Putting limits on users' privileges... Windows UAC

JMH

Banned
Local time
4:33 PM
Messages
6,448
"Least privilege" is the No. 1 IT security mantra. It means, "Don't grant users permissions or privileges beyond the bare minimum they need to perform their assigned duties." Unfortunately, adhering to this mantra always has been easier said than done. Both Microsoft and third-party software vendors have attempted to ease the task, with some (but not complete) success.

For two decades in the Windows world, application developers were accustomed to users always being logged on as full-time administrators. Removing regular users from the built-in Administrators group proves among the most difficult tasks a security administrator can perform. Well, it's easy to do -- just remove the user from the Administrators group -- but the fallout from the operational aftermath has often forced well-meaning administrators to reverse course or to delay least-privilege implementations.

Microsoft upped the ante starting with Vista by implementing a least-privilege default process called User Account Control (UAC). When UAC is enabled and a user from one of 17 pre-defined elevated groups (such as Administrators, Domain Admins, Enterprise Admins), or one who has been assigned an elevated privilege (act as the operating system) logs on, Windows splits his or her single logon access token into two tokens: one standard and one elevated. By the default, the elevated user runs with the standard token most of the time, such as answering email and surfing the Web, and must be prompted to approve actions requiring the use of the elevated token. Although Microsoft (my full-time employer) would prefer that standard users never log on as elevated users while performing non-elevated tasks, UAC is seen as necessary evil.

More...
Putting limits on users' privileges | Security Central - InfoWorld
 

My Computer My Computer

At a glance

Win 7 Ultimate 64-bit. SP1.Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6...8 DDR 3 RAM. 1066MHZATI 1024 MB. DDR3. Radeon HD5650
Computer Manufacturer/Model Number
LAPTOP. HP Pavilion dv7-4010TX .
OS
Win 7 Ultimate 64-bit. SP1.
CPU
Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
Memory
8 DDR 3 RAM. 1066MHZ
Graphics Card(s)
ATI 1024 MB. DDR3. Radeon HD5650
Monitor(s) Displays
17.3" High Definition Brightview LCD. LED Backlit.
Screen Resolution
1600 x 900.
Hard Drives
640GB
Case
Laptop / notebook.
Mouse
Logitech Anywhere mouse. MX.
Internet Speed
ADSL [ but too slow ]
Good Read,

The UAC is a necessary "evil" thats not so evil if one, Your running Se7en as it has many less UAC requests than its predecessor, Vista. Two, there's a neat little trick you can use on Programs and System Tasks that when normally asked for your approval from the UAC, is not needed. Found it on the web some time ago and use it for programs I trust that normally require UAC approval, and now don't. You set it up in all places, the "Task Scheduler".

See this tutorial made by Brink.

All-in-all, you have to agree that MS trying to better secure your PC cannot be looked at as a bad thing. In most cases the average user doesn't need to have an administrator account. Having said that, I do remember and know that while using Vista, as MS first introduced the UAC, it was a pain in the neck. Running safe games in a limited account was impossible b/c the game needed access to certain drivers that Vista categorized as needed to be ran under an admin account which was ridiculous.

But much of that has been worked out, and I think the UAC set at its default, is no bother at all. Rarely do I even see it anymore since Se7en does a better job and the trick using the Task Scheduler. Better Safe than Sorry is a good way of thinking about your PC, as for those who don't run regular back-ups, don't concern themselves with anti-virus, will be in for a treat when they have to do a full system recovery b/c they just couldn't be bothered by just that "one more click" from the UAC. I mean really, countless clicks are made all day long, but when a click is required that you didn't ask for is needed, you blow your top and say this is UAC is ridiculous and I don't want it.
My Goodness, just a few more clicks a day and you'd think it would give you carpel tunnel by the end of the day.

-OEM
 

My Computer My Computer

At a glance

OS3.5celerymemory never forgetsOB
Computer Manufacturer/Model Number
POS
OS
OS3.5
CPU
celery
Motherboard
Good Question ...Unknown
Memory
memory never forgets
Graphics Card(s)
OB
Sound Card
OB
Monitor(s) Displays
HUGE
Screen Resolution
168000000x105000000
Hard Drives
full
PSU
OEM 65watt
Case
N/A
Cooling
OB
Keyboard
OB
Mouse
mouse
Internet Speed
1 Trillion MBps
Other Info
Still An Awesome Forum!
For the home computer user who started out with their first computer ten to fifteen years ago (Windows 95 or 98) the UAC is a waking nightmare.

