programs from accessing your computer.
*Everything* that you can do with UAC turned off, you can do with it turned
on. If this is not the case, then that is a bug.


Q: I don't need Windows to hold my freaking hand! I *know* what I've got on
my computer, and I *know* when programs run! I am logged on as an
ADMINISTRATOR for a dang reason!

A: I accept the way that you think, and can see the logic, but I don't agree
with this idea. UAC is putting POWER in your hands by letting you CONTROL
what runs on your system. But you want to give up this control and allow all
programs to run willy-nilly. Look, if you want to do this go right ahead,
you can turn UAC off and things will return to how they worked in XP. But,
don't be surprised when either 1) You run something by mistake that messes
up your computer and/or domain, or 2) A program somehow gets on your
computer that you know nothing about that takes over your computer and/or
domain, and UAC would have allowed you to have stopped it.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[Guest]

I HAVEN'Tdone one thing to my program just installed it and here I am
listening to you.I have been access denied and parameter wrong so many times
today ,last night and yesterday.Everyone thinks they can help and I have
tried everyones suggestions to NO avail.So YOU tell me when you can't change
from one person back into the administrator because it only exists inside the
UAC and there are guards standing at the gates with shields in their hands
blocking my way WHAT THE HECK SHOULD I THINK OF THE UAC? I need entry to the
UAC and the parameters may change.I'd rather have my 95 or ME back.vista
ultimate SUCKS THE BIG ONE.

 

[Spirit]

When you install a program RIGHT CLICK on its installer file and
select RUN AS ADMIN.

http://www.tweak-uac.com/
UAC explained and a little utility to help control it.

The rest are good information sources.

http://www.petri.co.il/disable_uac_in_windows_vista.htm

http://technet.microsoft.com/en-us/windowsvista/aa906022.aspx

http://windowshelp.microsoft.com/windows/en-us/help/f941cb45-b2cd-4b39-ab87-cb9ea959f44e1033.mspx

http://technet.microsoft.com/en-us/windowsvista/aa905108.aspx

http://technet2.microsoft.com/Windo...8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true

http://www.microsoft.com/technet/technetmag/issues/2007/06/UAC/default.aspx
Extremely detailed

 

[Guest]

I understand the basic principle of not wanting programs to run unchecked.
My problem is that I cannot even download certain programs, let alone
install and then run them.
I have a Cruzer thumb drive that prompted me that a Vista update was
availabel, but when I clicked on the install link, I got a download dialogue
box stating that it appears that I do not have administrative rights, so I
could not even download the update. This is very frustrating.
How does this get bypassed in Vista Home Premium ?
I was also not allowed to add a network printer.
Is there a better way ? I am the sole user of my personal laptop and Vista
came preloaded.
Thanks,
Julian

 

[AJR]

Whew! Lots of UAC info, however one very UAC function has not been addressed
(unless I missed some info). UAC works hand -in-hand with IE 7 to provided
IEs "protected mode" (only in Vista).

"Protected mode" assures that any downloads from the Internet are routed to
the temp offline, or other temp, folder. If it is an application it verifies
whether or not the download will ascces protected system files such as the
Registry. If so UAC creates "virtual" system file/Registry locations to
which it directs the download action - once UAC verifies tht the download is
OK - it will permit it to access sysem files.

 

[johns]

Hello,

I've noticed that a lot of the questions in these newsgroups are either
directly or indirectly related to UAC (User Account Control). In this post,
I will go over what UAC does, how it works, the reasoning behind it, how to
use your computer with UAC on, why you shouldn't turn UAC off, and answer
some common questions and respond to common complaints about it.


* What is UAC and what does it do?

UAC mode (also known as Admin Approval Mode) is a mode of operation that
(primarily) affects the way administrator accounts work.

When UAC is turned on (which it is by default), you must explicitly give
permission to any program that wants to use "administrator" powers. Any
program that tries to use admin powers without your permission will be
denied access.


* How does UAC work

When UAC mode is enabled, every program that you run will be given only
"standard user" access to the system, even when you are logged in as an
administrator. There are only 2 ways that a program can be "elevated" to get
full admin access to the system:

- If it automatically asks you for permission when it starts up, and you
click Continue
- If you start the program with permission by right-clicking it, then
clicking Run As Administrator

A program either starts with STANDARD rights or, if you give permission,
ADMINISTRATOR rights, and once the program is running it cannot change from
one to the other.

If a program that you have already started with admin powers starts another
program, that program will automatically be given admin powers without
needing your permission. For example, if you start Windows Explorer as
administrator, and then double-click on a text file, notepad will open and
display the contents of the text file. Since notepad was opened from the
admin explorer window, notepad WILL ALSO automatically run WITH admin
powers, and will not ask for permission.


