First, please do not give me the Microsoft rhetoric about how wonderful UAC is and why it is important for my own safety. I'm an MCSE with 19 years of professional computer admin experience. I understand security and why it is important. That's why I am looking for a safe alternative to disabling User Access Control in Vista when all I want to do is have an application automatically launch at Windows startup.
While I do have a specific application that is giving me this problem, my research into a solution tells me that this would be better addressed in a general way, since there are several variations on a theme for this question.
The program I am trying to auto-start when Windows boots is configured to run as a service at startup. When the application attempts to run its administrative panel in the notification area and run some other services, it brings up the UAC nag screen informing me that "An unknown program wants access to your computer". Additionally, the application has an "unknown publisher".
The whole "unknown" part is apparently the problem. Since Microsoft requires publishers to have a certificate or something to become "trusted" (which is akin to demanding extortion money from publishers in my opinion). This is a free, open-source port of a Linux utility that is very useful. I understand why the publisher has no interest in becoming "trusted" so it's not really an option to pester the developer to do so.
The application does not appear to require administrative rights (and "Run as administrator" is unchecked in the Compatibility tab of the application properties), but since UAC is being triggered, it must do something that UAC doesn't like.
Since this application launches several vital services on a remote machine, it's a gigantic pain to have to login just to approve the service every time the computer reboots.
I could disable UAC (and since this is basically acting as a stand-in for a real server, that might be best), but I want to prove that it's possible to keep UAC enabled and still have a fully functional and safe Vista machine (I want to prove that the Redmond Kool-Aid can work). I also could shut off Automatic Updates so that the computer doesn't restart itself automatically after every update, but that lessens the security of the machine.
In short, it seems that the very act of attempting to keep my computer safe via UAC is going to force me to have to defeat one or more security features just to allow me to run the software automatically.
Is there (and if not, why not?) a way to add a whitelist of UAC-exempt applications to a computer? Possibly a registry setting, a group or local security policy, an .INI file, or something else? Every antivirus application I can think of allows manual whitelisting of files that would otherwise be flagged--why can't Vista?
I think there is a mindset at Microsoft that users either have to be coddled (i.e., UAC) or be allowed to hose their own system (disable UAC and damn the consequences). A far better third-option should be available: allow people to carve out exceptions within the overall security rather than disable it entirely.
If someone has a solution, I'd love to know it.
If not, does anyone know who to contact at Microsoft to plead with them to come up with a way to do that so we don't have to disable security just to run known safe programs from untrusted publishers?