UAC should have been a Business class feature, not for Home Users

[Lester Stiefel]

Actually, UAC elevation is explicitly discouraged for Business and
Enterprise settings. Only home users should really be mixing up admin
and standard user tasks, with the majority of their daily work done as a
standard user. Businesses should have most of their users always running
as Standard Users and only have special admin accounts have admin rights.

Most of the pain of UAC goes away when applications are updated to work
correctly without demanding full admin rights (which they really do not
need 99% of the time, and the 1% they do need can be done other ways).
This is obviously a long-term investment, but until UAC was on by
default most application writers would continue to ignore the inherent
security risks and not support the more secure mode (see Windows XP
LUA). The Windows logo programs are pushing vendors and applications to
get updated, and over time more of them will be. UAC elevation is still
around to get old stuff to work as needed.

There are things that can be done to the Windows shell experience to
make UAC easier, some of which were done in SP1, but mostly it's user
habit and lack of understanding that would cause a UAC elevation prompt
to come up "every 5 seconds". That's not to say teaching non-technical
people technical skills isn't difficult.

My sentiments exactly. However there are still some
applications that require admin rights to register, winamp
and some burn stack software, ms office, publishers. These
then will work fine after the registration process on a
standard account.
Winamp, in addition , needs to sign the program modules, so
the nag about unsigned software will vanish.

 

[SG]

Have you tried TweakUAC. It suppresses the UAC prompts but leave the
underpinnings of the protection UAC provides intact.<<<

David,

TweakUAC is misleading and your reply isn't exactly true.
It's best described by Ronnie Vernon MS-MVP and wish I had written this :>)

Quote:
This is a fallacy! If UAC cannot notify the user that a program is trying to
gain global access to the system, then it is effectively 'disabled'. This so
called 'quite mode' setting just changes a UAC registry setting to
'automatically elevate everything without prompting'. This means that when
you click to open a file, it is 'assumed' that you already know that the
file will have unrestricted access to your computer.

The main thing that UAC does is to detect when a program or application
tries to access restricted parts of the system or registry that requires
administrator privileges. When a program does this, UAC will prompt the user
for administrative elevation. Without this prompt, UAC cannot warn the user,
which means that it is effectively disabled.

Some people will tell you that using "quiet mode" will still let IE run in
protected mode, but this just isn't true. Without the UAC prompt, a
malicious file that runs from a website can run, without restrictions, and
silently.

Another issue is that with UAC prompt disabled, some legitimate procedures
will just silently fail to work properly, with no notification, if you are
logged on with a Standard User account, since the application cannot notify
you that administrative privileges are required.

Even the developer of the TweakUAC utility includes this statement about his
product.
"if you are an experienced user and have some understanding of how to manage
your Windows settings properly, you can safely use the quiet mode of UAC."
In my opinion, if you are an experienced user, the last thing you would want
to do is turn off the UAC notification.

If you 'are' an experienced user, then you would already know how to
temporarily bypass the UAC prompt to perform just about any procedure in
Vista, such as running programs from an elevated command prompt, or using an
elevated instance of windows explorer.

The last problem I have with this so-called 'quiet mode' is that it
dissuades developers from programming their applications to run in a least
user privilege environment.
End Quote

--
All the best,
SG

Is your computer system ready for Vista?
https://winqual.microsoft.com/hcl/

Have you tried TweakUAC. It suppresses the UAC prompts but leave the
underpinnings of the protection UAC provides intact.

SNIPPED

 

[David P.]

Thanks for taking the time to post this! I will take it under advisement.

 

[AJR]

Althoug mentioned in SG's post - for "home users" the most important feature
of UAC is IE7 "Protected Mode" (Indicated lower right corner when active).

When downloading any item from the Internet which may affect system or
registry files, proteced mode creates "virtual systen and registry"
locations to first evaluate actions of downloaded items - if UAC consider
them safe then it provides access to the "real" system file locations.

 

[Andy [YaYa]]

I tell everyone that buys a Windows Vista PC that when they get the UAC
prompt that's because something is about to happen that's going to change
your system. If you are installing a program then hit Continue, but if it
comes up and you're not sure, err on the side of caution and hit cancel.

I think UAC is a huge help, espically for home users, but that's just my
opinion.