* What's the point of UAC?

UAC is designed to put control of your computer back into your hands,
instead of at the mercy of the programs running on your computer.

When logged in as an administrator in Windows XP, any program that could
somehow get itself started could take control of the entire computer without
you even knowing about it.

With UAC turned on, you must know about and authorize a program in order for
it to gain admin access to the system, REGARDLESS of how the program got
there or how it is started.

This is important to all levels of users - from home users to enterprise
administrators. Being alerted when any program tries to use admin powers and
being able to unilaterally disallow a program from having such power is a
VERY powerful ability. No longer is the security of the system tantamount to
"crossing one's fingers and hoping for the best" - YOU now control your
system.


* How do I effectively use my computer with UAC turned on?

It's easy. Just keep in mind that programs don't have admin access to your
computer unless you give them permission. Microsoft programs that come with
Windows Vista that need admin access will always ask for admin permissions
when you start them. However, most other programs will not.

This will change after Windows Vista is released - all Windows Vista-era
programs that need admin power will always ask you for it. Until then, you
will need to run programs that need administrative powers that were not
designed for Windows Vista "as administrator".

Command-line programs do not automatically ask for permission. Not even the
built-in ones. You will need to run the command prompt "as administrator" in
order to run administrative command-line utilities.

Working with files and folders from Windows Explorer can be a real pain when
you are not working with your own files. When you are needing to work with
system files, files that you didn't create, or files from another operating
system, run Windows Explorer "as administrator". In the same vein, ANY
program that you run that needs access to system files or files that you
didn't create will need to be ran "as administrator".

If you are going to be working with the control panel for a long time,
running control.exe "as administrator" will make things less painful - you
will only be asked for permission once, instead of every time you try to
change a system-wide setting.

In short:

- Run command prompt as admin when you need to run admin utilities
- Run setup programs as admin
- Run programs not designed for Vista as admin if (and only if) they need
admin access
- Run Windows Explorer as admin when you need access to files that aren't
yours or system files
- Run programs that need access to files that aren't yours or system files
as admin
- Run control.exe as admin when changing many settings in the control panel


* UAC is annoying, I want to turn it off

Having to go through an extra step (clicking Continue) when opening
administrative programs is annoying. And it is also very frustrating to run
a program that needs admin power but doesn't automatically ask you for it
(you have to right-click these programs and click Run As Administrator for
them to run correctly).

But, keep in mind that these small inconveniences are insignificant when
weighed against the benefit: NO PROGRAM can get full access to your system
without you being informed. The first time the permission dialog pops up and
it is from some program that you know nothing about or that you do not want
to have access to your system, you will be very glad that the Cancel button
was available to you.


* Answers to common questions and responses to common criticism

Q: I have anti-virus, a firewall, a spyware-detector, or something similar.
Why do I need UAC?

A: Detectors can only see known threats. And of all the known threats in
existence, they only detect the most common of those threats. With UAC
turned on, *you* control what programs have access to your computer - you
can stop ALL threats. Detectors are nice, but they're not enough. How many
people do you know that have detectors of all kinds and yet are still
infested with programs that they don't want on their computer? Everyone that
I have ever helped falls into this category.


Q: Does UAC replace anti-virus, a firewall, a spyware-detector, or similar
programs?

A: No. Microsoft recommends that you use a virus scanner and/or other types
of security software. These types of programs compliment UAC: They will get
rid of known threats for you. UAC will allow you to stop unknown threats, as
well as prevent any program that you do not trust from gaining access to
your computer.


Q: I am a system administrator - I have no use for UAC.

A: Really? You don't NEED to know when a program on your computer runs with
admin powers? You are a system administrator and you really could care less
when a program runs that has full control of your system, and possibly your
entire domain? You're joking, right?


Q: UAC keeps me from accessing files and folders

A: No, it doesn't - UAC protects you from programs that would try to delete
or modify system files and folders without your knowledge. If you want a
program to have full access to the files on your computer, you will need to
run it as admin. Or as an alternative, if possible, put the files it needs
access to in a place that all programs have access to - such as your
documents folder, or any folder under your user folder.


Q: UAC stops programs from working correctly

A: If a program needs admin power and it doesn't ask you for permission when
it starts, you have to give it admin powers by right-clicking it and
clicking Run As Administrator. Programs should work like they did in XP when
you use Run As Administrator. If they don't, then this is a bug.


