Admin cant even admin my own computer!

Discussion in 'Windows Vista Administration' started by Marcc, Jun 29, 2007.

  1. Marcc

    Marcc Guest

    Hump! Wonder when the day will arrive that Microsoft will finally come up
    with a model for administration and user accounts that is simple to
    understand, simple to use, and makes logical sense to us simple folks!

    So my account that I log in under, is deemed to be an admin account under
    Vista Home Premium. Yet when I login, I still cannot access some folders,
    (such as My Pictures under My Documents under my home folder) nor can I
    change the permissions nor can I do any darn thing with said folder. YET I AM
    LOGGED IN AS AN ADMINISTRATOR account!

    It sure seems to me that IF I am am logged in as an administrator, on my OWN
    laptop, in my OWN network world, as the SOLE user of said laptop THEN I
    should be allowed to use my own laptop as I see fit and not have to deal
    with all this damn security nonsense. How in the world do I, a simple user,
    in a simple home environment, get control of my own computer and run it in a
    simple intuitive fashion? Why should it take me hours of fiddling around with
    settings to set up my laptop to work in such a simple environment? I have
    hunted and hunted and I still cannot figure out how to do the simplest of
    tasks such as store pictures in a folder obviously meant for such a
    purpose.... What a mess!
     
    Marcc, Jun 29, 2007
    #1
    1. Advertisements

  2. Marcc

    Jane C Guest

    Hi,

    My Pictures and My Documents are not real folders in Vista. They are
    junction points and are there for backwards compatibility. If you notice,
    they are shaded out with a shortcut arrow on them. The 'My' designation is
    not used in Vista.

    C:\Users\YOURNAME\Documents is the Vista documents folder.

    C:\Users\YOURNAME\Pictures
    C:\Users\YOURNAME\Music etc.

    You are only seeing the 'My Documents' type junction points because you have
    elected to show hidden files and folders, and protected operating system
    files.
     
    Jane C, Jun 30, 2007
    #2
    1. Advertisements

  3. Marcc

    Marcc Guest

    Thanks Jane for your reply... It sounds like you may actually have some
    inside knowledge or connections with the Vista designers so I am going to
    reply from the perspective that I am talking to someone inside Microsoft. And
    I speak from the perspective of being a long time software designer myself.

    From my perspective, I think Microsoft has stepped off the edge of planet
    Reality, and is headed down the rabbit hole.... Gosh I long for the days when
    a folder is a folder, a file is a file, shortcuts ALWAYS work and assignments
    of permissions to control who can and who can not view something is all done
    following a few simple easy to understand concepts...

    Of course I turned on viewing hidden files, in the past I have found it
    absolutely necessary in order to gain some control back over my computer and
    to help me understand it. (Save me from those who want to save me from
    myself!) There is no excuse for the wizards at Microsoft not to design and
    TEST a gui so that it effectively guides their users to the solutions they
    need. Regardless of the user's experience level, novice or expert, and
    regardless of whether they have turned on advance settings, the GUI's should
    NEVER lead them into traps such as this one did me. When those wizards design
    an interface that tells the user that they don't have permissions to open a
    folder, or cannot change permissions on what appears to be a shortcut, that
    message leads them to believe that there is a problem with permissions,
    either with the users own account permissions or with the permissions of the
    folder the shortcut is pointing to. In NO WAY does it lead me, or anyone else
    living on planet Reality, to come to a conclusion that we are trying to open
    some "junction point" backwards compatible nonexistant mystical link to
    nowhereland.

    Nor does this GUI design convey, in any sense, the meaning that a slightly
    grayed out folder with an arrow on it means one is viewing a hidden "junction
    point" file. Where is the handy nearby legend for your icon usage? Where is
    the message/description/documentation about this icon? NOT in the Properties
    where one might expect such. NOR in the error message I got that should have
    taught me the meaning of this icon. If it is buried in some help file or
    document elsewhere then how is it made easily discoverable by the user? I
    have looked since and still cannot find anything on these slightly grayed out
    folder icons with an arrow on em. And without a PhD in Vista operating
    systems/GUI's how are we users ever suppose to guess that "My" no longer
    means MY in this new Vista wonderland?

