• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Bypassing User Account Control dialog window

B

Barney Katz

#1
User Account Control asks for permission each time I load an "unidentified
program", no matter how many times I load it. Is there a way to bypass this
message so the program loads normally? In other words, can Vista be
instructed to trust certain programs so it doesn't need to ask permission to
load them?

Thank you.

Barney
 
R
#2
"Barney Katz" <mechanic123NOSPAM@mindspring.com> wrote
> User Account Control asks for permission each time I load an "unidentified
> program", no matter how many times I load it. Is there a way to bypass
> this message so the program loads normally? In other words, can Vista be
> instructed to trust certain programs so it doesn't need to ask permission
> to load them?


No, it can be set selectively, it's all or none. Ask yourself why does that
program need admin credentials, is there another program that can do the
same thing that doesn't, is there an update to it that removes this need.

--
Rock [MS-MVP User/Shell]
 
B

Brian Meyers

#3

> No, it can be set selectively, it's all or none. Ask yourself why does that
> program need admin credentials, is there another program that can do the
> same thing that doesn't, is there an update to it that removes this need.
>
> --
> Rock [MS-MVP User/Shell]
>
>

This is the most annoying thing I have found while using Vista. What go does
it do? All it does is make it more time consuming to load programs. Shouldn't
it be able to comprehend that if I am installing a program that I really want
to install it? This is one feature that should be x-ed out.
 
F

Frank Saunders, MS-MVP OE/WM

#4
"Brian Meyers" <Brian Meyers@discussions.microsoft.com> wrote in message
news:60EF9DC2-50CD-4928-A912-43E53E6BEF42@microsoft.com...
>
>> No, it can be set selectively, it's all or none. Ask yourself why does
>> that
>> program need admin credentials, is there another program that can do the
>> same thing that doesn't, is there an update to it that removes this need.
>>
>> --
>> Rock [MS-MVP User/Shell]
>>
>>

> This is the most annoying thing I have found while using Vista. What go
> does
> it do? All it does is make it more time consuming to load programs.
> Shouldn't
> it be able to comprehend that if I am installing a program that I really
> want
> to install it? This is one feature that should be x-ed out.


No, it can't tell whether it's you or some malware from the net. It really
doesn't take long to get used to. I'm getting to like it.

--
Frank Saunders, MS-MVP OE/WM
http://www.fjsmjs.com
Answer in newsgroup. Don't expect an answer to email.
 
#5
"Barney Katz" <mechanic123NOSPAM@mindspring.com> wrote


No, it can be set selectively, it's all or none. Ask yourself why does that
program need admin credentials, is there another program that can do the
same thing that doesn't, is there an update to it that removes this need.

--
Rock [MS-MVP User/Shell]

MS have completely missed the target with UAC and its so easy to fix.

Every time UAC prevents a program from running it should offer the option of adding the program to a
Trusted list. You would need to enter your user id and password to get the program added.

for example programs that the user has installed that run at start-up, causing UAC to pop up each and
every time the pc is booted. there are literally hundreds of Trusted programs that do this because they
aren't digitally signed and never will be

Otherwise the average user is going get so brainwashed into just allowing every UAC pop-up that crops
up, which will completely defeat the purpose of UAC


I think MS have watched Tron to many times and thought having a MCP is great idea.
 
D

Dave Wood [MS]

#6
No, the problem with this is that if certain administrative programs can be
launched without prompting, then a piece of malware on the system which
doesn't have admin rights could also launch these programs. And that way it
could effectively gain the ability to perform admin-only operations. To
correctly enforce separation of privileges requires the elevation prompting
every time.

I agree with Frank in that it's worth persevering with, and I personally
like the fact that I get to authorize when any program is going to run that
might change global settings on my computer. Ultimately the goal is to put
the user in control and not the malware - even if we have a way to go before
we completely get there.