I remember the very first Vista PC that I was called out to install. I'd never seen UAC yet at that time. The new PC owner was watching me (trying) to set up their new computer. Every time I'd try to do anything, UAC would pop up on the screen.
The old gentleman finally said to me "am I going to have to put up with that CRAP all the time?"

That's the attitude I see for all new Vista or Win-7 users. They bought the #%$@ computer....they are the owners and only users and yet they don't have permission to access files and folders, delete files, etc. It's an understatement to say that they are VERY angry about that. I know I am too.

I know I'll get flamed for this, but when I set up any new PC for one of my home computer customers (I don't do commercial systems) I first shut off UAC with a little script I carry on my Utilities disk. Then I run the "Take Ownership" script and take ownership of all pertinent folders.
Then I shut down a gaggle of services, with another script.
And then tweak and tune Windows for more efficient use of RAM and HD.

The biggest problem I have is setting up eMail for people used to running Outlook Express. :mad: (but that's another whole topic)

When Windows 7 is first being installed on a PC, there should be a box that could be checked for "Home Use ONLY". That could give the owner/user full permission to do what they want with 'Their' computer.

A home PC user doesn't want to be told that they have to contact their IT specialist in order to do something. That's BS!

Cheers mates!
:cool:
 

My Computer My Computer

At a glance

Windows XP-Pro-SP3, Windows 7AMD, 2X, Dual Core 5200+6 gig DDR2, Super TalentWinfast
Computer Manufacturer/Model Number
Home Made
OS
Windows XP-Pro-SP3, Windows 7
CPU
AMD, 2X, Dual Core 5200+
Motherboard
MSI K9N Platinum
Memory
6 gig DDR2, Super Talent
Graphics Card(s)
Winfast
Sound Card
On Board AC97
Monitor(s) Displays
19" Envision LCD
Screen Resolution
1024x768
Hard Drives
3x , Maxtor/Seagate SATA2 (160, 160, 200gig)
PSU
Antec Earthwatts 650
Case
Pac Man Mid-Tower
Cooling
11 fans
Keyboard
Generic
Mouse
MS digital
Internet Speed
5 Meg Cable
I don't see any problem with UAC, in fact I think it was a good move by Microsoft, as OEM stated it's only another click, how hard can that be.:)

OK yes it's my computer and it's just me using it but that doesn't mean to say that I wont try to do something stupid and try to download something that could harm my machine or not concentrate when doing something and not having UAC turned on could prove to be damaging to my machine and my pocket.:(

I'm pleased that Microsoft came up with this feature and are trying to protect users from their mishaps.;)
 

My Computer My Computer

At a glance

Windows 10 64bit/Windows 10 64bit/Windows 10 ...Intel Pentium J3710 @ 60GHz/Intel B820,1.7GHz...8.00GB DDR3 @ 1599MHz/8GB 2 x 4GB DDR3/8.00GB...Intel HD Graphics/Intel/512MB ATI AMD Radeon ...
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Acer Aspire XC-704 x64 bit/ Asus K55A Notebook PC/HP Envy x360 Convertible 15-bq0xx
OS
Windows 10 64bit/Windows 10 64bit/Windows 10 64bit
CPU
Intel Pentium J3710 @ 60GHz/Intel B820,1.7GHz/AMD A9 Radeon
Motherboard
Acer Aspire XC-704 (SOCKET 0)/Asus/HP 8312 (Socket FP4)
Memory
8.00GB DDR3 @ 1599MHz/8GB 2 x 4GB DDR3/8.00GB Dual-Channel
Graphics Card(s)
Intel HD Graphics/Intel/512MB ATI AMD Radeon R5 Graphics (HP
Sound Card
Realtek High Definition Audio/Onboard/AMD High Definition Au
Monitor(s) Displays
Acer LCD K222HQL /Asus 15.6/Generic PnP Monitor (1920x1080@6
Screen Resolution
1920x1080@59Hz/1366 x 768/1920x1080@60Hz
Hard Drives
1863GBWesternn Digital WDC/Asus/119GB SanDisk SD8SN8U-128G-1006 (SSD)
931GB Hitachi HGST HTS721010A9E630 (SATA)
Keyboard
Microsoft Natural Ergonomic Keyboard 4000 (UK)/Inbuilt/Inbui
Mouse
Microsoft Optical Wheel Mouse/Same plus Touchpad/Same + Pad
Internet Speed
Infinity 2 up to 76 Mbps
Antivirus
MSE/MSE/MSE and all 3 have MalwareBytes Premium
Browser
Edge, Firefox/Edge, Firefox/Edge, Firefox, Chrome
Other Info
Seagate Expansion 500GB External Desktop Drive
Seagate Expansion Portable Drives 500GB and 1TB
Epson XP-332 Wireless Printer
OK, try this scenario on for size:
(forget for a minute that you're already a computer Guru )