Q: UAC keeps me from doing things that I could do in XP

A: This is not the case. Just remember that programs that do not ask for
permission when they start do not get admin access to your computer. If you
are using a tool that needs admin access, right-click it and click Run As
Administrator. It should work exactly as it did in XP. If it does not, then
this is a bug.


Q: UAC is Microsoft's way of controlling my computer and preventing me from
using it!

A: This is 100% UNTRUE. UAC puts control of your computer IN YOUR HANDS by
allowing you to prevent unwanted programs from accessing your computer.
*Everything* that you can do with UAC turned off, you can do with it turned
on. If this is not the case, then that is a bug.


Q: I don't need Windows to hold my freaking hand! I *know* what I've got on
my computer, and I *know* when programs run! I am logged on as an
ADMINISTRATOR for a dang reason!

A: I accept the way that you think, and can see the logic, but I don't agree
with this idea. UAC is putting POWER in your hands by letting you CONTROL
what runs on your system. But you want to give up this control and allow all
programs to run willy-nilly. Look, if you want to do this go right ahead,
you can turn UAC off and things will return to how they worked in XP. But,
don't be surprised when either 1) You run something by mistake that messes
up your computer and/or domain, or 2) A program somehow gets on your
computer that you know nothing about that takes over your computer and/or
domain, and UAC would have allowed you to have stopped it.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/

 

[johns]

Hello,

I've noticed that a lot of the questions in these newsgroups are either
directly or indirectly related to UAC (User Account Control). In this post,
I will go over what UAC does, how it works, the reasoning behind it, how to
use your computer with UAC on, why you shouldn't turn UAC off, and answer
some common questions and respond to common complaints about it.


* What is UAC and what does it do?

UAC mode (also known as Admin Approval Mode) is a mode of operation that
(primarily) affects the way administrator accounts work.

When UAC is turned on (which it is by default), you must explicitly give
permission to any program that wants to use "administrator" powers. Any
program that tries to use admin powers without your permission will be
denied access.


* How does UAC work

When UAC mode is enabled, every program that you run will be given only
"standard user" access to the system, even when you are logged in as an
administrator. There are only 2 ways that a program can be "elevated" to get
full admin access to the system:

- If it automatically asks you for permission when it starts up, and you
click Continue
- If you start the program with permission by right-clicking it, then
clicking Run As Administrator

A program either starts with STANDARD rights or, if you give permission,
ADMINISTRATOR rights, and once the program is running it cannot change from
one to the other.

If a program that you have already started with admin powers starts another
program, that program will automatically be given admin powers without
needing your permission. For example, if you start Windows Explorer as
administrator, and then double-click on a text file, notepad will open and
display the contents of the text file. Since notepad was opened from the
admin explorer window, notepad WILL ALSO automatically run WITH admin
powers, and will not ask for permission.


* What's the point of UAC?

UAC is designed to put control of your computer back into your hands,
instead of at the mercy of the programs running on your computer.

When logged in as an administrator in Windows XP, any program that could
somehow get itself started could take control of the entire computer without
you even knowing about it.

With UAC turned on, you must know about and authorize a program in order for
it to gain admin access to the system, REGARDLESS of how the program got
there or how it is started.

This is important to all levels of users - from home users to enterprise
administrators. Being alerted when any program tries to use admin powers and
being able to unilaterally disallow a program from having such power is a
VERY powerful ability. No longer is the security of the system tantamount to
"crossing one's fingers and hoping for the best" - YOU now control your
system.


* How do I effectively use my computer with UAC turned on?

It's easy. Just keep in mind that programs don't have admin access to your
computer unless you give them permission. Microsoft programs that come with
Windows Vista that need admin access will always ask for admin permissions
when you start them. However, most other programs will not.

This will change after Windows Vista is released - all Windows Vista-era
programs that need admin power will always ask you for it. Until then, you
will need to run programs that need administrative powers that were not
designed for Windows Vista "as administrator".

Command-line programs do not automatically ask for permission. Not even the
built-in ones. You will need to run the command prompt "as administrator" in
order to run administrative command-line utilities.

Working with files and folders from Windows Explorer can be a real pain when
you are not working with your own files. When you are needing to work with
system files, files that you didn't create, or files from another operating
system, run Windows Explorer "as administrator". In the same vein, ANY
program that you run that needs access to system files or files that you
didn't create will need to be ran "as administrator".

If you are going to be working with the control panel for a long time,
running control.exe "as administrator" will make things less painful - you
will only be asked for permission once, instead of every time you try to
change a system-wide setting.