Dave Wood

>
> MS have completely missed the target with UAC and its so easy to fix.
>
> Every time UAC prevents a program from running it should offer the
> option of adding the program to a
> Trusted list. You would need to enter your user id and password to get
> the program added.
>
> for example programs that the user has installed that run at start-up,
> causing UAC to pop up each and
> every time the pc is booted. there are literally hundreds of Trusted
> programs that do this because they
> aren't digitally signed and never will be
>
> Otherwise the average user is going get so brainwashed into just
> allowing every UAC pop-up that crops
> up, which will completely defeat the purpose of UAC
>
> I think MS have watched Tron to many times and thought having a MCP is
> great idea.
>
>
> --
> cerveau
 
R
#7
"Brian Meyers" <Brian Meyers@discussions.microsoft.com> wrote
>> No, it can be set selectively, it's all or none. Ask yourself why does
>> that
>> program need admin credentials, is there another program that can do the
>> same thing that doesn't, is there an update to it that removes this need.


> This is the most annoying thing I have found while using Vista. What go
> does
> it do? All it does is make it more time consuming to load programs.
> Shouldn't
> it be able to comprehend that if I am installing a program that I really
> want
> to install it? This is one feature that should be x-ed out.


I'm sorry, but I don't see it that way. I see it as giving me control.
Each time a program runs wants admin privileges I decide if I want it to
run. I don't want some malware hooking into a pre-approved program and
doing what it wants.

Many of these programs don't really need admin privileges or could be coded
to not use it. For example several XP based programs have update utilities
that want to install themselves as a startup program through the Run key in
the registry, and asks for admin privileges. All these things do is hop
online to check if there is an update. This is absolutely silly. Firstly
there is no reason to check at startup up every time the computer is booted.
Second there is no reason it needs admin privileges. If an update is found
then it could possibly need admin privileges for the installation but that's
a different issue. Apps properly coded for Vista will not have this.

So go back to the initial questions. Why does this app have to run at
startup, why does it need admin privileges, is there an update for it or a
different, properly coded app that doesn't need admin privileges.

I want control over what runs and when. I don't want to give permission in
advance and then _assume_ every time it runs everything is just fine. Vista
doesn't care what the app does, it only cares to know your intent each time.
And that intent can't effectively be given in advance.

I have none of these apps asking for admin permissions running at startup.
The only thing that does this is msconfig if I make a change using it, and
then that can be handled at the first startup after the changes are made.
So it's not much of an imposition here.

--
Rock [MS-MVP User/Shell]
 
#8
"Brian Meyers" <Brian Meyers@discussions.microsoft.com> wrote
>> No, it can be set selectively, it's all or none. Ask yourself why does
>> that
>> program need admin credentials, is there another program that can do the
>> same thing that doesn't, is there an update to it that removes this need.


> This is the most annoying thing I have found while using Vista. What go
> does
> it do? All it does is make it more time consuming to load programs.
> Shouldn't
> it be able to comprehend that if I am installing a program that I really
> want
> to install it? This is one feature that should be x-ed out.


I'm sorry, but I don't see it that way. I see it as giving me control.
Each time a program runs wants admin privileges I decide if I want it to
run. I don't want some malware hooking into a pre-approved program and
doing what it wants.

Many of these programs don't really need admin privileges or could be coded
to not use it. For example several XP based programs have update utilities
that want to install themselves as a startup program through the Run key in
the registry, and asks for admin privileges. All these things do is hop
online to check if there is an update. This is absolutely silly. Firstly
there is no reason to check at startup up every time the computer is booted.
Second there is no reason it needs admin privileges. If an update is found
then it could possibly need admin privileges for the installation but that's
a different issue. Apps properly coded for Vista will not have this.

So go back to the initial questions. Why does this app have to run at
startup, why does it need admin privileges, is there an update for it or a
different, properly coded app that doesn't need admin privileges.

I want control over what runs and when. I don't want to give permission in
advance and then _assume_ every time it runs everything is just fine. Vista
doesn't care what the app does, it only cares to know your intent each time.
And that intent can't effectively be given in advance.

I have none of these apps asking for admin permissions running at startup.
The only thing that does this is msconfig if I make a change using it, and
then that can be handled at the first startup after the changes are made.
So it's not much of an imposition here.

--
Rock [MS-MVP User/Shell]

I understand your point of view, but what if a piece of malware has already hooked into a program?
having that program pre-approved or manually clicking the UAC pop-up to allow it to run wont make any
difference to the malware, ie either way the user is going to click the UAC pop up because they want to
run that program.