You're 65 and getting cranky. Your ten year old PC just shot craps and you went out and spent nearly a thousand dollars on a whole new system. The high pressure salesman at Best Buy convinced you that you needed a new monitor and printer too.:mad:

So you get the new PC out of the box and all connected up and start through the half hour long installation procedure. After registering and making your own backup disks, (that's usually another hour or so) you finally get to settle down to actually running your new PC.

To see just what you've got, you open up Windows Explorer and click on "Documents and Settings" and you get a message telling you that you don't have permission to look at that. If you, the owner of the PC, doesn't have permission to look at it, who in heck does?
Arggggggggggggggg!

So this doesn't become a rant.....I rest my case!

If you like UAC and all those permissions, then by all means KEEP THEM!
For me and mine.....they're HISTORY!:)

:cool:
 

My Computer My Computer

At a glance

Windows XP-Pro-SP3, Windows 7AMD, 2X, Dual Core 5200+6 gig DDR2, Super TalentWinfast
Computer Manufacturer/Model Number
Home Made
OS
Windows XP-Pro-SP3, Windows 7
CPU
AMD, 2X, Dual Core 5200+
Motherboard
MSI K9N Platinum
Memory
6 gig DDR2, Super Talent
Graphics Card(s)
Winfast
Sound Card
On Board AC97
Monitor(s) Displays
19" Envision LCD
Screen Resolution
1024x768
Hard Drives
3x , Maxtor/Seagate SATA2 (160, 160, 200gig)
PSU
Antec Earthwatts 650
Case
Pac Man Mid-Tower
Cooling
11 fans
Keyboard
Generic
Mouse
MS digital
Internet Speed
5 Meg Cable
If people hate UAC because they have to click on a button, then they're gonna hate Macs and Linux when they ask you to type in your root password.
 

My Computer My Computer

At a glance

Windows 7 Professional x64AMD A8-3870K8GB DDR3Radeon HD 6550D, Radeon HD 5850
OS
Windows 7 Professional x64
CPU
AMD A8-3870K
Motherboard
ECS A75F-M2
Memory
8GB DDR3
Graphics Card(s)
Radeon HD 6550D, Radeon HD 5850
Hard Drives
1TB
PSU
750W
@DrWho

I concur with your piece/rant sir, 100%

Sometimes Windows needs to be reminded of who's the boss. Turn off that persistent mothering/nanny tool and be the boss of your own PC today! First thing i did when i install a brand new Win7 system too. All is well after that :)

And don't tell me I don't know what I am doing, because I do. All arguments for UAC in a standalone, non networked PC running only trusted apps are null and void.
 

My Computer My Computer

At a glance

Windows 7 x64 Professional SP1Intel C2D T9550 2.66 GHz @ 2.793 GHz (Thanks ...8 GB DDR3ATI MOBILITY RADEON 4670
Computer Manufacturer/Model Number
DELL SXPS 1640
OS
Windows 7 x64 Professional SP1
CPU
Intel C2D T9550 2.66 GHz @ 2.793 GHz (Thanks ThrottleStop!!)
Motherboard
Intel PM45
Memory
8 GB DDR3
Graphics Card(s)
ATI MOBILITY RADEON 4670
Sound Card
CREATIVE XFI AUDIO NOTEBOOK
Monitor(s) Displays
16.1 WLED
Screen Resolution
1920x1080
Hard Drives
Seagate ST9500420AS 500GB (465GiBi) 7200 RPM Drive

External Drives:-
2 TB WD Essentials x 3
1 TB WD Mybook Gen 1
1 TB WD Mybook Gen 2
1 TB Seagate
1 TB Seagate
320 GB WD Scorpio Black (enclosed)
320 GB WD Scorpio Black (enclosed)
PSU
90W Dell Power Brick
Case
Dell Chassis
Cooling
Coolermaster Cooling Pad
Keyboard
Built-in backlighted Keyboard
Mouse
Logitech Wireless Mini Mouse
Internet Speed
4/0.5
Yeah, gotta love how not secure Win XP was and all the complaints about that.
Yeah, screw security, it's such a pain in the arse. Why would anyone want to have a more secure system?
I mean, come on, it's my system, it's not like I am going to get hit by some drive-by download, and hey I am running Norton or McAfee, it's not like viruses target those apps anymore to shut them down and take em out.