    SO withstanding your implication that this was my fault because I am dumb
    enough to want to view hidden files, I remain firm in my belief that this is
    yet another example of a poorly thought out user interface design on the part
    of Microsoft engineers/management. THIS IS A BUG PERIOD! I say again it is
    the responsibility of the GUI designers to design a user interface that leads
    their users to a good and proper solutions for the tasks that they are trying
    to accomplish. If I see an icon labeled "My Pictures" and I click on it,
    regardless of the fact that I am viewing a hidden shortcut, what do you
    suppose is the task I am trying to accomplish? And if I am told I don't have
    permission to open said shortcut what do the Microsoft wizards think will my
    new goal will become? Why isn't the GUI guiding me to a proper solution? (I
    will admit that saying I don't have permissions is slightly better than many
    Microsoft error messages that simply translate to "I'm sorry user, I can't do
    that and I can't help you so go find some non-existent administrator to help
    you, but nevertheless it did NOT help me find the correct solution to my
    attempt to open the folder this apparent shortcut was pointing to.) It is
    never excusable to put in something as misleading as these folders and the
    associated error messages in the user interface and require the poor computer
    user to have a PhD in Microsoft Vista software in order to understand what
    they mean and why they cannot be used...

    IMHO my experiences with Vista is leading me to believe once again that
    Microsoft has focused on adding flashy bells and whistles, NOT on building a
    solid well thought out user interface with an intuitive and robust operating
    system behind it. This is NOT the only problem I have encountered in Vista,
    just the first one I complained about on this forum..


    Marc...
     
    Marcc, Jun 30, 2007
    #3
  4. On Fri, 29 Jun 2007 10:36:02 -0700, Marcc
    Heh - they keep changing things, then having to leave legacy
    workarounds so last year's software will still work ;-)
    It's not a permissions issue. What you are seeing - and seeing only
    because you changed the shell settings to see "everything" - are
    junctions, rather than actual folders.

    A "junction" is like a shortcut, but it works at a deeper level of the
    NTFS file system. It allows software that is expecting to find "My
    Pictures" in "My Documents" to pass through to the new Pictures
    location, which is no longer nested within Documents.

    That's a very good thing, IMO. Pictures, Music and Videos are huge,
    and embedding them within Documents makes Documents too large to
    easily back up in toto, and forces one to store it on a large volume.
    I prefer to un-nest these large stores, so that Documents can fit on a
    small volume on its own and can easily be backed up.

    But without those junctions, some old software wouldn't work. Sure,
    it would work if it derived such paths from the registry, but
    sometimes software is not written "properly" and may just read the
    path for Documents and ASSume Pics etc. are under there.
    In this case, it's not "security nonsense". The reaon you can't
    navigate into those locations is not because you are not allowed to,
    but because they aren't actually locations at all.

    It's like finding a painting of your car on a wall, and wondering why
    your car keys won't open the door :)


    Tip Of The Day:
    To disable the 'Tip of the Day' feature...
     
    cquirke (MVP Windows shell/user), Jun 30, 2007
    #4
  5. Marcc

    Marcc Guest

     
    Marcc, Jul 1, 2007
    #5
  6. Marcc

    joxy Guest

    An example:
    I have a simple notepad document that I want to save direct on to a
    partition, not into a folder. There are 3 partitions on each of 2 hard drives
    for me to choose from. When I choose to save to D E G or H, no problem. When
    I chose C Vista produces a message: "You don't have permission to save in
    this location. Contact the administrator to obtain permission. Would you like
    to save in the Documents folder instead?" -No, I wouldn't; I want Vista to do
    what I told it to do! Choice of F produces a different, more concise, but
    totally incomprehensible jargon of a message: "A required privilege is not
    held by the client". C through H all have their properties set to "Allow:
    full control, change, read". I am the sole user of the computer, the
    "administrator" - ridiculous word.
     
    joxy, Jul 3, 2007
    #6
  7. Marcc

    Marcc Guest

    Thanks cquirke for your replay... Hmmm there are times I really HATE web
    browser email forms! Looks like my reply to you got lost so I will have to
    retype it..

    IMHO, if you ask me, it seems as if Microsoft has wandered off the edge of
    planet Reality on this one and gone down the rabbit hole. So now, in the
    magical Vista Wonderland you are telling me that someone on the Microsoft
    design team has come up with this marvelous notion of having folders/short
    cuts/"junction points" that don't really connect to anything except for
    backwards compatibility sake??? Nor do they inform the user in plain language
    that clicking on them won't get you anywhere??? Nor why the paradigm we have
    grown so accustom to has changed??? Nor why no magical
    protection/permissions/privilege incantation is going to work anymore! !!???
    Despite being TOLD that is what the problem really is! Despite being TOLD
    that we are "administrators" with God like powers to rule over our own
    computers??? Hump!!!

    WOW!!! I wonder how many billions and billions they paid those knuckleheads
    to frustrate their users? There just is no way that you or Microsoft can
    convince me that this was a "good idea"!!! And you say their rational is -
    that it breaks up folders that folks are using for large stores of
    information just to make backup processes even harder to configure??? NO
    SIR! I remain quite steadfast in my belief that this bit of the user
    interface design stinks and in no way will it ever lead us poor users out of
    the land of chaos! In plain English, this is a BAD idea, a BAD design and a
    BAD implementation that was BADLY tested. The whole purpose of GUI is to act
    as a guide that leads us users down the path to the realms of solutions where
    we can find nirvana and SOLVE our own problems. NOT into new messes such as
    this one, a goal the design teams at Microsoft seem to keep on
    misunderstanding...

    Marc.. (who is now wondering around in a maze of twisty little passages
    somewhere in a hall of mirrors, on a quest for new adventures looking for a
    Vista that is more than just a mirage full of junction points...)
     
    Marcc, Jul 6, 2007
    #7
  8. Marcc

    Jimmy Brush Guest

    Hello,

    Notepad has no business running with admin power 99% of the time (where
    it doesn't need access to drive C).

    So it doesn't get it.

    Unfortunately, Windows doesn't differentiate (yet) between "the program
    doesn't have access" and "the user doesn't have access".

    To run notepad with admin power, you have to right-click it and click
    run as administrator.

    A less than perfect solution, but it makes your computer much more
    secure, really puts you in control of what happens on your computer, and
    it makes sense after you learn how it works.
     
    Jimmy Brush, Jul 6, 2007
    #8
  9. On Fri, 6 Jul 2007 00:32:02 -0700, Marcc
    Tell be about it... try creating content on a Wiki that logs you out
    if "inactive" for 5 minutes, so that your edits are rejected and lost.

    Doesn't always happen; only when you've spent > 5 minitues, and
    therefore have more effort to waste.

    The key here is that when you edit via IE, you are editing a local
    file as managed internally by IE. Unlike Word, IE has no
    auto-save/recover facility for such material.

    Because your editing is done locally in IE, no keystrokes go to the
    site you assumed you were editing on.

    When no keystrokes arrive in X minutes, the site reasonably assumes
    you closed the page without logging out (a significant and common
    security risk) and kicks you off.
    No, they just listen to the loudest voices from those who buy the most
    expensive stuff (server OSs etc.) and who speakl their language - the
    professional IT system admins from the corporate world.

    There may be more of us in consumerland, but there are many reasons MS
    may not give us the attention we deserve:
    - there's no "voice" that represents us
    - what "voices" they are, don't speak the same (tech) language
    - we don't spend enough on MS products, comparitively speaking
    - our market is mainly fed via OEM, so MS talks to OEMs instead
    - no competitive threat (Linux is best suited to server/back-end)
    - we don't really matter, i.e. don't create "important" data etc.
    - all we need is "ease of use"

    So what we get is glossed-over hand-me-downs, i.e. products developed
    for the corporate world with some features ripped out and bigger dummy
    icons to be "easier to use".

    The realities are:
    - most consumers are buying replacement, not first, PCs
    - our needs are fundamentally different to corporate slaves

    I use the word "slave" in the sense of "wage slave". Corporates have
    the right to overrule user's control of the PC, but we as "home
    consumers" are supposed to be free. We aren't treated as free,
    though; all that happens is there's no-one holding the reins that are
    welded into the products we use, so they are left up for grabs.

    The whole idea of assigning rights according to "who" logged on, is
    totally misplaced in our world. Instead, we need limitation of rights
    assigned at the level of which program we are using.

    There's a slow sense of this clue in the Vista age, what with UAC that
    allows users to override what alleged "administrators" are trying to
    automate, and IE7's Protected Mode.

    Sure, it's ugly, but then again; how elegant were the first horseless
    carriages, compared to modern cars? Should we have stayed with horses
    forever, even when they don't "work" for city commutes?
    The MS design team's assumptions would be:
    - if you don't change default settings, you won't see them
    - if you do change default settings, you'll understand what you see

    The above is not unreasonable if you think that the defaults are OK.
    But once you realise the defaults also limit your ability to assess
    risk, and so increase the opportunity for malware to spoof you...

    http://cquirke.blogspot.com/2006/10/rungbua-exploits-bad-design.html

    ....then you're more likely to turn on the ability to see things like
    junctions, even though you didn't really want to see them and don't
    have the (new) skills needed to understand what you see.
    You aren't supposed to see them. If you do see them, there's an arrow
    on the icon that differs from the usual "shortcut" arrow. Once you
    understand what a junction is, you will know what to expect the next
    time you see those sort of arrows :)
    Frankly, MS's approach to user data has sucked ever since they started
    dabbling with it (when MS Office first imposed the "system object that
    cannot be changed" My Documents on us in Win9x or earlier.

    It sucks slightly less as time goes by, but they are still playing in
    a field they should either stay out of, or think through properly AND
    provide us with an easier UI to manage properly.

    In that sense, the changes in Vista...
    - bulky My Pictures/Videos/Music no longer nested in MyDocs
    - moving malware-risk downloads out of the MyDocs "data" set
    - shallower paths to these data locations
    ....are worthwhile. What we still need:
    - ability to pre-set shell folder paths for new-account prototype
    - better UI to relocate these objects
    - less bugginess when these objects are relocated
    - ability to create arbitrary new shell folder types and behaviors
    - safer defaults for hi-risk locations

    There's no risk awareness at all, though at least we have IE dumping
    downloads in Downloads instead of Documents. We still have IM clients
    dumping unsolicited incoming files in Documents, and email attachments
    are still hidden in message stores (though in a seprarate file per
    message); I'm still waiting for MS to catch up with what I've been
    doing since 1995. As others will have other ideas on where things
    should go, we really need a more open, flexible system.
    You're still missing it; junctions are not inaccessible because they
    "don't allow you" to access them, they simply are not capable of doing
    what you are trying to do with them.
    See tag.

    Some things can't be safely glossed over by an abstraction layer that
    ignores differences that matter - such as "open" vs. "run program",
    "edit data", "view data", or the differenvce between unique data you
    create and off-the-peg (possibly infected) material that you get from
    elsewhere, or arrives by unsolicited delivery.

    General advice: Learn now, rant later.

    IOW, pin down what things are (and maybe why they are so) rather than
    immediately ranting about what may be mistaken assumptions on your
    part. Yes, it's a problem if you aren't aware your assumptions no
    longer fit, but it is a different kind of problem.


    Things should be made as simple as possible,
    but no simpler - attrib. Albert Einstein
     
    cquirke (MVP Windows shell/user), Jul 7, 2007
    #9
  10. Marcc

    Jimmy Brush Guest

    Hopefully MS listens to our feedback as MVP's and from techbeta to
    represent the consumer viewpoint :)... well, I know they listen, but
    hopefully they take action based on this info (and I believe they do).

    AMEN!

    This is a good analogy; I view UAC in the same sort of way. I certainly
    hope Microsoft is thinking this way too.

    Agreed. I can't wait for the next generation data abstraction model,
    whatever it might be.

    I think in combination with a more fully fleshed out UAC, this could get
    very interesting (differentiating between files/data created by
    applications vs. created by the user [imagine full isolation of files
    and settings between applications, while still allowing the user to
    access the files and settings that they actually created themselves
    between apps], access controls on data per-app instead of just per-user,
    knowing which app created every file and registry setting, etc).
     
    Jimmy Brush, Jul 7, 2007
    #10
  11. That's what I see as the best contribution I could make as an MVP, as
    we are well positioned to act as "interpreters" for our clients and
    the techs who deliver client-orientated (as opposed to
    vendor-obligation) service.

    It's great making 1000 posts a year for 3 years helping people clean
    up Word macro viruses - but imagine if you could have been the missing
    voice of sanity that might have meant no version of MS Office ever
    automatically ran macros in "data" files?
    A large organization uses its people the way a stand-alone consumer
    uses their programs.

    For example, a bank will have people who do telephones, others with
    access to client records, and others who enter the vaults, etc. so any
    one of these people can walk up to any PC, login as their known and
    pigeon-holed identity, and be able to do (only) what they have to do.

    A consumer on a single PC does the same as the bank; they may have a
    spreadsheet open with client data in it, take a fax via some
    bundleware, play a game while waiting on the phone, catch the latest
    gossip and "dancing pigs" via email, etc.

    Each of these programs has different things the user expects them to
    (not) do, e.g. games have no business scratching in the data set,
    screen savers whould not "call home", email "message text" should not
    automate the PC etc. In the corporate world, 90% of these apps would
    not be there, and the user would be limited to appropriate tasks, so
    the problem is less acute than it is in our world.
    I hope so too, but who knows? MS is people, with different ideas as
    well as "blind spots" common to many of these, and to some extent it
    goes about which ideas prevail and get backed.

    UAC itself will prolly pass on; it's a bridging stopgap "shim" between
    XP's world of "programs rule, OK" to Vista's world where just because
    the logged-in user is "admin" doesn't mean every bit of code that runs
    gets full admin rights. There are (new) ways to write sware for Vista
    that won't throw up UAC prompts, and when these are widespread, we
    should see less "noise". A bit like Win32s in the 3.yuk era.
    Oh, I can wait... it's like watching an un-coordinated 8-year-old
    flailing around with a chainsaw (nervous laughter) :)
    You're talking context propagation, as facilitated (or at least, made
    tolerably efficient) by post-FATxx file systems. That's tough, and is
    the main reason why I recommend new design approaches as opposed to
    expecting these to have been done already.

    The problem is, that the internal surfaces between contexts will be
    massive in surface area, and (code being code) likely to be porous, so
    you can expect "context drift" exploits. We already have this between
    user account rights and security zones, as well as raw data-to-code
    exploits through buffer flaws etc.

    Designing and coding "the system" is only part of it - you have to
    also keep it responsive, as yesterday's safe data type could be
    today's exploit. The trick is to allow flexibility while preventing
    this from being automated, as is the case with malware attacks on the
    settings that control Safe Mode, firewall, zones, file associations,
    etc. It's also hard to retro-fit a per-program context trail to an OS
    that is built on OLE, and its extension to ActiveX.

    Step zero is to go back to safety basics, and check every new feature
    against these. I don't think the "Gates email" rethink on "security"
    got this; the impression I get is that the message was applied mainly
    at the trees-and-bark level of coding and sysadmin stuff, without
    informing the top level of UI design etc.

    Here's some conceptual arithmetic..
    (Easy to use safely) - (Easy to use) = (Safety Gap)
    1 / (Safety Gap) = (Trustwothiness of Computing)
    ....oversimplifying "Trusted Computing" to refer to only the middle and
    lower levels of the "trust stack", as per...

    http://cquirke.blogspot.com/2006/08/trust-stack.html


    Trsut me, I won't make a mistake!
     
    cquirke (MVP Windows shell/user), Jul 7, 2007
    #11
  12. Marcc

    Aly Guest

    I can sympathise with you here, last update came just as I was switching
    down as the local power company was switching off power for maintenance.
    So halfway through “do not switch off Microsoft down loading†the power was
    cut and in mid update to.
    On login I was surprised to see a deactivated user account of mine in place
    of what was before switch off an administrator user login.
    Now on log in I found either can I create a new admin user as it states
    there is already one, but I have lost not just connection logins but also the
    files to connect them.
    Admin is still well and health on the HD but I cannot get admin back into
    login and this user deleted.
    Frustrated, to dammed right I’m, like having the right key to your house but
    you can not get in unless some one unless lets you in and you are not allowed
    to touch or use anything!
    Microsoft cocked it up with an unscheduled upgrade as I set them at 4 in the
    morning and this was daytime.
    So I understand this, mind strangely enough, updates after 6 or more months
    of new Windows on market, cause crashes.
    Only problem is I like others have been suffering this virus that gets into
    the recovery system files, which have to be deleted?
    Never been a conspiracy theorist but after having Windows since my first and
    it was the first Windows to, the old 3.0, there has been 1 consistency in
    Windows systems?
    I wish you luck, me?? All I can see is expense of 200 or more DVD’s backing
    up and then starting “ALL OVER AGAINâ€, yeh I’m happy about that!
     
    Aly, Sep 3, 2007
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.