The UAC is just adding another step into the process of Running a program, the program will still be run
and if there is Malware present it will run also. The only difference is that UAC makes the user go through
an extra step each time, which when happens on every bootup, when the user is clicking 2 or 3 UACS to
just to get required programs running will make for an unpleasant vista experience forcing the user to
switch off UAC altogether.

Admittedly though all that MS needs to do is on this problem is to wait it out, because eventually all those
old pre-vista programs that are activating UAC will be updated or replaced with new ones which wont,
eliminating the problem all together.
 
B

Brent Wherry

#9
I agree. What I would really like is to be able to authorize programs once
and have UAC acknowledge my consent.

The current design is very user unfriendly (arrogant even?)

I don't like doing it but I'm having to switch UAC off. Microsoft might
consider putting useability in front of their tedious and not very effective
security policies.

"Barney Katz" wrote:

> User Account Control asks for permission each time I load an "unidentified
> program", no matter how many times I load it. Is there a way to bypass this
> message so the program loads normally? In other words, can Vista be
> instructed to trust certain programs so it doesn't need to ask permission to
> load them?
>
> Thank you.
>
> Barney
>
 
J

Jupiter Jones [MVP]

#10
"...but what if a piece of malware..."
Have you started the program or did the program start itself?
If the first, you know you want it.
If the second, you have something to be suspicious about.
"...either way the user is going to click..."
I don't and nobody should.
The few times I get UAC messages, I look to see what is causing it.
So far it has already been legitimate.


"...because eventually all those old pre-vista programs..."
Are you sure?
And how much time will that take?
Some programs still have not made the necessary changes to properly
run in Windows XP, and it has been over 5 years.
Intuit makes some that are a constant thorn in the side of security
conscious, particularly those in financial businesses.
Waiting it out is not a practical option if safe computing is an
issue.

"The UAC is just adding another step"
I call it "Layered security"
Malware is very sophisticated and many layers are necessary for
maximum security.

If simplicity is paramount, I can only see two solutions:
1. Power off and pack up the computer and never power on.
2. Almost as good, Clean Install and never install anything from any
source.
Use no CDs, DVDs, floppies, thumb drives etc as those are a source of
malware.

UAC was never intended to protect against everything but it goes a
step into helping the user identify what is happening and thus offer
more control.
People need to learn safe computing.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


"cerveau" <cerveau.2p8hpf@no-mx.forums.net> wrote in message
news:cerveau.2p8hpf@no-mx.forums.net...
> I understand your point of view, but what if a piece of malware has
> already hooked into a program?
> having that program pre-approved or manually clicking the UAC pop-up
> to
> allow it to run wont make any
> difference to the malware, ie either way the user is going to click
> the
> UAC pop up because they want to
> run that program.
>
> The UAC is just adding another step into the process of Running a
> program, the program will still be run
> and if there is Malware present it will run also. The only
> difference
> is that UAC makes the user go through
> an extra step each time, which when happens on every bootup, when
> the
> user is clicking 2 or 3 UACS to
> just get required programs running will make for an unpleasant vista
> experience forcing the user to switch
> off UAC altogether.
>
> Admittedly though all that MS needs to do is on this problem is to
> wait
> it out, because eventually all those
> old pre-vista programs that are activating UAC will be updated or
> replaced with news ones which wont,
> eliminating the problem all together.
>
>
> --
> cerveau
 
#11
Jupiter Jones [MVP];277553 said:
"...but what if a piece of malware..."
Have you started the program or did the program start itself?
If the first, you know you want it.
If the second, you have something to be suspicious about.
"...either way the user is going to click..."
I don't and nobody should.
The few times I get UAC messages, I look to see what is causing it.
So far it has already been legitimate.


"...because eventually all those old pre-vista programs..."
Are you sure?
And how much time will that take?
Some programs still have not made the necessary changes to properly
run in Windows XP, and it has been over 5 years.
Intuit makes some that are a constant thorn in the side of security
conscious, particularly those in financial businesses.
Waiting it out is not a practical option if safe computing is an
issue.

"The UAC is just adding another step"
I call it "Layered security"
Malware is very sophisticated and many layers are necessary for
maximum security.

