I am the administrator but I don't have owner rights! Why?

[Guest]

Unfortunately, the security in Windows Vista is not "automatic"... it
requires third-party programs such as Norton to learn and follow the new
rules (as well as many old rules that they should have been following,
but many weren't).

If you run up against a problem where a program isn't asking you for
your admin power when you try to do something admin-y, this is either a
pre-vista program or the fault of whomever created the software.

While the new security model is pretty reasonable in most places, it
does have its rough edges, and you will mostly encounter these rough
edges while working with files and folders.

If you're the kind of person that doesn't like to save files inside your
user profile folder, or you have a multi-boot computer or use files that
you share between computers, you will probably encounter some issues
that will require modifying the security on the files.

I sincerely hope microsoft does something to make this experience much
less painful in the future.

OK, fair enough. I was thinking though, do the new Vista security settings
have a "program whitelist" functionality, kind of like Windows Firewall
exceptions? Something like the option to "give this program permission
automatically in the future" when propted to give permission to a program.
This doesn't seem to be obviously implemented, if at all.

 

[Jimmy Brush]

OK, fair enough. I was thinking though, do the new Vista security settings
have a "program whitelist" functionality, kind of like Windows Firewall
exceptions? Something like the option to "give this program permission
automatically in the future" when propted to give permission to a program.
This doesn't seem to be obviously implemented, if at all.

No, there is no white list functionality.

UAC does two things:

1- Makes sure that you trust the program that is asking for full control
over your computer

2- Makes sure that you are the one starting that program

That #2 is the most important, and is what prevents a whitelist.

Even if you trust a program, UAC still needs to know that you are the
one starting it in that particular instance, because it cannot (yet)
determine this without asking you via the prompt.

This stops programs that don't prompt from starting a program that you
trust and using it without your knowledge to perform whatever admin
action that it performs, violating the whole point of UAC, which is to
make sure programs that do not prompt cannot perform admin actions, even
by proxy.

As an example, imagine you trust an admin program that you use to wipe
all data off of a hard drive. If that program stops prompting, then any
random program on your computer can start this program and use it to
wipe data off your computer, without you knowing about it. This is
because the OS cannot tell the difference between you starting a program
and a program starting a program, without asking you.

The idea here is for ONLY admin actions to prompt; everything else
should not prompt. There should be no situation where you have to go
through a UAC prompt to do something that does not require admin power.

In this way, the prompt is always guarding an admin action (which needs
the security), is relevent, and would only appear rarely (when you
actual perform an admin action, and not during general use).

However, this is dependent on third-parties to implement, because they
are in control of when their program prompts, not Microsoft.

If a program prompts too broadly (for example, every time the program
runs instead of only when you use the program to do certain admin
actions), it becomes less secure and more annoying to use.

 

[Guest]

Unfortunately, the security in Windows Vista is not "automatic"... it
requires third-party programs such as Norton to learn and follow the new
rules (as well as many old rules that they should have been following,
but many weren't).

If you run up against a problem where a program isn't asking you for
your admin power when you try to do something admin-y, this is either a
pre-vista program or the fault of whomever created the software.

Ok, I get that, but why am I still running into problems with things like
Windows Task Manager?! That's frustrating. Unlike XP, I as an admin do not
have the privileges to log off, say, a guest user via Task Manager, though
the command button still exists. There is no reason for Microsoft's own
software to not integrate with Vista's new security/permission system. Any
suggestions related to, if nothing else, my specific case?

 

[Guest]

No, there is no white list functionality.

UAC does two things:

1- Makes sure that you trust the program that is asking for full control
over your computer

2- Makes sure that you are the one starting that program

That #2 is the most important, and is what prevents a whitelist.

Even if you trust a program, UAC still needs to know that you are the
one starting it in that particular instance, because it cannot (yet)
determine this without asking you via the prompt.