In short:

- Run command prompt as admin when you need to run admin utilities
- Run setup programs as admin
- Run programs not designed for Vista as admin if (and only if) they need
admin access
- Run Windows Explorer as admin when you need access to files that aren't
yours or system files
- Run programs that need access to files that aren't yours or system files
as admin
- Run control.exe as admin when changing many settings in the control panel


* UAC is annoying, I want to turn it off

Having to go through an extra step (clicking Continue) when opening
administrative programs is annoying. And it is also very frustrating to run
a program that needs admin power but doesn't automatically ask you for it
(you have to right-click these programs and click Run As Administrator for
them to run correctly).

But, keep in mind that these small inconveniences are insignificant when
weighed against the benefit: NO PROGRAM can get full access to your system
without you being informed. The first time the permission dialog pops up and
it is from some program that you know nothing about or that you do not want
to have access to your system, you will be very glad that the Cancel button
was available to you.


* Answers to common questions and responses to common criticism

Q: I have anti-virus, a firewall, a spyware-detector, or something similar.
Why do I need UAC?

A: Detectors can only see known threats. And of all the known threats in
existence, they only detect the most common of those threats. With UAC
turned on, *you* control what programs have access to your computer - you
can stop ALL threats. Detectors are nice, but they're not enough. How many
people do you know that have detectors of all kinds and yet are still
infested with programs that they don't want on their computer? Everyone that
I have ever helped falls into this category.


Q: Does UAC replace anti-virus, a firewall, a spyware-detector, or similar
programs?

A: No. Microsoft recommends that you use a virus scanner and/or other types
of security software. These types of programs compliment UAC: They will get
rid of known threats for you. UAC will allow you to stop unknown threats, as
well as prevent any program that you do not trust from gaining access to
your computer.


Q: I am a system administrator - I have no use for UAC.

A: Really? You don't NEED to know when a program on your computer runs with
admin powers? You are a system administrator and you really could care less
when a program runs that has full control of your system, and possibly your
entire domain? You're joking, right?


Q: UAC keeps me from accessing files and folders

A: No, it doesn't - UAC protects you from programs that would try to delete
or modify system files and folders without your knowledge. If you want a
program to have full access to the files on your computer, you will need to
run it as admin. Or as an alternative, if possible, put the files it needs
access to in a place that all programs have access to - such as your
documents folder, or any folder under your user folder.


Q: UAC stops programs from working correctly

A: If a program needs admin power and it doesn't ask you for permission when
it starts, you have to give it admin powers by right-clicking it and
clicking Run As Administrator. Programs should work like they did in XP when
you use Run As Administrator. If they don't, then this is a bug.


Q: UAC keeps me from doing things that I could do in XP

A: This is not the case. Just remember that programs that do not ask for
permission when they start do not get admin access to your computer. If you
are using a tool that needs admin access, right-click it and click Run As
Administrator. It should work exactly as it did in XP. If it does not, then
this is a bug.


Q: UAC is Microsoft's way of controlling my computer and preventing me from
using it!

A: This is 100% UNTRUE. UAC puts control of your computer IN YOUR HANDS by
allowing you to prevent unwanted programs from accessing your computer.
*Everything* that you can do with UAC turned off, you can do with it turned
on. If this is not the case, then that is a bug.


Q: I don't need Windows to hold my freaking hand! I *know* what I've got on
my computer, and I *know* when programs run! I am logged on as an
ADMINISTRATOR for a dang reason!

A: I accept the way that you think, and can see the logic, but I don't agree
with this idea. UAC is putting POWER in your hands by letting you CONTROL
what runs on your system. But you want to give up this control and allow all
programs to run willy-nilly. Look, if you want to do this go right ahead,
you can turn UAC off and things will return to how they worked in XP. But,
don't be surprised when either 1) You run something by mistake that messes
up your computer and/or domain, or 2) A program somehow gets on your
computer that you know nothing about that takes over your computer and/or
domain, and UAC would have allowed you to have stopped it.


- JB

Vista Support FAQ
http://www.jimmah.com/vista/
ok i understand the benifit to uac but you should have made it so when it

gets permission for a program that you have installed it stops asking every
time you boot up that is why i will stop using it i dont think it built
right yet still needs some work

 

[Ronnie Vernon MVP]

gets permission for a program that you have installed it stops asking
every
time you boot up that is why i will stop using it i dont think it built
right yet still needs some work

This is a misconception that many people have.

When a program asks for your permission to run with a UAC prompt, this means
that program is asking for complete and unrestricted access to every part of
your computer. This keeps you in control of what is happening on your
machine.

If you were able to allow access for this program to run, without notifying
you, it would be very easy for a separate, malicious program to gain access
to your computer by 'piggybacking' on this programs unrestricted access.

At this point, it would no longer be 'your' computer.