If simplicity is paramount, I can only see two solutions:
1. Power off and pack up the computer and never power on.
2. Almost as good, Clean Install and never install anything from any
source.
Use no CDs, DVDs, floppies, thumb drives etc as those are a source of
malware.

UAC was never intended to protect against everything but it goes a
step into helping the user identify what is happening and thus offer
more control.
People need to learn safe computing.

--
Jupiter Jones [MVP]
Dan-De-Mar
Welcome to DTS-L.org


"cerveau" <cerveau.2p8hpf@no-mx.forums.net> wrote in message
news:cerveau.2p8hpf@no-mx.forums.net...
> I understand your point of view, but what if a piece of malware has
> already hooked into a program?
> having that program pre-approved or manually clicking the UAC pop-up
> to
> allow it to run wont make any
> difference to the malware, ie either way the user is going to click
> the
> UAC pop up because they want to
> run that program.
>
> The UAC is just adding another step into the process of Running a
> program, the program will still be run
> and if there is Malware present it will run also. The only
> difference
> is that UAC makes the user go through
> an extra step each time, which when happens on every bootup, when
> the
> user is clicking 2 or 3 UACS to
> just get required programs running will make for an unpleasant vista
> experience forcing the user to switch
> off UAC altogether.
>
> Admittedly though all that MS needs to do is on this problem is to
> wait
> it out, because eventually all those
> old pre-vista programs that are activating UAC will be updated or
> replaced with news ones which wont,
> eliminating the problem all together.
>
>
> --
> cerveau

" If the first, you know you want it.
If the second, you have something to be suspicious about.
"...either way the user is going to click..."

Precisely, If you start the program then UAC should not confront you with a Pop up
because that pop up is going to be clicked everytime 100%. Sure let UAC check it,
and stop you if it finds something otherwise the user decision to run a program is
the users responsibility - it always has been. Having UAC stopping you doing something
which you need to do, every time you try to do it. Is not Security, its just a step backwards
in User Interface functionality.

All my comments have been towards UAC interfering when the user starts a program or
when a user specifies it to run at startup, not when a program starts itself. When a
program starts itself with no user input or not part of a user actioned entry into the
start-up then UAC should stop that program running

You may only get a few UACS pop-ups so it doesnt bother you, It wouldnt bother me either.
UACs that are making a Users experience a miserable constant Stop Start action in Productivity,
then that UAC is destined to be switched off.
 
J

Jupiter Jones [MVP]

#12
"...either way the user is going to click..."
That is a quote of you, not me.
Then you justify as if I said it and I did not, you did:
"Precisely, If you start the program"

"because that pop up is going to be clicked every time 100%"
Not sure what you mean.
Of course it will be clicked to allow or deny the action.
However if you think everyone will click accept 100% of the time,
every time, you are WRONG.
Perhaps you think all users will simply click without ever making an
effort to learn, but I believe people are capable and willing to
learn.

"If you start the program..."
Please explain how Windows knows what or who started the program.

"UACs that are making a Users experience a miserable constant Stop
Start"
Then they need look at updating/patching their programs to programs
written with the safety of the computer in mind.
This is a problem with the program and not UAC.

UAC will be good for many and goes a good step to protecting
computers.
Those that feel otherwise are free to turn UAC off, it is very easy
for that reason.
They may to occasionally need to turn it on for a program that
requires UAC.

--
Jupiter Jones [MVP]
http://www3.telus.net/dandemar
http://www.dts-l.org


"cerveau" <cerveau.2pattt@no-mx.forums.net> wrote in message
news:cerveau.2pattt@no-mx.forums.net...
> " If the first, you know you want it.
> If the second, you have something to be suspicious about.
> "...either way the user is going to click..."
>
> Precisely, If you start the program then UAC should not confront you
> with a Pop up
> because that pop up is going to be clicked everytime 100%. Sure let
> UAC
> check it,
> and stop you if it finds something otherwise the user decision to
> run a
> program is
> the users responsibility - it always has been. Having UAC stopping
> you
> doing something
> which you need to do, every time you try to do it. Is not Security,
> its
> just a step backwards
> in User Interface functionality.
>
> All my comments have been towards UAC interfering when the user
> starts
> a program or
> when a user specifies it to run at startup, not when a program
> starts
> itself. When a
> program starts itself with no user input or not part of a user
> actioned
> entry into the
> start-up then UAC should stop that program running
>
> You may only get a few UACS pop-ups so it doesnt bother you, It
> wouldnt
> bother me either.
> UACs that are making a Users experience a miserable constant Stop
> Start
> action in Productivity,
> then that UAC is destined to be switched off.
>
>
> --
> cerveau
 