Yeah, that nasty UAC and admin rights on all those pesky files and folders that I should be able to do what I want with.

I can't be bothered saving my info to the Documents folder or and external drive,, I have to save them to C: drive and my profile folder, cause dammit, it's my PC.

I digress,,, sarcasm is a wonderful thing ya know!
 

My Computer My Computer

At a glance

Win 7 Ultimate 32bitC2D E6600 2.4Ghz4G Kingston KHX5400D2EVGA GTX 570 HD SC (012-P3-1573-KR)
Computer Manufacturer/Model Number
Self Built
OS
Win 7 Ultimate 32bit
CPU
C2D E6600 2.4Ghz
Motherboard
Intel D965WH
Memory
4G Kingston KHX5400D2
Graphics Card(s)
EVGA GTX 570 HD SC (012-P3-1573-KR)
Sound Card
On-Board
Monitor(s) Displays
Samsung 226BW
Screen Resolution
1680 x 1050
Hard Drives
2 x 250 Seagate Barracuda
2 x 500 Seagate Barracuda (Raid1)
PSU
Corsair TX750W
Case
In-Win C589
Cooling
Stock Intel Cooling
I will never turn off the UAC after a certain event that happened back in November. I was visiting a site that had quite a few ads for the first time. Suddenly the UAC thing popped up asking if I wanted a program to be able to make changes to my computer. I can't remember the name of the program, but I had never seen it before. I clicked no, closed Chrome, updated then ran MSE and it found a virus and promptly removed it. I'm not sure if MSE would have nipped it in the butt before it did what ever it was designed to do if it wasn't for the UAC stopping it. It slows me down, but it has it's place. I can't blame MS for trying and at least I don't have to put in my password constantly like in Ubuntu and Knoppix.

Not saying UAC will help even half the time, but it helping once is good enough reason for me to waste two seconds every once in a while. It's better than wasting two hours removing a virus or reinstalling Windows.
 

My Computer My Computer

At a glance

Windows 7 Professional SP1 64-bitIntel Core i5-2450M @2.5 GHz6 GB DDR3 1333MHzIntel HD 3000
Computer type
Laptop
Computer Manufacturer/Model Number
Toshiba P775-S7100
OS
Windows 7 Professional SP1 64-bit
CPU
Intel Core i5-2450M @2.5 GHz
Memory
6 GB DDR3 1333MHz
Graphics Card(s)
Intel HD 3000
Monitor(s) Displays
Built-in 17.3" LED; 22" Insignia NS-L22Q-10A
Screen Resolution
1600x900; 1360x768
Hard Drives
750 GB Hitachi
1TB Seagate FreeAgent External
Internet Speed
Verizon DSL Speed(Down/Up): 3360 Kbps / 800 Kbps
Antivirus
MSE and MBAM Pro
Browser
IE10
Well I'm found of my system these days.
It's ultimately tweaked from annoying shit like UAC and all the other stuff you don't need.
It was such a relief for me upgrading to 7, Vista killed me with bad performance and all these security settings popping up all the time. Maybe this occurs on 7 too, but at least not on mine :)
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64[email protected]Corsair Vengeance 1600MHz 16GBMSI Geforce 580 Twin Frozr II @ SLI
Computer Manufacturer/Model Number
Self Built
OS
Windows 7 Ultimate x64
CPU
[email protected]
Motherboard
MSI P67A-GD80 B3
Memory
Corsair Vengeance 1600MHz 16GB
Graphics Card(s)
MSI Geforce 580 Twin Frozr II @ SLI
Sound Card
Creative Sound Blaster Pro (USB)
Monitor(s) Displays
Dell Ultrasharp 27"
Screen Resolution
2560x1440
Hard Drives
Intel 510 Series 250GB SSD
Corsair Reactor Series 120GB SSD
WD Caviar Black 1TB
3x External HDD's.
PSU
Corsair AX 1200W
Case
Corsair Obsidian 800D
Cooling
Antec Kuhler H2O 920 & 3x Scythe Gentle Typhoon AP-15
Keyboard
Mionix Cibal 60
Mouse
CM Storm SENTINEL
Internet Speed
Pretty Fast
Well myself since testing Vista early on in its development, learned to run a good security system and virus protection and always enable the hidden Admin account and use it instead of the regular user account with Admin privileges and have never had to deal with the UAC as far as i am concerned. I get confused when I go to a friends house and have to fix there system, with UAC pop-ups and have to keep clicking on yes ok.
 

My Computer My Computer

At a glance

Window's 7 Ultimate 64bitE8400 LappedKingston 4 gig2=ATI 5670Video Crossfire / HVR2250 TV Tuner ...
Computer Manufacturer/Model Number
Custom Build
OS
Window's 7 Ultimate 64bit
CPU
E8400 Lapped
Motherboard
P5Q Pro Turbo Asus
Memory
Kingston 4 gig
Graphics Card(s)
2=ATI 5670Video Crossfire / HVR2250 TV Tuner Card
Sound Card
HDMI sound
Monitor(s) Displays
Sony 46"
Screen Resolution
1280x720
Hard Drives
1 WD 160gig YS, 1 Black Edition 320gig and one 250gig WD YS Model plus external Caviar Black 640gig Drives
PSU
Antec 550 Modular
Case
Antec Custom 180B
Cooling
X-1283 Lapped Artic Silver 5
Keyboard
Wave Combo Logitech
Mouse
Logitech LX-8
Internet Speed
5mb down 768 up
Other Info
Custom side fan in case, plus moved middle lower fan to the front of hard drives , also installed a second intake fan in lower two optical drive slots. Rear fans are controlled by Fan mate controllers. temps inside case are monitored by probe and temps coming out the top exhaust are also monitored, temps as of right now 20c inside and 22.7 out the exhaust. Front intake fans are controlled by Asu
For the home computer user who started out with their first computer ten to fifteen years ago (Windows 95 or 98) the UAC is a waking nightmare.

I remember the very first Vista PC that I was called out to install. I'd never seen UAC yet at that time. The new PC owner was watching me (trying) to set up their new computer. Every time I'd try to do anything, UAC would pop up on the screen.
The old gentleman finally said to me "am I going to have to put up with that CRAP all the time?"

That's the attitude I see for all new Vista or Win-7 users. They bought the #%$@ computer....they are the owners and only users and yet they don't have permission to access files and folders, delete files, etc. It's an understatement to say that they are VERY angry about that. I know I am too.

I know I'll get flamed for this, but when I set up any new PC for one of my home computer customers (I don't do commercial systems) I first shut off UAC with a little script I carry on my Utilities disk. Then I run the "Take Ownership" script and take ownership of all pertinent folders.
Then I shut down a gaggle of services, with another script.
And then tweak and tune Windows for more efficient use of RAM and HD.

The biggest problem I have is setting up eMail for people used to running Outlook Express. :mad: (but that's another whole topic)

When Windows 7 is first being installed on a PC, there should be a box that could be checked for "Home Use ONLY". That could give the owner/user full permission to do what they want with 'Their' computer.

A home PC user doesn't want to be told that they have to contact their IT specialist in order to do something. That's BS!

Cheers mates!
:cool:

I am not going to flame you but you are doing your friends, family, neighbors, customers, and clients a huge disfavor if you do not thoroughly explain to them that you have completely disabled all their Windows Security and that just browsing the internet is extremely dangerous.

Maybe you don’t realize it; but Microsoft added all this security because of the Home User. Microsoft spent millions researching problems with Home User computers and gathered tons of data and complaints from Home Users on what they wished Microsoft would to protect their computer, keep it from crashing, and protect the system from inexperienced User mistakes. These changes are to protect the Home User from the evils of the world and the Home User from themselves. JMHO.
 

My Computer My Computer

At a glance

Windows 7 Enterprise (x64); Windows Server 20...16GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell OP7010
OS
Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
Memory
16GB
Monitor(s) Displays
4 Dell 24" LCD
Screen Resolution
1280x1024
Keyboard
Dell
Mouse
Dell Optical
Internet Speed
40meg
To see just what you've got, you open up Windows Explorer and click on "Documents and Settings" and you get a message telling you that you don't have permission to look at that. If you, the owner of the PC, doesn't have permission to look at it, who in heck does?
Arggggggggggggggg!

So this doesn't become a rant.....I rest my case!

:cool:

Respectfully, that is because “Documents and Settings” do not exist in Windows 7, not knowing that is exposing your lack of knowledge of Windows. I have installed many Windows 7 machines for Home Users and have NEVER had to take ownership of anything, turn off UAC, enable the Administrator account, or disable any of the security on the machine. They never complain and everything works perfectly. It all comes down to learning how Windows 7 works and using it, not spending all your time trying to force it to do something unprotected, like the Windows 98 days. JMHO.
 

My Computer My Computer

At a glance

Windows 7 Enterprise (x64); Windows Server 20...16GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell OP7010
OS
Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
Memory
16GB
Monitor(s) Displays
4 Dell 24" LCD
Screen Resolution
1280x1024
Keyboard
Dell
Mouse
Dell Optical
Internet Speed
40meg
Too each his own, I say. It kinda reminds me of the ongoing argument between people over which is better: standard transmission (where the driver has to do a bit more work) or automatic transmission. The easiest solution and answer to the debate is, "Whatever works best for the individual involved."
 

My Computer My Computer

At a glance

Win 7 Pro 64-bitIntel i5 2.4 Ghz8GB DDR3Intel HD 3000
Computer type
Laptop
Computer Manufacturer/Model Number
Sony Vaio VPCEB47GM Laptop
OS
Win 7 Pro 64-bit
CPU
Intel i5 2.4 Ghz
Memory
8GB DDR3
Graphics Card(s)
Intel HD 3000
Sound Card
IDT High Definition
Monitor(s) Displays
15.6 WGXA Anti-Glare LED
Screen Resolution
1280x800
Hard Drives
640Gb 7200rpm
Antivirus
MSE
Browser
Opera (primary) with IE9 backup
Too each his own, I say. It kinda reminds me of the ongoing argument between people over which is better: standard transmission (where the driver has to do a bit more work) or automatic transmission. The easiest solution and answer to the debate is, "Whatever works best for the individual involved."

I think a better comparison would be “Airbag” or “No Airbag”. I don’t like the Airbag because it makes my steering wheel big and bulky, and I have to have the horn in a different spot. Let’s disable the Airbag and replace the steering wheel so I can have a clean easy to use steering wheel. Great when there were fewer cars on the road. (Disable Security; Great when there were fewer Windows Machines on the Internet).

You are right it is completely up to the end user; however I would much prefer to deal with the bulky steering wheel and have the safety then not. - WS

Removing the Airbag makes the vehicle less safe. Not telling the end user is irresponsible.

Removing security in Windows makes it less safe. Not telling the end user is irresponsible.
 

My Computer My Computer

At a glance

Windows 7 Enterprise (x64); Windows Server 20...16GB
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell OP7010
OS
Windows 7 Enterprise (x64); Windows Server 2008 R2 (x64)
Memory
16GB
Monitor(s) Displays
4 Dell 24" LCD
Screen Resolution
1280x1024
Keyboard
Dell
Mouse
Dell Optical
Internet Speed
40meg
WIndows Star, what an excellent series of posts.

You are absolutely right of course. Whilst I can see people's point about UAC, it bugged the hell out of me in Vista too. I barely even notice it any more. I like the way it has been toned down for windows 7. In Vista, if you wanted to move something into a "restricted" zone (like for instance "Program Files") you used to get 3 UAC prompts. One telling you that you needed to be Admin to do it. A UAC popup, and then ANOTHER "You need to be Admin" for this, once you had given it UAC Clearance. With Win 7 its just one "yes I am the Admin, carry on" click.

I am not going to sit here and tell people who know what their doing to leave UAC on. You understand the risks, and your choosing to take them anyway, thats your choice.

What I do take exception to however, is advising Home Users to switch it off. Its just irresponsible IMO. I will now conclude this post, with my reponses to some of the funnier posts in this thread.

For the home computer user who started out with their first computer ten to fifteen years ago (Windows 95 or 98) the UAC is a waking nightmare.
I am a Home computer user who started out with their first computer on Windows 95. I like UAC. I'd rather that than have a drive by download install itself without even a chance of me finding out about it until it's too late

A home PC user doesn't want to be told that they have to contact their IT specialist in order to do something. That's BS!
Why do you need to contact an IT specialist? Is it really that hard to click Yes?

When Windows 7 is first being installed on a PC, there should be a box that could be checked for "Home Use ONLY". That could give the owner/user full permission to do what they want with 'Their' computer.
So you want to give someone who doesn't know what their doing, complete unfettered access to their system? I can only assume you work in Malware removal and are trying to drum up business.....

