User Account Controls

[Guest]

After putting up with the user account controls constantly asking me for
approval, and then finding it blocking programs from my quick launch bar
which I needed, I decided to shut it off. I did not have a problem doing
that, but now I keep getting nagged to turn it back on. Since I am the only
one with access to this computer, which is in a private home office and uses
a secure login for access, I am comfortable with it off, and would like to
stop the Vista nagware from constantly reminding me to turn it back on. Any
ideas on how to stop the reminders would be appreciated.

 

[DevilsPGD]

In message <[email protected]> Larry S.

After putting up with the user account controls constantly asking me for
approval, and then finding it blocking programs from my quick launch bar
which I needed, I decided to shut it off. I did not have a problem doing
that, but now I keep getting nagged to turn it back on. Since I am the only
one with access to this computer, which is in a private home office and uses
a secure login for access, I am comfortable with it off,

Then you've completely misunderstood the threat that UAC mitigates, and
as a result, you are an ideal target for UAC. Turn it back on, and fix
the programs which constantly need UAC elevation.

Which programs, and what are you expecting them to do that needs
administrative permissions?

and would like to
stop the Vista nagware

You've also misunderstood what nagware means.

 

[Guest]

OK, you've got me interested. What is the threat that UAC mitigates, and is
there any other way to deal with it? Also, when Windows defender blocks a
program from the quick launch bar, how can I get it to stop doing that? The
particular program it was giving me a hard time with was Palm Hotsync, which
lets me sync my palm TX handheld with both Outlook and Dataviz Documents To
Go. I use these on a daily basis in my work, and do not have time to spend
hours trying to convince a recalcitrant computer that it can let that program
boot normally.

After having some problems with Vista, I made a decision to wipe the hard
disk (after backing everything up) and starting over. I have done this with
other Windows OS, including Win 2000, 95 and 98. Although it is always a
pain, I have never had a fraction the difficulty of doing this with Vista.
In addition to the constant need for user account approval, I keep running
into various "permission" problems that have had me wasting the last two days
just to get the computer running with a few of the most important programs.
Any help you can give me in overcoming Vista's permission mania would be very
much appreciated.

 

[Guest]

I've also noticed that the only way I can access Windows Mail right now is
with the user account controls off. In order to save my Mail accounts, email
boxes and saved emails, I restored the Mail folder from a backup file,
writing over the installed files in my newly reinstalled Vista. I now get
messages that Windows Mail cannot be started because it is currently being
used by another program, and another messages that MSOE.DLL could not be
initialized, however when user accounts controls are turned off, I can access
the program. Any suggestions on this? Thanks.

 

[Guest]

This is the first time I've posted anything here, but I've become
increasingly frustrated with the UAC myself. Is there some way to have the
rest of the great upgrades from XP that Windows Vista offersd without the too
tight security of the UAC. Everytime I turn around it seems that I'm being
denied access to something. I am a 52 year old married male and the kiuds
are both in college. I never had any of the security hassles with XP. Is
micro soft going to do something about the problems with Vista and start
trying to make it as reliable and friendly as XP? Larry I hope you gety an
answer to your problems instyead of more frustration!

 

[DevilsPGD]

In message <[email protected]> zoomer96

This is the first time I've posted anything here, but I've become
increasingly frustrated with the UAC myself. Is there some way to have the
rest of the great upgrades from XP that Windows Vista offersd without the too
tight security of the UAC. Everytime I turn around it seems that I'm being
denied access to something. I am a 52 year old married male and the kiuds
are both in college. I never had any of the security hassles with XP. Is
micro soft going to do something about the problems with Vista and start
trying to make it as reliable and friendly as XP? Larry I hope you gety an
answer to your problems instyead of more frustration!

There are some fairly critical design flaws in Windows, going back to
the DOS based versions of Windows. They're trivially simple to solve,
except that many older apps don't work, and people scream when backward
compatibility is lost.

The MacOS world went for a more or less ground up rewrite, losing a
substantial amount of backward compatibility in the process, resulting
in a relatively secure, stable OS. Microsoft can easily do the same,
just ditch your old apps, and use Microsoft approved hardware.

UAC is a middle ground hack, it lets you continue to run older apps
without requiring full administrative access the full time.

 

[Guest]

I've discovered a couple of things that might be helpful since I wrote
earlier. Hotsync Manager (for syncing with my Palm TX handheld) seems to be
blocked in the Quick Launch bar EVERY TIME I start the computer. I don't
mind being asked the first time it tries to launch, but there is hopefully
some way to enable Vista to get the fact that this is an approved program and
not ask me again. I would also like to able to give blanket approval for
programs that I know are safe, and which I run frequently. Do you know of
any way to do this, give an "always approve this program" rating to a
program? The issue about Windows Mail seems to be similar. If I either shut
off UAC, or, when running with UAC on do a "run as administrator", it works
fine. If I don't run as administrator, it won't work. This was not the
way the program used to run before I reformatted and reinstalled, neither
does it work that way on my laptop, which is what I'm using at the moment.
Any assistance to getting these bugs worked out will be appreciated,
hopefully in a way that will let me continue to run UAC.

 

[DevilsPGD]

In message <[email protected]> Larry S.

OK, you've got me interested. What is the threat that UAC mitigates, and is
there any other way to deal with it?

UAC does *not* attempt to authenticate the user in any way, shape or
form as configured out of the box. UAC is entirely about AUTHORIZATION,
not about AUTHENTICATION.

(That being said, with group policies you can set UAC to request a
password before elevating, or you can simply run as a limited user, in
which case UAC will require administrative credentials to be provided
before elevating)

Okay, with that out of the way, what are we authenticating?

Well, in short, UAC is a way of running as a limited user rather then an
administrator. This prevents an application from compromising your
system, and instead limits the application to compromising your data.

Sony's various rootkits for example, would generate a popup before
installing. Web browsers (especially IE, since it uses "Protected
Mode", which is even more isolated) and other apps which process
externally supplied data are especially susceptible to buffer overruns,
UAC effectively prevents a buffer overrun in your browser from being
able to launch code that modifies system settings, or otherwise digs
very deep into your system.

(Actually, UAC doesn't really do much of that. Running as a limit user
does the trick. UAC also allows applications to write to certain areas
of the drive without permission, but those changes are virtualized, so
that when a different user logs in, those changes don't exist)

Also, when Windows defender blocks a
program from the quick launch bar, how can I get it to stop doing that? The
particular program it was giving me a hard time with was Palm Hotsync, which
lets me sync my palm TX handheld with both Outlook and Dataviz Documents To
Go. I use these on a daily basis in my work, and do not have time to spend
hours trying to convince a recalcitrant computer that it can let that program
boot normally.

Palm needs to get it's head out of 1995 and fix their crapware. And I
say that as a very loyal Palm user (Owner of one or more IIIe, IIIxe,
m505, Zire71, TE2, TX, LifeDrive, Treo 650 and Treo 680 devices over the
years)

There are a few tricks to getting HotSync mostly working, but as far as
I know, you will likely never get the installers (Quick or Original)
working. The biggest thing is to never, ever, EVER, Hotsync while a
Palm installer is running, or immediately after. After installing
anything at all Palm related, shut down Hotsync, and restart it.

Secondly, Dataviz's software won't run properly at all, although rumour
has it that Palm's beta Vista compatible Hotsync, plus DTG10 will get
you working. I haven't bothered, I simply installed DTG10 on my PDA
directly and I move files back and forth using SD cards, and/or email,
rather then HotSyncing this data.

 

[Guest]

Thanks for the information. What is frustrating to me is that before my
reinstall of Vista, I had Palm and DTG 10 working quite well. I am using
Palm 4.2 with my TX. The problems only began after I did a clean reinstall
of the system. Since then, whenever I boot up I am informed that Windows
blocked a program, and I need to click on it to get Activesync Manager
working. This was not happening before. In addition, when I do a "view
log", I get a message on top that activeX was blocked, and I need to click
there each time to complete the log (although I have yet to figure out what
it adds).

I solved my Windows mail problem with a workaround. After the system
reinstall and restore of Mail, Windows mail would only work when UAC was
turned off. Finally I brought it up, exported accounts, contacts, and
messages, deleted everything in the Mail folder, and when it re-opened,
imported everything I had exported. It is now working normally. What I
can't understand is why these things have been happening. Also, if I want a
program to open every time, why is there no way to instruct UAC that that
particular program is safe and can be trusted? Do you have any information
on these issues, or any insight as to what might be going on? Thanks.

 

[DevilsPGD]

In message <[email protected]> Larry S.

Thanks for the information. What is frustrating to me is that before my
reinstall of Vista, I had Palm and DTG 10 working quite well. I am using
Palm 4.2 with my TX. The problems only began after I did a clean reinstall
of the system. Since then, whenever I boot up I am informed that Windows
blocked a program, and I need to click on it to get Activesync Manager
working. This was not happening before.

Were you using HotSync, or ActiveSync?

Assuming HotSync (AFAIK ActiveSync is only Windows-based OSes, I'm
assuming your Palm is PalmOS, but I'm completely unfamiliar with Windows
based Palm PDAs)

Same question as I already typed below, did you reinstall, or restore
any data, and if so, how did you backup/restore?

I solved my Windows mail problem with a workaround. After the system
reinstall and restore of Mail, Windows mail would only work when UAC was
turned off. Finally I brought it up, exported accounts, contacts, and
messages, deleted everything in the Mail folder, and when it re-opened,
imported everything I had exported. It is now working normally. What I
can't understand is why these things have been happening.

It almost sounds like either a permissions issue (did you copy or move
the files from a backup? Was that backup on a NTFS hard drive, or
CD/DVD or something else?)

Or that a bunch of EXEs got flagged as "run as administrator", although
that would be tougher to do on your own -- Also, the fix you described
wouldn't work.

Also, if I want a
program to open every time, why is there no way to instruct UAC that that
particular program is safe and can be trusted?

Short answer, and it's one I venomously disagree with, is one of two...

1) That too many poorly written programs wouldn't bother to fix their
code, and would instead force the "always run as administrator" flag.
Remember, any program that runs this way has 100% privileges over your
entire system, which means a buffer overrun in that app could end up
running unwanted code.

2) That too many users would list cmd.exe or similarly exploitable
programs, which results in the same threat as #1.

Like I said, I disagree entirely with the lack of automated elevation,
but it is what it is. You can work around some, although not all, of
the issues.