In message <
[email protected]> Stephan Rose
If I understand UAC correctly, it nags you *any* file you wanna delete, even
if you own it.
You do not understand correctly.
Under UAC, you run as a user, without the Administrative token being
assigned to anything you do. You can do anything you want, within that
context.
UAC-aware programs (Of which Explorer is one) will detect when an
operation is refused due to permissions, and will offer to elevate. If
you accept, the operation is attempted again, this time with the
Administrative token.
Strictly speaking ownership has nothing to do with it, rather, it's
based on the NTFS permissions (Ownership plays a role, but if the owner
doesn't have a given right but the Administrators group does, UAC will
kick in -- Conversely, even the owner has a right, UAC will never kick
in.
You can test this yourself by giving yourself permissions to a directory
under "Program Files", and by taking away your own permissions (but
leaving full control in the hands of the administrators group) from a
directory on your desktop, then see what operations you can perform in
each group without UAC popping up. Second, see what you can do from
Notepad (where you can and cannot save files, since Notepad is not
UAC-aware and so represents a good backwards-compatibility test)
In all cases above, I am explicitly referring to the "Administrators"
group and not the local "Administrator" account.
Linux will only nag you if you *don't* own the file. Generally speaking,
unless you are working with a multi-user system or are modifying system
files....this doesn't happen.
Right -- Linux apps were built from the beginning to deal with this
model. Many Windows programmers learned in the 9x days when they didn't
have to care and when nothing stopped them from writing whatever they
wanted where ever they wanted.
In the NT world this was always a bad idea, but most users ran with
administrative rights so that they could get their 9x software to work.
This created a vicious circle, since most users were administrators
anyway, a lot of software was still written to run under that
assumption.
UAC is a half-way solution, it runs administrators as normal users, but
attempts to bridge the gap by 1) easily allowing elevation when needed,
and 2) attempting to guess when elevation is needed.
This gives the security benefits of running as a limited user, but with
the convenience of running as a full administrator, with the unfortunate
result being UAC popups.
All that being said, once a computer is configured and you're actually
using it, rather then installing/uninstalling apps or tinkering (and
admittedly I spend a lot of time tinkering), what exactly are you doing
that causes UAC prompts on a regular basis?
And the biggest laugh is that this guy is logged in as administrator and
still being nagged. If I log in as root...I have absolute power over
everything and nothing will nag me.
The same is true in Windows -- Fire up a command prompt as an
administrator (Run as administrator), confirm the UAC elevation request,
and you have unlimited access to do whatever you want, nag free.