And don't tell me I don't know what I am doing, because I do. All arguments for UAC in a standalone, non networked PC running only trusted apps are null and void.
Until you get a virus disguising itself as one of these trusted apps.... Admittedly though, if by "non networked" you mean "not on the internet" then your probably fairly safe, as long as you never plug any external devices like USB sticks in
 

My Computer My Computer

At a glance

Windows 10 Pro x64Intel Core i5 7400 @ 3.00GHz8GB 2133Mhz DDR4 (OEM supplied)Gygabyte Windforce GTX 1050Ti (Factory Overcl...
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Medion Erazer (note to self: insert model number) - with custom additions
OS
Windows 10 Pro x64
CPU
Intel Core i5 7400 @ 3.00GHz
Motherboard
OEM supllied with PC
Memory
8GB 2133Mhz DDR4 (OEM supplied)
Graphics Card(s)
Gygabyte Windforce GTX 1050Ti (Factory Overclocked)
Sound Card
Realtek
Monitor(s) Displays
Acer Al1980 + HKC
Screen Resolution
1360*768(HKC) / 1280*1024(Acer)
Hard Drives
1TB Toshiba
1TB WD Caviar Green
120GB Samsung Evo 840
PSU
OEM supplied (no power rating on case)
Case
OEM Supplied
Cooling
Stock
Keyboard
Logitech Wireless
Mouse
Logitect Wireless
Internet Speed
40Mb/s Down 10Mb/s Up
Antivirus
Defender
Browser
Firefox
For the home computer user who started out with their first computer ten to fifteen years ago (Windows 95 or 98) the UAC is a waking nightmare.
I started computing over 30 years ago, when Gates & Allen were still playing PacMan and dreaming big. UAC has never been a nightmare to me, in fact I am quite thankful it's there. Mostly, it's just a mouse click every now and then.

I remember the very first Vista PC that I was called out to install. I'd never seen UAC yet at that time. The new PC owner was watching me (trying) to set up their new computer. Every time I'd try to do anything, UAC would pop up on the screen.
The old gentleman finally said to me "am I going to have to put up with that CRAP all the time?"

That's the attitude I see for all new Vista or Win-7 users. They bought the #%$@ computer....they are the owners and only users and yet they don't have permission to access files and folders, delete files, etc. It's an understatement to say that they are VERY angry about that. I know I am too.
I've helped a lot of people to migrate to Vista and later to Seven. When I have explained UAC and showed some examples, the reaction has normally been quite positive. "That's nice. So I don't have to be afraid something is installed without my knowledge, and I get like a warning if I'm trying to delete some important stuff".

I know I'll get flamed for this, but when I set up any new PC for one of my home computer customers (I don't do commercial systems) I first shut off UAC with a little script I carry on my Utilities disk. Then I run the "Take Ownership" script and take ownership of all pertinent folders.
Then I shut down a gaggle of services, with another script.
And then tweak and tune Windows for more efficient use of RAM and HD.
A very subjective, personal opinion: I find that an irresponsible way to work with a customer's / friend's computer.

My way is totally opposite. I don't touch UAC, leaving it as it is set by default. I most definitely do not take ownership of the stuff the makers of windows have gone an extra mile to protect.

I then show and explain the UAC to the owner / user of that computer, letting him / her to decide.

A home PC user doesn't want to be told that they have to contact their IT specialist in order to do something. That's BS!
I would like to know in which kind of scenarios the UAC don't let the owner of the computer do something without contacting an IT specialist?

A happy UAC user Kari
 

My Computer My Computer

At a glance

Windows 10 Pro x64 EN-GB1.6 GHz Intel Core i7-720QM Processor6 GBATI Mobility Radeon HD 5850 Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
HP ENVY 17-1150eg
OS
Windows 10 Pro x64 EN-GB
CPU
1.6 GHz Intel Core i7-720QM Processor
Memory
6 GB
Graphics Card(s)
ATI Mobility Radeon HD 5850 Graphics
Sound Card
Beats sound system with integrated subwoofer
Monitor(s) Displays
17" laptop display, 22" LED and 32" Full HD TV through HDMI
Screen Resolution
1600*900 (1), 1920*1080 (2&3)
Hard Drives
Internal: 2 x 500 GB SATA Hard Disk Drive 7200 rpm
External: 2TB for backups, 3TB USB3 network drive for media
Cooling
As Envy runs a bit warm, I have it on a Cooler Master pad
Keyboard
Logitech diNovo Media Desktop Laser (bluetooth)
Mouse
Logitech Performance Mouse MX
Internet Speed
50/10 Mbps VDSL
Antivirus
Windows Defender 4.3.9431.0
Browser
Maxthon 3.5.2., IE11
Thank you all for a very stimulating conversation, but I'm going to UN-Subscribe from this thread now. It's been great, but not that great!
Old quote, "A man convinced against his will, is of the same opinion still".

Cheers Mates!
Doc :cool:
 

My Computer My Computer

At a glance

Windows XP-Pro-SP3, Windows 7AMD, 2X, Dual Core 5200+6 gig DDR2, Super TalentWinfast
Computer Manufacturer/Model Number
Home Made
OS
Windows XP-Pro-SP3, Windows 7
CPU
AMD, 2X, Dual Core 5200+
Motherboard
MSI K9N Platinum
Memory
6 gig DDR2, Super Talent
Graphics Card(s)
Winfast
Sound Card
On Board AC97
Monitor(s) Displays
19" Envision LCD
Screen Resolution
1024x768
Hard Drives
3x , Maxtor/Seagate SATA2 (160, 160, 200gig)
PSU
Antec Earthwatts 650
Case
Pac Man Mid-Tower
Cooling
11 fans
Keyboard
Generic
Mouse
MS digital
Internet Speed
5 Meg Cable
Old quote, "A man convinced against his will, is of the same opinion still".
In other words,, Ignorance is Bliss.

XP ideology does not work in a 7 world. Time for some people to learn some new tricks. like using a PC as it is meant to be used, not how they want it to be used. Or don't use Windows.

Some people are providing a disservice, and wish to remain ignorant of new ideas, tools and procedures.

As Mike Holmes always says, "Old procedures with New Products don't mix".

EDIT: I have to say,,, Your signature quote is quite contradictory to your post, don't you think?
 
Last edited:

My Computer My Computer

At a glance

Win 7 Ultimate 32bitC2D E6600 2.4Ghz4G Kingston KHX5400D2EVGA GTX 570 HD SC (012-P3-1573-KR)
Computer Manufacturer/Model Number
Self Built
OS
Win 7 Ultimate 32bit
CPU
C2D E6600 2.4Ghz
Motherboard
Intel D965WH
Memory
4G Kingston KHX5400D2
Graphics Card(s)
EVGA GTX 570 HD SC (012-P3-1573-KR)
Sound Card
On-Board
Monitor(s) Displays
Samsung 226BW
Screen Resolution
1680 x 1050
Hard Drives
2 x 250 Seagate Barracuda
2 x 500 Seagate Barracuda (Raid1)
PSU
Corsair TX750W
Case
In-Win C589
Cooling
Stock Intel Cooling
Picture this scenario: You're browsing the web and a virus somehow gets into your computer. Depending on whether or not the UAC is on, you may either see a little warning that something is trying to install itself on your computer or you may see nothing and then wake up the next day to see that your computer has been destroyed by a virus.

The UAC and its Mac/Linux equivalents are there for a reason. In Windows XP, the default user had complete control over his/her computer. It was like an administrator account on steroids. Also, there was no UAC, meaning there was no warning if a virus invaded. Since you have an administrator account, that virus will now be able to completely take over your computer and lodge itself deep within the system. Now, with Windows Vista and Windows 7, you can avoid that. You may be just browsing the web and all of a sudden, you see a UAC alert pop up despite the fact that you never told the computer to install anything. This is your first clue that a virus has made it into your computer, but thanks to the UAC, that virus cannot activate to destroy your computer. This gives you time to scan your computer, hunt down that virus, and kill it. In Windows XP, by the time the antivirus catches the program, it will have already activated itself and will have begun to destroy your computer.

The UAC is looking pretty good now, isn't it?
 

My Computer My Computer

At a glance

Windows 7 Home Premium x64Intel Core i5-2410M Quad Core CPU @ 2.30 GHz8 GB Shared Channel DDR3 MemoryIntel HD Graphics 3000, AMD Radeon HD 6470M
Computer Manufacturer/Model Number
Dell Inspiron 14R N4110
OS
Windows 7 Home Premium x64
CPU
Intel Core i5-2410M Quad Core CPU @ 2.30 GHz
Memory
8 GB Shared Channel DDR3 Memory
Graphics Card(s)
Intel HD Graphics 3000, AMD Radeon HD 6470M
Sound Card
Intel Display Audio, Realtek High Definition Audio
Monitor(s) Displays
14" HD 720p LED Display
Screen Resolution
1366x768
Hard Drives
500 GB 5400 RPM SATA Hard Drive
Mouse
Microsoft USB IntelliMouse Explorer 3.0
Back
Top