no password on UAC warning/alert . why?

I upgraded from XP to Window VIsta, when i upgrade there are no other account
I'm the only Administrator and i put password but it does not ask me for a
password when UAC warning is shown. Do i need to change setting so it will
warn me with a password or Do i need to create a standard account in order
for UAC warning to ask for password? If Vista was preloaded or clean install
on computer it is standard account by default therefor if they put password
it will warn them with a password credentials when a UAC warning pop up. Is
this true?

GT wrote:
> I upgraded from XP to Window VIsta, when i upgrade there are no other
> account I'm the only Administrator and i put password but it does not
> ask me for a password when UAC warning is shown. Do i need to change
> setting so it will warn me with a password or Do i need to create a
> standard account in order for UAC warning to ask for password? If
> Vista was preloaded or clean install on computer it is standard
> account by default therefor if they put password it will warn them
> with a password credentials when a UAC warning pop up. Is this true?

You need to be logged in using a standard account to get prompted for a
password with UAC - in fact what you get prompted for are an admin level
username and this account's password.

are you saying that if a user is administrator with a password it will only
prompt without the password in UAC. so i will have two accout a
administrator account and a standard account. Do i need to put password on
the standard account or can i just leave it with blank?




"Robert Moir" wrote:

> GT wrote:
> > I upgraded from XP to Window VIsta, when i upgrade there are no other
> > account I'm the only Administrator and i put password but it does not
> > ask me for a password when UAC warning is shown. Do i need to change
> > setting so it will warn me with a password or Do i need to create a
> > standard account in order for UAC warning to ask for password? If
> > Vista was preloaded or clean install on computer it is standard
> > account by default therefor if they put password it will warn them
> > with a password credentials when a UAC warning pop up. Is this true?
>
> You need to be logged in using a standard account to get prompted for a
> password with UAC - in fact what you get prompted for are an admin level
> username and this account's password.
>
>
>

GT wrote:
> are you saying that if a user is administrator with a password it
> will only prompt without the password in UAC.

Yes. Think about it logically - you've already supplied the password, why
ask for it again? (Not entirely sure I agree with this myself, just
presenting the reasoning behind how this works...)

> so i will have two
> accout a administrator account and a standard account. Do i need to
> put password on the standard account or can i just leave it with
> blank?

Yep, 2 accounts. One admin with password and one standard without a password
will be fine, though frankly I myself always use passwords and wouldn't do
without.

"GT" <GT@discussions.microsoft.com> wrote

>I upgraded from XP to Window VIsta, when i upgrade there are no other
>account
> I'm the only Administrator and i put password but it does not ask me for a
> password when UAC warning is shown. Do i need to change setting so it will
> warn me with a password or Do i need to create a standard account in order
> for UAC warning to ask for password? If Vista was preloaded or clean
> install
> on computer it is standard account by default therefor if they put
> password
> it will warn them with a password credentials when a UAC warning pop up.
> Is
> this true?

Requiring a password (and it has to be the password for an admin level
account) on UAC prompts occurs in a Standard User account. For an admin
account, UAC asks for permission but no password needed since the account
that invoked it is an admin level account. See these articles about UAC

http://technet2.microsoft.com/Window....mspx?mfr=true

http://www.jimmah.com/vista/security/uac.aspx

--
Rock [MS-MVP User/Shell]

Not to disagree with Robert's fine advice, but if you do not put a password
on an account you had better make sure your computer is physically secure. In
other words, do not use blank passwords on computers that move about, like
laptops.

Hopefully, Robert's explanation of the rest of the question made sense. If
not, think of it this way:
When you log in as an administrator on Vista, by default, you are
essentially "half an admin." The operating system creates a token for your
user account that contains all the groups you are a member off. That token is
used to validate all access. In essence, it is a representation of you that
the OS uses to determine what you can do. However, it does not contain the
group Administrators (at least not in a way that grants you access to
anything) even though you are a member of that group. When you try to do
something that requires administrative privilege the OS detects that, and
also knows that you are actually a member of the Administrators group, so it
just asks whether you want to perform the operation. If you say yes, it
creates a copy of your token but with the Administrators group in it, and
then uses that token to perform the operation.

If you log in as a standard user, on the other hand, you cannot just add the
Administrators group to your token since you are not an administrator at all.
Therefore, when a standard user tries to perform an administrative operation
the OS asks for credentials (password) for an administrative user instead. If
you provide correct credentials the OS creates a brand new token for the
administrative user and then uses that token to perform the operation.

You can configure the prompt to behave certain ways using the Local Security
Policy tool. For instance, if you want all users to supply a password you can
configure it to ask for credentials for administrators as well.

Does that make any sense?

"Robert Moir" wrote:

> GT wrote:
> > are you saying that if a user is administrator with a password it
> > will only prompt without the password in UAC.
>
> Yes. Think about it logically - you've already supplied the password, why
> ask for it again? (Not entirely sure I agree with this myself, just
> presenting the reasoning behind how this works...)
>
> > so i will have two
> > accout a administrator account and a standard account. Do i need to
> > put password on the standard account or can i just leave it with
> > blank?
>
> Yep, 2 accounts. One admin with password and one standard without a password
> will be fine, though frankly I myself always use passwords and wouldn't do
> without.
>
>
>

Rock wrote:
> "GT" <GT@discussions.microsoft.com> wrote
>
>> I upgraded from XP to Window VIsta, when i upgrade there are no other
>> account
>> I'm the only Administrator and i put password but it does not ask me
>> for a
>> password when UAC warning is shown. Do i need to change setting so it
>> will
>> warn me with a password or Do i need to create a standard account in
>> order
>> for UAC warning to ask for password? If Vista was preloaded or clean
>> install
>> on computer it is standard account by default therefor if they put
>> password
>> it will warn them with a password credentials when a UAC warning pop
>> up. Is
>> this true?
>
> Requiring a password (and it has to be the password for an admin level
> account) on UAC prompts occurs in a Standard User account. For an admin
> account, UAC asks for permission but no password needed since the
> account that invoked it is an admin level account. See these articles
> about UAC
>
> http://technet2.microsoft.com/Window....mspx?mfr=true
>
>
> http://www.jimmah.com/vista/security/uac.aspx
>

That's the default setting. Following the first link provides info
about how to configure UAC to prompt for credentials, even for Admin.
Specifically, you can configure at as such:
• No prompt
• Prompt for credentials (this setting requires user name and password
input before an application or task will run as elevated, and is the
default for standard users)
• Prompt for consent (this is the default setting for administrators only)

So it does seem that you can configure it such that Admin users must
enter their password to elevate.

D