R
#13
"cerveau" <cerveau.2pattt@no-mx.forums.net> wrote in message
news:cerveau.2pattt@no-mx.forums.net...
>
> 'Jupiter Jones [MVP Wrote:
>> ;277553']"...but what if a piece of malware..."
>> Have you started the program or did the program start itself?
>> If the first, you know you want it.
>> If the second, you have something to be suspicious about.
>> "...either way the user is going to click..."
>> I don't and nobody should.
>> The few times I get UAC messages, I look to see what is causing it.
>> So far it has already been legitimate.
>>
>>
>> "...because eventually all those old pre-vista programs..."
>> Are you sure?
>> And how much time will that take?
>> Some programs still have not made the necessary changes to properly
>> run in Windows XP, and it has been over 5 years.
>> Intuit makes some that are a constant thorn in the side of security
>> conscious, particularly those in financial businesses.
>> Waiting it out is not a practical option if safe computing is an
>> issue.
>>
>> "The UAC is just adding another step"
>> I call it "Layered security"
>> Malware is very sophisticated and many layers are necessary for
>> maximum security.
>>
>> If simplicity is paramount, I can only see two solutions:
>> 1. Power off and pack up the computer and never power on.
>> 2. Almost as good, Clean Install and never install anything from any
>> source.
>> Use no CDs, DVDs, floppies, thumb drives etc as those are a source of
>> malware.
>>
>> UAC was never intended to protect against everything but it goes a
>> step into helping the user identify what is happening and thus offer
>> more control.
>> People need to learn safe computing.
>>
>> --
>> Jupiter Jones [MVP]
>> 'Dan-De-Mar' (http://www3.telus.net/dandemar)
>> 'Welcome to DTS-L.org' (http://www.dts-l.org)
>>
>>
>> "cerveau" <cerveau.2p8hpf@no-mx.forums.net> wrote in message
>> news:cerveau.2p8hpf@no-mx.forums.net...
>> > I understand your point of view, but what if a piece of malware has
>> > already hooked into a program?
>> > having that program pre-approved or manually clicking the UAC pop-up
>> > to
>> > allow it to run wont make any
>> > difference to the malware, ie either way the user is going to click
>> > the
>> > UAC pop up because they want to
>> > run that program.
>> >
>> > The UAC is just adding another step into the process of Running a
>> > program, the program will still be run
>> > and if there is Malware present it will run also. The only
>> > difference
>> > is that UAC makes the user go through
>> > an extra step each time, which when happens on every bootup, when
>> > the
>> > user is clicking 2 or 3 UACS to
>> > just get required programs running will make for an unpleasant vista
>> > experience forcing the user to switch
>> > off UAC altogether.
>> >
>> > Admittedly though all that MS needs to do is on this problem is to
>> > wait
>> > it out, because eventually all those
>> > old pre-vista programs that are activating UAC will be updated or
>> > replaced with news ones which wont,
>> > eliminating the problem all together.
>> >
>> >
>> > --
>> > cerveau

>
>
> " If the first, you know you want it.
> If the second, you have something to be suspicious about.
> "...either way the user is going to click..."
>
> Precisely, If you start the program then UAC should not confront you
> with a Pop up
> because that pop up is going to be clicked everytime 100%. Sure let UAC
> check it,
> and stop you if it finds something otherwise the user decision to run a
> program is
> the users responsibility - it always has been. Having UAC stopping you
> doing something
> which you need to do, every time you try to do it. Is not Security, its
> just a step backwards
> in User Interface functionality.
>
> All my comments have been towards UAC interfering when the user starts
> a program or
> when a user specifies it to run at startup, not when a program starts
> itself. When a
> program starts itself with no user input or not part of a user actioned
> entry into the
> start-up then UAC should stop that program running
>
> You may only get a few UACS pop-ups so it doesnt bother you, It wouldnt
> bother me either.
> UACs that are making a Users experience a miserable constant Stop Start
> action in Productivity,
> then that UAC is destined to be switched off.


