How good is Vista about automatically running installers as administrator?

[Milhouse Van Houten]

I've read that there's "heuristic detection" code in Vista's UAC to
automagically sense installers (by more than just file name) and issue a
"Run as administrator" behind the scenes so that you don't have to do it
yourself -- but how good is it?

What I'm hoping to avoid are the cases where that doesn't happen and the
install bombs halfway through because of a rights issue, or worse, the
install does appear to complete successfully but really didn't.

Should I just "Run as administrator" on everything I install for good
measure?

I should note that I have "User Account Control: Behavior of the elevation
prompt for administrators in Admin Approval Mode" on "Elevate without
prompting" (I just can't take the prompts all the time, but at least UAC is
still enabled), so what's elevated and what isn't is a bit of a mystery.

 

[Gerry Hickman]

I should note that I have "User Account Control: Behavior of the
elevation prompt for administrators in Admin Approval Mode" on "Elevate
without prompting" (I just can't take the prompts all the time, but at
least UAC is still enabled),

If it elevates without prompting, I have to wonder what the point is?

 

[Milhouse Van Houten]

If it elevates without prompting, I have to wonder what the point is?

To save you from doing it yourself, of course--it's just too much for some
experienced people to deal with 20 times a day. I didn't disable UAC
outright, however, mainly because of IE's protected mode.

BTW, if you have an answer to the OP, that would be great.

 

[Iuvenalis]

If it elevates without prompting, I have to wonder what the point is?

I still wonder what software people run to get UAC prompts all day?
I'm lucky to get 2 or 3 in an 8 hour period...sometimes not even that.
What is it that causes so many prompts that people have to disable UAC?

 

[Iuvenalis]

To save you from doing it yourself, of course--it's just too much for some
experienced people to deal with 20 times a day. I didn't disable UAC
outright, however, mainly because of IE's protected mode.

BTW, if you have an answer to the OP, that would be great.

What is it that gives you UAC prompts 20 times a day?

 

[gaaaaaaaaaaaa]

I still wonder what software people run to get UAC prompts all day?
I'm lucky to get 2 or 3 in an 8 hour period...sometimes not even that.
What is it that causes so many prompts that people have to disable UAC?

the ordeal is probably in most horrifying in the first months of setup,
gradually installing ware as you realize the ware isn't on the new (vista)
computer.

however, I believe (as well as I recall because I cannot recall all of the
instances of blocking)some of eh blocks I've received doing a little
tinkering today weren't uac.

examples ...
I had some minor blockage when importing a WAB into oe (oops) winv mail.


_______________________-
a couple hours ago, vista prevented dragging [copy paste,etc] wackget to
this computer. I haven't researched the problem, but the blocker message
wasn't the usual uac I see when installing.
(btw, I did much installing a few weeks ago. about 4 or 5 apps). since this
popup wasn't the usual uac, I don't know where to begin researching.
hmm, ok, this is freaky. in order to copy the popup text for this ng post, I
just now dragged the zipped wackget package, and that succeeded with no
popup griping.

then..
extracted to folder in programs, startup. ... apprash. I guess wackget is wv
incompatible.
__________________

I had to perform some kind of rigmarole to unblock some of the app's
installer files (guesstimate 1/3 of installers). I think I had to do the
rigmarole on the installer file on the other computer on the lan *before*
copying to the vista computer.

never could I install from a file on the lan (except I think Firefox
extensions were draggable across the lan & straight into Firefox, which is
the normal install method)

______________
normally I swipe and type up notes when I read or work out a solution to
computer junk, but thei keyboard AND navigating vita is such hell, I give up
documenting.

currently I expect a bunch of fixes just won't be done. (fortunately I can
work on some these things from the other computers on the lan!)

--
shudda, wudda, not goina:
if wvm spill chikker didn't fix all of the typos, I blame them on this
keyboard which keeps trying to translate my perfect speeling and grammr into
gibberish. we, all of the civilized world would like to extend its apologies
for this keyboard's misanthropic behavior.
- the civilized world


wow. the spellchukker did very very well ... give somebody a raise.

 

[Iuvenalis]

I still wonder what software people run to get UAC prompts all day?
I'm lucky to get 2 or 3 in an 8 hour period...sometimes not even that.
What is it that causes so many prompts that people have to disable UAC?

the ordeal is probably in most horrifying in the first months of setup,
gradually installing ware as you realize the ware isn't on the new (vista)
computer.

however, I believe (as well as I recall because I cannot recall all of the
instances of blocking)some of eh blocks I've received doing a little
tinkering today weren't uac.

examples ...
I had some minor blockage when importing a WAB into oe (oops) winv mail.


_______________________-
a couple hours ago, vista prevented dragging [copy paste,etc] wackget to
this computer. I haven't researched the problem, but the blocker message
wasn't the usual uac I see when installing.
(btw, I did much installing a few weeks ago. about 4 or 5 apps). since
this popup wasn't the usual uac, I don't know where to begin researching.
hmm, ok, this is freaky. in order to copy the popup text for this ng post,
I just now dragged the zipped wackget package, and that succeeded with no
popup griping.

then..
extracted to folder in programs, startup. ... apprash. I guess wackget is
wv incompatible.
__________________

I had to perform some kind of rigmarole to unblock some of the app's
installer files (guesstimate 1/3 of installers). I think I had to do the
rigmarole on the installer file on the other computer on the lan *before*
copying to the vista computer.

never could I install from a file on the lan (except I think Firefox
extensions were draggable across the lan & straight into Firefox, which is
the normal install method)

______________
normally I swipe and type up notes when I read or work out a solution to
computer junk, but thei keyboard AND navigating vita is such hell, I give
up documenting.

currently I expect a bunch of fixes just won't be done. (fortunately I can
work on some these things from the other computers on the lan!)

--
shudda, wudda, not goina:
if wvm spill chikker didn't fix all of the typos, I blame them on this
keyboard which keeps trying to translate my perfect speeling and grammr
into gibberish. we, all of the civilized world would like to extend its
apologies for this keyboard's misanthropic behavior.
- the civilized world


wow. the spellchukker did very very well ... give somebody a raise.

So basically you got pop ups when installing applications.
I don't think that most people will be doing that on a daily basis once
their machine is set up & most folks will be dragging & dropping between
their user profile & the desktop / removeable media where there are no pop
ups.

I don't know what you mean about the "rigmarole" sorry.

 

[Gerry Hickman]

Hi Milhouse,

To save you from doing it yourself, of course

But if it "elevates", what's the point of having it at all?

--it's just too much for
some experienced people to deal with 20 times a day.

But if they were experienced, they would not be using UAC. It's only for
home-user types who run as a member of the Administrators group.

BTW, if you have an answer to the OP, that would be great.

Well, the original request sounds so dangerous, I'm not sure I'd want to
give an answer! I certainly don't want anything "automatically"
installing as "Administrator"!

From what I can tell, the MSIEXEC service is running as Local System,
so if you force it to burst into life by faking "detect and repair" you
could have it running elevated and screwing up your HKLM and HKCR even
if you were a normal non-admin user. Talk about elevation of privilege!
The default for this in Vista is "Enabled" (again to please the
home-user types).

The other completely moronic setting to watch out for in Vista is
"Virtualization". Anyone who leaves this on after first build is a fool.

 

[Lester Stiefel]

Hi Milhouse,



But if it "elevates", what's the point of having it at all?


But if they were experienced, they would not be using UAC. It's only for
home-user types who run as a member of the Administrators group.


Well, the original request sounds so dangerous, I'm not sure I'd want to
give an answer! I certainly don't want anything "automatically"
installing as "Administrator"!

From what I can tell, the MSIEXEC service is running as Local System,
so if you force it to burst into life by faking "detect and repair" you
could have it running elevated and screwing up your HKLM and HKCR even
if you were a normal non-admin user. Talk about elevation of privilege!
The default for this in Vista is "Enabled" (again to please the
home-user types).

The other completely moronic setting to watch out for in Vista is
"Virtualization". Anyone who leaves this on after first build is a fool.

From the note on wackget ( a downloader), I just had to
write. Most download managers can be stopped by the Data
Execution Prevention (DEP). To get around this, note the
exec program and enter it both in firewall, and in DEP
windows. also include other applications that need to use
protected memory regions, such as other browsers , mail,
news robots, etc.

 

[Bruce Chambers]

I've read that there's "heuristic detection" code in Vista's UAC to
automagically sense installers (by more than just file name) and issue a
"Run as administrator" behind the scenes so that you don't have to do it
yourself -- but how good is it?

Please cite the specific source for this claim. It's certainly
contrary to my first-hand experience. Just ask anyone who's complained
about having to give the UAC the "go ahead" every time they try to
install something.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell

 

[Milhouse Van Houten]

Please cite the specific source for this claim. It's certainly contrary
to my first-hand experience. Just ask anyone who's complained about
having to give the UAC the "go ahead" every time they try to install
something.

You have to approve it, of course, unless you have approval disabled. I
didn't make that clear. But that issue aside (please, let's put that issue
aside), how well does this detection work? For now, I'm assuming not well
enough that you can forgo using "Run as administrator."

 

[Bruce Chambers]

You have to approve it, of course, unless you have approval disabled. I
didn't make that clear.

No, you certainly didn't make that "clear." In fact, you stated the
exact opposite.

But that issue aside (please, let's put that
issue aside), how well does this detection work?

Define "well?" What precisely are you asking? Are you asking if it's
100% foolproof? judging by the numerous gripes about it in the
newsgroups, it works a bit more often than a lot of people seem to like.
It wouldn't be able to spot an installer that didn't try to write to
protected system areas, obviously.

For now, I'm assuming
not well enough that you can forgo using "Run as administrator."

If a normal application (not systems utilities, installers, etc.)
requires administrative privileges to function routinely, I wouldn't
have it on my computer; it's a security vulnerability.


--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

Many people would rather die than think; in fact, most do. -Bertrand Russell