On the UAC...leave it alone!

Discussion in 'Windows Vista Security' started by schatenjager, Feb 8, 2008.

  1. schatenjager

    schatenjager Guest

    My experience with the Vista UAC, despite all of the complaints and
    suggestions to turn it off entirely has been good. I find that once i'm
    finished with the initial set up of the machine and i've moved on to a
    normal workload, it almost never appears and when it does, it tells me
    that i'm doing something that could potentially have an adverse impact
    on the computer. It's not as intrusive as the Mac ads and the internet
    at large seem to think. I'd suggest that, unless you are doing
    system-altering tasks on a daily basis, leave it as is and don't disable
    it. The need to hit one extra button is nothing compared to the number
    of times in the past that i've inadvertantly managed to mess something
    up.
     
    schatenjager, Feb 8, 2008
    #1
    1. Advertisements

  2. schatenjager

    Bob Guest

    How to disable UAC prompts and retain UAC security:

    Run Regedit and navigate to

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

    Change the value of ConsentPromptBehaviorAdmin from "2" to "0".
     
    Bob, Feb 8, 2008
    #2
    1. Advertisements

  3. How to disable UAC prompts and retain UAC security:

    A contradiction in terms. As I understand it from reading the MS White
    Papers on UAC, in effect each UAC prompt is silently answered with a "Yes"
    with this setting. This removes one of the key advantages of UAC: the
    computer no longer warns you when something with security implications is
    about to happen.

    Suppose you are happily typing away in Word, and suddenly a UAC prompt
    appears. You can be damn sure it's because of some malware and can say
    "No". With UAC prompts disabled it gets a "Yes" automatically, and the
    malware goes away happy.

    Unless I've misunderstood the situation. Does anyone know better?

    I agree with the OP: UAC is such a tiny annoyance after the initial set up
    period that I don't mind it at all. I'm rather glad I get a warning when
    something with security implications is about to happen.

    Any why do Mac users mock it? The Mac (like virtually all Unix variants)
    uses elevation prompts in much the same way as Vista uses UAC prompts.
    What's the difference?

    SteveT
     
    Steve Thackery, Feb 9, 2008
    #3
  4. schatenjager

    Bob Guest

  5. A contradiction in terms. As I understand it from reading the MS White
    This brings up a question: can we change the way the UAC prompt us?

    Could we change the prompt to ask for a password regardless of my
    current privilege?


    --
    @~@ Might, Courage, Vision, SINCERITY.
    / v \ Simplicity is Beauty! May the Force and Farce be with you!
    /( _ )\ (Xubuntu 7.04) Linux 2.6.24.1
    ^ ^ 17:17:01 up 3:30 0 users load average: 1.02 1.02 1.00
    ? ? (CSSA):
    http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa/
     
    Man-wai Chang ToDie, Feb 9, 2008
    #5
  6. How to disable UAC prompts and retain UAC security:

    I think for Vi$ta, we need to stop using the admin account even when you
    are the only user of the PC. Vi$ta wants us to work with the UAC, not
    against it.

    --
    @~@ Might, Courage, Vision, SINCERITY.
    / v \ Simplicity is Beauty! May the Force and Farce be with you!
    /( _ )\ (Xubuntu 7.04) Linux 2.6.24.1
    ^ ^ 17:18:01 up 3:31 0 users load average: 1.04 1.03 1.00
    ? ? (CSSA):
    http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa/
     
    Man-wai Chang ToDie, Feb 9, 2008
    #6
  7. schatenjager

    Bob Guest

    You don't need to do something just because Vista "wants" you to, it's your
    computer.
     
    Bob, Feb 9, 2008
    #7
  8. schatenjager

    DevilsPGD Guest

    In message <> Man-wai Chang ToDie
    Yes. If you have Business or Ultimate, take a look at the group policy,
    there are actually several different options available.
     
    DevilsPGD, Feb 9, 2008
    #8
  9. Could we change the prompt to ask for a password regardless of my
    Thanks. I am using 64-bit Ultimate.

    --
    @~@ Might, Courage, Vision, SINCERITY.
    / v \ Simplicity is Beauty! May the Force and Farce be with you!
    /( _ )\ (Xubuntu 7.04) Linux 2.6.24.1
    ^ ^ 10:33:01 up 20:46 0 users load average: 0.08 0.03 0.01
    ? ? (CSSA):
    http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa/
     
    Man-wai Chang ToDie, Feb 10, 2008
    #9
  10. Micro$oft security means doing things they believe to be correct. I
    don't think Window$ was designed and coded to support user-definable
    security. :)

    --
    @~@ Might, Courage, Vision, SINCERITY.
    / v \ Simplicity is Beauty! May the Force and Farce be with you!
    /( _ )\ (Xubuntu 7.04) Linux 2.6.24.1
    ^ ^ 10:34:01 up 20:47 0 users load average: 0.07 0.04 0.01
    ? ? (CSSA):
    http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa/
     
    Man-wai Chang ToDie, Feb 10, 2008
    #10
  11. schatenjager

    Seth Guest

    That's what GPOs are. I happen to be one of the people on the committee at
    my company that defines the security and how it is applied on computers, not
    Microsoft.

    They publish guidelines of how they think things should be configured in
    different environments (like the EC security profile, SSLF, etc...) but it
    is up to individuals on how they will implement and which settings they will
    use and how they will configure them.
     
    Seth, Feb 10, 2008
    #11
  12. They publish guidelines of how they think things should be configured in
    So could Vi$ta security framework(?) do what you really want to do overall?

    --
    @~@ Might, Courage, Vision, SINCERITY.
    / v \ Simplicity is Beauty! May the Force and Farce be with you!
    /( _ )\ (Xubuntu 7.04) Linux 2.6.24.1
    ^ ^ 12:34:01 up 22:47 0 users load average: 0.06 0.04 0.00
    ? ? (CSSA):
    http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa/
     
    Man-wai Chang ToDie, Feb 10, 2008
    #12
  13. schatenjager

    Seth Guest

    That all depends on what it is you want it to do. It is very flexible, just
    requires a lot of work learning all that is in there.

    We're still working on our GPOs, fine tuning them and such to find a balance
    between tight security and application compatibility and minimize feature
    shock to the end users.
     
    Seth, Feb 10, 2008
    #13
  14. schatenjager

    Mark Guest

    Unfortunately, you need to determine what it is you want it to do and stick
    with it.
    Vista remembers what settings were used at the time programs are installed
    or updated. If you elect to change those settings after installation, your
    programs may have problems running correctly.

    IMO Microsoft turned on way too much security for the average home user. I
    did not have all these "bells and whistles" with prior versions of Windows
    and _never_ had a problem. Now, I feel like the user in the Mac OS
    commercial.

    After months of answering this stupid prompt several times a day (Yes,
    daily. I install and test software written in-house.) So, I turned UAC off.
    Initially, there were no problems. But, slowly I started finding more and
    more problems. (Probably due to automatic updates for those programs.) When
    I finally determined UAC was the issue, I turned it back on. Then, the
    problems got worse.

    Turning the prompts off may always answer "yes" to the hidden questions, but
    think of it as more of a "limited yes."

    I basically had to reformat and start over.
    I don't care how you set up your security, but decide on a path and stick
    with it.
     
    Mark, Feb 11, 2008
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.