You are missing the point. There is no way for the OS to know who or what
started the program. That's why it asks for the OP to give explicit
permission whenever a program that wants admin privileges wants to run. UAC
is not a malware scanner, nor can it fathom all the possible outcomes from
running a program. It doesn't care what the program does, only that you
intended for it to run. That intention can't be known beforehand. The OS
is merely giving you control over what runs.

--
Rock [MS-MVP User/Shell]
 
#14
Jupiter Jones [MVP];278833 said:
"...either way the user is going to click..."
That is a quote of you, not me.
Then you justify as if I said it and I did not, you did:
"Precisely, If you start the program"

"because that pop up is going to be clicked every time 100%"
Not sure what you mean.
Of course it will be clicked to allow or deny the action.
However if you think everyone will click accept 100% of the time,
every time, you are WRONG.
Perhaps you think all users will simply click without ever making an
effort to learn, but I believe people are capable and willing to
learn.

"If you start the program..."
Please explain how Windows knows what or who started the program.

"UACs that are making a Users experience a miserable constant Stop
Start"
Then they need look at updating/patching their programs to programs
written with the safety of the computer in mind.
This is a problem with the program and not UAC.

UAC will be good for many and goes a good step to protecting
computers.
Those that feel otherwise are free to turn UAC off, it is very easy
for that reason.
They may to occasionally need to turn it on for a program that
requires UAC.

--
Jupiter Jones [MVP]
Dan-De-Mar
Welcome to DTS-L.org

Apologies for the mis-quote, it was my sloppy copying and pasting, I meant just to quote:

" If the second, you have something to be suspicious about"



But to answer your question about my statement:

"because that pop up is going to be clicked every time 100%"



It refers to my very first post on this thread, where I said the following :

"Otherwise the average user is going get so brainwashed into just allowing every UAC pop-up
that crops up, which will completely defeat the purpose of UAC"


The key words there are "Average User", I work in IT, I support over 300 people on a daily basis,
All the ones that call me up, never read the messages that pop up in front of them. I know this
because when I ask them what the error message said, they always reply:

"I didnt read it, I just pressed the OK button"

So when the UAC pops up in front of them, I know they will always press the "Allow" button
and not bother to read anything else. It could be remarked that it is a failing on my part
that I do not instruct users correctly and that they shouldnt be clicking OK to any message
without reading it. I have worked in IT support for over 15 Years, I know that despite repeated
instructions and training users do not always learn and carry on making the same mistakes
over and over ie pressing ok to messages without reading them first.


In response to your comment :

"Please explain how Windows knows what or who started the program."

If I knew this answer I wouldn't be working in IT Support, I would be a programer. I am an end user
using a Microsoft product, and as such I am voicing my opinion on how to change UAC to make the End
Users Windows experience a more productive one. It is MS responsibility to know how to code UAC so
that it knows who started a program. ie did that program just start with user sanctioned user id and
password, or did malware try to run it.


In response to your comment :

"Then they need look at updating/patching their programs to programs
written with the safety of the computer in mind."

Again I refer you to my first post, where I said :

"there are literally hundreds of Trusted programs that do this because they
aren't digitally signed and never will be"

I will add, that for some programs, updates will never be produced, and that if someone buys Vista,
You are advocating that they will in all likelyhood will also have to then purchase replacements for
applications that had worked perfectly well under XP. This scenario was never mentioned in the Vista
Upgrade Advisor report I ran, it never highlighted any of the programs that are now falling foul of the
UAC.


I concede the point that 100% of average users wont automatically press "Allow", but I maintain that a
very large percentage of them will get so brainwashed into Allowing UAC pop-ups, it will defeat the
purpose of UAC. ie they wont bother read to whats in front of them. I find it amusing that you say this
wont happen and that the pop-ups will be read, when in fact you demonstrated the very phenomenon I
was illustrating ie by not reading what was in front of you in the form of my earlier posts. If you had read
them, I wouldn't have to answer your questions by referring you back to them.
 
Last edited: