POLL: LUA-compatible Vista enthusiasts? :-)

[Alexander Suhovey]

Just wonder what is everybody's take on principle of least privilege in case
of Vista.


Please answer to following:
===========================
I run Vista as:

1. Standard with UAC on.
2. Admin with UAC on.
3. Admin in UAC off.
===========================

"Standard with UAC off" does not make any sense to me so it is not in the
list but you're free to add your variants.

Additional questions:
- Is it easer to run under standard user in Vista than in XP?
- Do you actually run as standard user(aka LUA - Limited User Account) in
your day-to day operations?
- How do you suggest other to run Vista and why?


I'll go first with answer that I'm running as standard user with UAC on (1).
UAC allows me to elevate in quite convenient way and I don't mind entering
admin password from time to time to perform admin tasks.

 

[Richard Urban]

I don't do polls.

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Alexander Suhovey]

I don't do polls.

OK no problem, how about opinion on the topic then? Do you have one?

 

[Jimmy Brush]

I run Vista as:

2. Admin with UAC on.

- Is it easer to run under standard user in Vista than in XP?

Heck yes!

- Do you actually run as standard user(aka LUA - Limited User Account) in
your day-to day operations?

No - I run as an administrator with UAC enabled. I get the best of both
worlds - I am technically running as a limited user account, but I can
easily run a program with admin permissions. And I have the added benefit of
the elevated programs actually running under my user profile - when runing
as a true standard user, the programs running as admin run under the admin's
user profile, which can cause confusion in certain scenarios.

- How do you suggest other to run Vista and why?

My suggestion is to leave UAC on. How they choose to run, as either a
standard or admin user, I think is mostly user preference.

As a standard user you get less automatic elevation prompts, when you
elevate a program it runs from the context of the admin user instead of your
user account, and you have to type in a password every time to elevate. This
is the ideal situation for some users.

As an admin user, you get more automatic elevation prompts, all programs run
from your user profile, and you don't have to type in a password every time
(altho you can reconfigure to force you to do this). This is the ideal
situation for me

 

[Richard Urban]

My answer.

Why use Vista if you are not going to operate under the full security model?
That is the main draw of Vista. It is safer and more secure than previous
operating systems.

But of course, this can also be read on thousands of web pages that are
controlled by the likes of cnet, zdnet, pcmag, pcworld etc. Just type
"Vista review" in Google and read away to your hearts content.

That's why I don't do polls. We have already been polled to death.

--

Regards,

Richard Urban
Microsoft MVP Windows Shell/User
(For email, remove the obvious from my address)

Quote from George Ankner:
If you knew as much as you think you know,
You would realize that you don't know what you thought you knew!

 

[Gary Mount]

I didn't even know there was a standard account until I just now read your
post. I have always been running as administrator.
UAC on.
In Windows XP, I have always run with administrator privileges.

 

[Gary Mount]

I use Visual Studio 2005, this information popped up.

"Some Visual Studio 2005 tasks require administrative privileges on windows
Vista
Using Visual Studio 2005 with standard user privileges on windows vista is
not supported,
and some tasks may not function correctly."

I have the SP1 beta for Visual Studio 2005 installed.

So, one good reason I don't run as standard user.

 

[Jon Davis]

Being as I am a developer, I never use Standard accounts, unless I am
specifically going through a test phase of the installability and stability
of an end user app under a real-world (enterprise desktop or consumer PC)
security environment.

UAC (a.k.a. Linux "sudo", I presume, as I'm still getting used to all this
Vista nomenclature?) makes sense and I don't mind it being left on. It's
appropriate for some tasks but IMO a better design would be for the OS to
try to determine that the interactive user directly initiated the
admin-level access (perhaps something like how IE detects that you clicked
on a download link directly rather than javascript firing
window.location.href="..", and handles the different scenarios
appropriately) and if so, should try to cache the authorization for a
specified amount of time (fifteen minutes). This way, an admin can start
setting up a machine and won't get bombarded with authorization requests
once for every little tweak, but also won't have to go and turn off UAC.

The danger of turning off UAC is forgetting to turn it back on, so that's
why the current design really does not suffice.

Jon

 

[PowerUser]

I use Vista as an Admin with UAC off. I don't use AV software either. I
haven't done that for years- And the only viruses I've got have been
intentionally run by me . I do use a firewall though.