Jay said:
No doubt this has been asked/discussed here before.
New to Vista but long time windows user.
UAC. I run Vista business on an admin account. At present I'm
standalone (it's also on a laptop).
UAC pop ups annoy but I seem to remember reading that turning them off
came with a risk. Something about apps not working or windows getting
confused... or something?
I mainly use visual studio, sql and watch movies on it. On or off?
risks?
Thanks
Hello,
Besides disabling many important security features built into Windows,
disabling UAC also poses a risk relating to application compatability.
Important security features:
UAC stops administrative programs from running that you do not start.
With UAC on, no program can run with admin control of your computer
without your permission. Disabling UAC allows any program to use your
administrative power, even if you do not start it.
UAC is also the technology that allows Internet Explorer Protected Mode
to work - turning off UAC gets rid of that.
Application Compatibility:
Many non-administrative programs assume that they will be running with
administrative power, and so they write settings or files to locations
that they are not supposed to write to (such as Program Files).
In Vista under UAC, non-admin programs cannot do this, even if the user
is an administrator, so UAC has to deal somehow with these programs,
since there are a bunch of them that do this.
In order to get these programs to work in Vista, UAC watches for these
common write-to-protected-location scenarios. When it detects a write to
a monitored location that is failing because the program does not have
administrator power, UAC makes a copy of the modified data and saves it
inside of your user profile folder WITHOUT modifying the file/data in
the protected location, while making the program THINK that it was saved
to the protected location.
Whenever a non-compliant program opens a file in a protected location,
UAC first checks to see if there is a "modified" version of that file
inside of your user profile folder, and if so, opens the modified file
instead of the original, without the program realizing it.
This allows the program to function by making it THINK that it is
writing to a protected location, when in reality it is not.
When you disable UAC, this compatability feature of UAC is turned off.
This means that all those hidden copies of modified data are now
invisible to applications, since they will be seeing the original,
unmodified data that exists inside of the real protected folder that
they now have access to.
The consequences of this transition can be quite drastic if you have
many programs on your computer that relied on this compatibility feature
to function, since they will no longer have access to any created or
modified data that they think they have saved to protected locations -
instead, they will only see the original data that was probably put in
place when their application was installed.