Vista - On the UAC...leave it alone!

02-08-2008

My experience with the Vista UAC, despite all of the complaints and
suggestions to turn it off entirely has been good. I find that once i'm
finished with the initial set up of the machine and i've moved on to a
normal workload, it almost never appears and when it does, it tells me
that i'm doing something that could potentially have an adverse impact
on the computer. It's not as intrusive as the Mac ads and the internet
at large seem to think. I'd suggest that, unless you are doing
system-altering tasks on a daily basis, leave it as is and don't disable
it. The need to hit one extra button is nothing compared to the number
of times in the past that i've inadvertantly managed to mess something
up.

--
schatenjager
Posted via http://www.vistaheads.com

02-08-2008

How to disable UAC prompts and retain UAC security:

Run Regedit and navigate to

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]

Change the value of ConsentPromptBehaviorAdmin from "2" to "0".

"schatenjager" <schatenjager.34he42@xxxxxx-mx.forums.vistaheads.com> wrote in
message news:schatenjager.34he42@xxxxxx-mx.forums.vistaheads.com...

Quote:

>
> My experience with the Vista UAC, despite all of the complaints and
> suggestions to turn it off entirely has been good. I find that once i'm
> finished with the initial set up of the machine and i've moved on to a
> normal workload, it almost never appears and when it does, it tells me
> that i'm doing something that could potentially have an adverse impact
> on the computer. It's not as intrusive as the Mac ads and the internet
> at large seem to think. I'd suggest that, unless you are doing
> system-altering tasks on a daily basis, leave it as is and don't disable
> it. The need to hit one extra button is nothing compared to the number
> of times in the past that i've inadvertantly managed to mess something
> up.
>
>
> --
> schatenjager
> Posted via http://www.vistaheads.com
>

02-08-2008

> How to disable UAC prompts and retain UAC security:

A contradiction in terms. As I understand it from reading the MS White
Papers on UAC, in effect each UAC prompt is silently answered with a "Yes"
with this setting. This removes one of the key advantages of UAC: the
computer no longer warns you when something with security implications is
about to happen.

Suppose you are happily typing away in Word, and suddenly a UAC prompt
appears. You can be damn sure it's because of some malware and can say
"No". With UAC prompts disabled it gets a "Yes" automatically, and the
malware goes away happy.

Unless I've misunderstood the situation. Does anyone know better?

I agree with the OP: UAC is such a tiny annoyance after the initial set up
period that I don't mind it at all. I'm rather glad I get a warning when
something with security implications is about to happen.

Any why do Mac users mock it? The Mac (like virtually all Unix variants)
uses elevation prompts in much the same way as Vista uses UAC prompts.
What's the difference?

SteveT

02-08-2008

I think this will interest you.
http://4sysops.com/archives/why-and-...top-prompting/

"Steve Thackery" <nobody@xxxxxx> wrote in message
news:%231Q5cUraIHA.4712@xxxxxx

Quote:

>> How to disable UAC prompts and retain UAC security:

>
> A contradiction in terms. As I understand it from reading the MS White
> Papers on UAC, in effect each UAC prompt is silently answered with a "Yes"
> with this setting. This removes one of the key advantages of UAC: the
> computer no longer warns you when something with security implications is
> about to happen.
>
> Suppose you are happily typing away in Word, and suddenly a UAC prompt
> appears. You can be damn sure it's because of some malware and can say
> "No". With UAC prompts disabled it gets a "Yes" automatically, and the
> malware goes away happy.
>
> Unless I've misunderstood the situation. Does anyone know better?
>
> I agree with the OP: UAC is such a tiny annoyance after the initial set up
> period that I don't mind it at all. I'm rather glad I get a warning when
> something with security implications is about to happen.
>
> Any why do Mac users mock it? The Mac (like virtually all Unix variants)
> uses elevation prompts in much the same way as Vista uses UAC prompts.
> What's the difference?
>
> SteveT

02-09-2008

In message <e2uO2yvaIHA.5400@xxxxxx> Man-wai Chang ToDie
<toylet.toylet@xxxxxx> wrote:

Quote:

>> A contradiction in terms. As I understand it from reading the MS White
>> Papers on UAC, in effect each UAC prompt is silently answered with a
>> "Yes" with this setting. This removes one of the key advantages of UAC:
>> the computer no longer warns you when something with security
>> implications is about to happen.

>
>This brings up a question: can we change the way the UAC prompt us?
>
>Could we change the prompt to ask for a password regardless of my
>current privilege?

Yes. If you have Business or Ultimate, take a look at the group policy,
there are actually several different options available.

02-09-2008

"Man-wai Chang ToDie" <toylet.toylet@xxxxxx> wrote in message
news:%23jehI24aIHA.5784@xxxxxx

Quote:

> Bob wrote:

Quote:

>> You don't need to do something just because Vista "wants" you to, it's
>> your computer.

>
> Micro$oft security means doing things they believe to be correct. I don't
> think Window$ was designed and coded to support user-definable security.
>

That's what GPOs are. I happen to be one of the people on the committee at
my company that defines the security and how it is applied on computers, not
Microsoft.

They publish guidelines of how they think things should be configured in
different environments (like the EC security profile, SSLF, etc...) but it
is up to individuals on how they will implement and which settings they will
use and how they will configure them.

02-10-2008

"Man-wai Chang ToDie" <toylet.toylet@xxxxxx> wrote in message
news:O%236s%2345aIHA.4180@xxxxxx

Quote:

>> They publish guidelines of how they think things should be configured in
>> different environments (like the EC security profile, SSLF, etc...) but
>> it is up to individuals on how they will implement and which settings
>> they will use and how they will configure them.

>
> So could Vi$ta security framework(?) do what you really want to do
> overall?

That all depends on what it is you want it to do. It is very flexible, just
requires a lot of work learning all that is in there.

We're still working on our GPOs, fine tuning them and such to find a balance
between tight security and application compatibility and minimize feature
shock to the end users.

02-11-2008

Unfortunately, you need to determine what it is you want it to do and stick
with it.
Vista remembers what settings were used at the time programs are installed
or updated. If you elect to change those settings after installation, your
programs may have problems running correctly.

IMO Microsoft turned on way too much security for the average home user. I
did not have all these "bells and whistles" with prior versions of Windows
and _never_ had a problem. Now, I feel like the user in the Mac OS
commercial.

After months of answering this stupid prompt several times a day (Yes,
daily. I install and test software written in-house.) So, I turned UAC off.
Initially, there were no problems. But, slowly I started finding more and
more problems. (Probably due to automatic updates for those programs.) When
I finally determined UAC was the issue, I turned it back on. Then, the
problems got worse.

Turning the prompts off may always answer "yes" to the hidden questions, but
think of it as more of a "limited yes."

I basically had to reformat and start over.
I don't care how you set up your security, but decide on a path and stick
with it.

"Seth" <seth_lerman@xxxxxx> wrote in message
news:FBDADE75-DDC8-43DF-9D92-FBA44DD75063@xxxxxx

Quote:

>
> "Man-wai Chang ToDie" <toylet.toylet@xxxxxx> wrote in message
> news:O%236s%2345aIHA.4180@xxxxxx

Quote:

> >> They publish guidelines of how they think things should be configured

in

Quote:

> >> different environments (like the EC security profile, SSLF, etc...) but
> >> it is up to individuals on how they will implement and which settings
> >> they will use and how they will configure them.

> >
> > So could Vi$ta security framework(?) do what you really want to do
> > overall?

>
> That all depends on what it is you want it to do. It is very flexible,

just

Quote:

> requires a lot of work learning all that is in there.
>
> We're still working on our GPOs, fine tuning them and such to find a

balance

Quote:

> between tight security and application compatibility and minimize feature
> shock to the end users.
>

02-08-2008	#1 (permalink)
schatenjager n/a posts	On the UAC...leave it alone! My experience with the Vista UAC, despite all of the complaints and suggestions to turn it off entirely has been good. I find that once i'm finished with the initial set up of the machine and i've moved on to a normal workload, it almost never appears and when it does, it tells me that i'm doing something that could potentially have an adverse impact on the computer. It's not as intrusive as the Mac ads and the internet at large seem to think. I'd suggest that, unless you are doing system-altering tasks on a daily basis, leave it as is and don't disable it. The need to hit one extra button is nothing compared to the number of times in the past that i've inadvertantly managed to mess something up. -- schatenjager Posted via http://www.vistaheads.com
My System Specs

02-08-2008	#2 (permalink)
Bob n/a posts	Re: On the UAC...leave it alone! How to disable UAC prompts and retain UAC security: Run Regedit and navigate to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] Change the value of ConsentPromptBehaviorAdmin from "2" to "0". "schatenjager" <schatenjager.34he42@xxxxxx-mx.forums.vistaheads.com> wrote in message news:schatenjager.34he42@xxxxxx-mx.forums.vistaheads.com... Quote: > > My experience with the Vista UAC, despite all of the complaints and > suggestions to turn it off entirely has been good. I find that once i'm > finished with the initial set up of the machine and i've moved on to a > normal workload, it almost never appears and when it does, it tells me > that i'm doing something that could potentially have an adverse impact > on the computer. It's not as intrusive as the Mac ads and the internet > at large seem to think. I'd suggest that, unless you are doing > system-altering tasks on a daily basis, leave it as is and don't disable > it. The need to hit one extra button is nothing compared to the number > of times in the past that i've inadvertantly managed to mess something > up. > > > -- > schatenjager > Posted via http://www.vistaheads.com >
My System Specs

02-08-2008	#3 (permalink)
Steve Thackery n/a posts	Re: On the UAC...leave it alone! > How to disable UAC prompts and retain UAC security: A contradiction in terms. As I understand it from reading the MS White Papers on UAC, in effect each UAC prompt is silently answered with a "Yes" with this setting. This removes one of the key advantages of UAC: the computer no longer warns you when something with security implications is about to happen. Suppose you are happily typing away in Word, and suddenly a UAC prompt appears. You can be damn sure it's because of some malware and can say "No". With UAC prompts disabled it gets a "Yes" automatically, and the malware goes away happy. Unless I've misunderstood the situation. Does anyone know better? I agree with the OP: UAC is such a tiny annoyance after the initial set up period that I don't mind it at all. I'm rather glad I get a warning when something with security implications is about to happen. Any why do Mac users mock it? The Mac (like virtually all Unix variants) uses elevation prompts in much the same way as Vista uses UAC prompts. What's the difference? SteveT
My System Specs

02-08-2008	#4 (permalink)
Bob n/a posts	Re: On the UAC...leave it alone! I think this will interest you. http://4sysops.com/archives/why-and-...top-prompting/ "Steve Thackery" <nobody@xxxxxx> wrote in message news:%231Q5cUraIHA.4712@xxxxxx Quote: Quote: >> How to disable UAC prompts and retain UAC security: > > A contradiction in terms. As I understand it from reading the MS White > Papers on UAC, in effect each UAC prompt is silently answered with a "Yes" > with this setting. This removes one of the key advantages of UAC: the > computer no longer warns you when something with security implications is > about to happen. > > Suppose you are happily typing away in Word, and suddenly a UAC prompt > appears. You can be damn sure it's because of some malware and can say > "No". With UAC prompts disabled it gets a "Yes" automatically, and the > malware goes away happy. > > Unless I've misunderstood the situation. Does anyone know better? > > I agree with the OP: UAC is such a tiny annoyance after the initial set up > period that I don't mind it at all. I'm rather glad I get a warning when > something with security implications is about to happen. > > Any why do Mac users mock it? The Mac (like virtually all Unix variants) > uses elevation prompts in much the same way as Vista uses UAC prompts. > What's the difference? > > SteveT
My System Specs

02-09-2008	#5 (permalink)
DevilsPGD n/a posts	Re: On the UAC...leave it alone! In message <e2uO2yvaIHA.5400@xxxxxx> Man-wai Chang ToDie <toylet.toylet@xxxxxx> wrote: Quote: Quote: >> A contradiction in terms. As I understand it from reading the MS White >> Papers on UAC, in effect each UAC prompt is silently answered with a >> "Yes" with this setting. This removes one of the key advantages of UAC: >> the computer no longer warns you when something with security >> implications is about to happen. > >This brings up a question: can we change the way the UAC prompt us? > >Could we change the prompt to ask for a password regardless of my >current privilege? Yes. If you have Business or Ultimate, take a look at the group policy, there are actually several different options available.
My System Specs

02-09-2008	#6 (permalink)
Seth n/a posts	Re: On the UAC...leave it alone! "Man-wai Chang ToDie" <toylet.toylet@xxxxxx> wrote in message news:%23jehI24aIHA.5784@xxxxxx Quote: > Bob wrote: Quote: >> You don't need to do something just because Vista "wants" you to, it's >> your computer. > > Micro$oft security means doing things they believe to be correct. I don't > think Window$ was designed and coded to support user-definable security. > That's what GPOs are. I happen to be one of the people on the committee at my company that defines the security and how it is applied on computers, not Microsoft. They publish guidelines of how they think things should be configured in different environments (like the EC security profile, SSLF, etc...) but it is up to individuals on how they will implement and which settings they will use and how they will configure them.
My System Specs

02-10-2008	#7 (permalink)
Seth n/a posts	Re: On the UAC...leave it alone! "Man-wai Chang ToDie" <toylet.toylet@xxxxxx> wrote in message news:O%236s%2345aIHA.4180@xxxxxx Quote: Quote: >> They publish guidelines of how they think things should be configured in >> different environments (like the EC security profile, SSLF, etc...) but >> it is up to individuals on how they will implement and which settings >> they will use and how they will configure them. > > So could Vi$ta security framework(?) do what you really want to do > overall? That all depends on what it is you want it to do. It is very flexible, just requires a lot of work learning all that is in there. We're still working on our GPOs, fine tuning them and such to find a balance between tight security and application compatibility and minimize feature shock to the end users.
My System Specs

02-11-2008	#8 (permalink)
Mark n/a posts	Re: On the UAC...leave it alone! Unfortunately, you need to determine what it is you want it to do and stick with it. Vista remembers what settings were used at the time programs are installed or updated. If you elect to change those settings after installation, your programs may have problems running correctly. IMO Microsoft turned on way too much security for the average home user. I did not have all these "bells and whistles" with prior versions of Windows and _never_ had a problem. Now, I feel like the user in the Mac OS commercial. After months of answering this stupid prompt several times a day (Yes, daily. I install and test software written in-house.) So, I turned UAC off. Initially, there were no problems. But, slowly I started finding more and more problems. (Probably due to automatic updates for those programs.) When I finally determined UAC was the issue, I turned it back on. Then, the problems got worse. Turning the prompts off may always answer "yes" to the hidden questions, but think of it as more of a "limited yes." I basically had to reformat and start over. I don't care how you set up your security, but decide on a path and stick with it. "Seth" <seth_lerman@xxxxxx> wrote in message news:FBDADE75-DDC8-43DF-9D92-FBA44DD75063@xxxxxx Quote: > > "Man-wai Chang ToDie" <toylet.toylet@xxxxxx> wrote in message > news:O%236s%2345aIHA.4180@xxxxxx Quote: Quote: > >> They publish guidelines of how they think things should be configured in Quote: Quote: Quote: > >> different environments (like the EC security profile, SSLF, etc...) but > >> it is up to individuals on how they will implement and which settings > >> they will use and how they will configure them. > > > > So could Vi$ta security framework(?) do what you really want to do > > overall? > > That all depends on what it is you want it to do. It is very flexible, just Quote: > requires a lot of work learning all that is in there. > > We're still working on our GPOs, fine tuning them and such to find a balance Quote: > between tight security and application compatibility and minimize feature > shock to the end users. >
My System Specs

Similar Threads
Thread	Forum
Leave your gonk on or off?	General Discussion
Leave Messages on Server	Vista mail
Help! None of my messages will leave the outbox	Vista mail
Can you leave XP installed	Vista General
Can you leave XP installed	Vista General