This stops programs that don't prompt from starting a program that you
trust and using it without your knowledge to perform whatever admin
action that it performs, violating the whole point of UAC, which is to
make sure programs that do not prompt cannot perform admin actions, even
by proxy.

As an example, imagine you trust an admin program that you use to wipe
all data off of a hard drive. If that program stops prompting, then any
random program on your computer can start this program and use it to
wipe data off your computer, without you knowing about it. This is
because the OS cannot tell the difference between you starting a program
and a program starting a program, without asking you.

The idea here is for ONLY admin actions to prompt; everything else
should not prompt. There should be no situation where you have to go
through a UAC prompt to do something that does not require admin power.

In this way, the prompt is always guarding an admin action (which needs
the security), is relevent, and would only appear rarely (when you
actual perform an admin action, and not during general use).

However, this is dependent on third-parties to implement, because they
are in control of when their program prompts, not Microsoft.

If a program prompts too broadly (for example, every time the program
runs instead of only when you use the program to do certain admin
actions), it becomes less secure and more annoying to use.

Ok, so I get that; high security, manual permission, third party
integration, etc. and it even makes a little sense after a while. But why in
the world do Microsoft's own programs seem to also have trouble with the new
security. Case and point: Windows Task Manager. Unlike XP, I as an admin
cannot use it to log off, say, a guest user (although the command button to
do so is still there). Instead of asking for permission, it simply tells me I
don't have it and doesn't do anything. Any insight?

 

[Ronnie Vernon MVP]

Jocken

It takes awhile to learn all of the different concepts for the new Vista
security model.

For your current problem, you need to elevate the Task Manager to the
administrator level. One clue that you are not elevated is to look for the
small Red Security Shield icon. When you start the Task Manager, click the
Processes Tab and you will see the icon on the "Show processes from all
users" button. If you click this button, then you will get the UAC elevation
prompt, click Continue and you will then have the admin privileges you need
for all operations with the Task Manager, including logging other users off.

Keep an eye out for this icon if you have similar problems with other
processes.

 

[Jimmy Brush]

Ok, so I get that; high security, manual permission, third party
integration, etc. and it even makes a little sense after a while. But why in
the world do Microsoft's own programs seem to also have trouble with the new
security. Case and point: Windows Task Manager. Unlike XP, I as an admin
cannot use it to log off, say, a guest user (although the command button to
do so is still there). Instead of asking for permission, it simply tells me I
don't have it and doesn't do anything. Any insight?

Task manager is a prime example of a program that doesn't follow the
rules. It should prompt you for permission instead of telling you access
denied.

I reported this as a bug and MS decided not to fix it for Vista.

I imagine they decided they may have done more harm than good if they
fixed it and accidentally released Vista with a bug, than if they did
what they did and released it "as is" in a known working - albeit
confusing - state.

 

[Guest]

A problem that many of us are having is that we are unable to uninstall
certain programs. I myself am running Vista Home Premium and continue to get
the error message "Administrator has not given permission, yadda, yadda..."
when I am trying to uninstall programs. I've gotten this message with
programs that came with my computer (like Microsoft Works) and programs that
I installed myself (like iTunes).

I understand the process of selecting a program to RUN as an administrator,
but I am trying to UNINSTALL and Vista will not let me do it. Any solutions?

 

[Ronnie Vernon MVP]

Hi

Are these programs that were installed on the system prior to the upgrade to
Vista? If so, see the following article for a step by step procedure to
resolve the problem.

You cannot uninstall a program after you upgrade to Windows Vista:
http://support.microsoft.com/kb/927395

 

[Guest]

Hi! Can someone please answer the question? It's just a simple question, but
it seems that no one knows the real answer. The reason I'm asking is that I
have a similar problem. I'm trying to change the read-only properties for a
folder on my Vista Home Basic PC, but I can't. Why? When I'm actually a
member of the administrator group on my PC? If someone can answer this
question, I'd be very glad to hear it. As it is, this forum hasn't been of
much help at all.