 

[Michael Jennings]

This is a misconception that many people have.

When a program asks for your permission to run with a UAC prompt, this means
that program is asking for complete and unrestricted access to every part of
your computer. This keeps you in control of what is happening on your machine.

If you were able to allow access for this program to run, without notifying
you, it would be very easy for a separate, malicious program to gain access to
your computer by 'piggybacking' on this programs unrestricted access.

At this point, it would no longer be 'your' computer.

If another application launches the trusted application, Ronnie, the user can
be notified that this is the case. The hijack can then be allowed or denied by
the user. Further, if the CRC of the trusted application changes, the user can
be notified that's so, and if there is no reason it should have changed it can
be
forbidden to run by the user. Maybe this is rocket science, but if Sygate could
accomplish it with their firewall, then I suppose Microsoft could accomplish it
with their UAC. It was simpler to put more of a burden on the user - showing
a lack of consideration for the user meant less coding effort. They chose.

 

[Mark]

The misconception is that this method works.

1. The user is frustrated with this method, because:
a. Doesn't understand why three prompts must be answered to delete a
file in the Programs(x86) folder.
b. No useful information is provided in any of the prompts as to what is
really being done that requires permission.
e.g. "A change to the Programs(x86) folder has been initiated by
program xxx."
"Program xxx is attempting to create a directory under
C:\Users\UserName."

Instead we get something like, "Administrator priveledges are
required for this function. Do you wish to continue?"
What function?

2. End result:
a. "Of course I want to Continue." Click

3. All that MS has done is protect themselves by giving themselves the
ability to state, "You were warned by a prompt that 'something' was
happening and you clicked 'continue.' It's not our fault."

I've stated this before:
Put UAC on your car's ignition switch.
When you select Start, you get a prompt on the Speedometer glass,
"Owner's permission required to continue. Do you wish to continue?"
And you can feel safe that your car can never be used without your
permission by those nefarious individuals out there.

 

[Ronnie Vernon MVP]

Mark

If you are seeing more than 1 prompt for an action, these are not all coming
from UAC. You are probably seeing an 'access denied' prompt first which is
comes from the 'Shell' because of the permissions that are set on the
destination folder/file.

You can click the Details button on the UAC prompt that shows the action is
being initiated.

You can also bypass the UAC prompt, depending on your use of the program. If
this is an application that you are using constantly, you can create a
Scheduled Task to start the program. Set it to start with certain triggers,
such as at boot time or...., and set it to run with highest privileges.

Your example of starting the car is a good one, but you forget that you have
already proven ownership and given permission when you insert the proper
key. This would only be a good example if every car was equipped with a
toggle switch instead of a unique key.

 

[Mark]

My car analogy was indicating a thief would bypass the ignition and still
get the prompt where they simply click Continue.

The other details are excellent information, but my point was regarding the
"typical frustrated user."

 

[Steve Thackery]

I can't see what all the fuss is about with UAC. I've been running Vista
for almost a year, and I rarely get a UAC prompt. Admittedly they were more
common during the first couple of weeks, when I was installing all my
software and setting everything up as I want it. Since then it has really
been a non-issue.

Tell you what helps: make your account an Administrator (don't worry, it
still runs as a normal user), and set up UAC so you don't have to enter your
password.

That way you just need a single click to dismiss the UAC prompt, and -
provided you are the sole user of your PC - there is no loss of security.

Personally I'm quite glad when Windows warns me that something with security
implications is about to happen.

So:

1/ UAC prompts warn you of possible security risks, so are A GOOD THING

2/ They occur quite rarely, and just need a simple mouse click to dismiss

So what on earth is all the fuss and moaning about?

SteveT

 

[Mark]

PS.
Why would the default permissions be set to prevent administrator use?
It may not be UAC, but it is about as useful and the "regular frustrated
Joe" ain't going to figure it out.
Click... click... click... infected.

 

[Jimmy Brush]

Windows can't tell with any accuracy "if another application" is launching
the application. That's why all the separation between admin vs. non-admin
is necessary (UIPI, integrity levels, etc). Things that are running on a
user's desktop can interact and intermingle to such a point that it isn't
really possible to say "i know that process A, uninfluenced by any other
process, is launching this trusted app at the user's request". That's why
UAC is necessary, and why it is so important not to allow exceptions.

 

[Jimmy Brush]

Hello,

I would agree that UAC is frustrating (in some circumstances more than
others), and your analogy is correct in the context of living, breathing
users. Whoever is operating the computer while logged in is in control.

Instead, UAC is there to protect users from programs ... it's there to
insure that the programs that are requesting admin power from the user are
doing so at the request of the user.