none
I'd like to understand the new UAC

    Question

  • Hello.
     
    I see potential for good things with the new UAC, but I want to understand what's happening under the hood.

    Is an administrator still running without privileges until they accept the UAC prompt?  If so, is changing the UAC level actually changing what does and does not require privilege elevation in the system?  Or is it silently granting admin rights without requiring a prompt?

    Thanks.
    Monday, January 12, 2009 3:28 PM

Answers

  • The premise behind is effectively the same as Vista. The only difference in the new default level is when you get prompted. With Vista this used to be (again, default levels - same Vista-equivalent level is available in Win7) on basically anything. With 7, some of those requests are auto-approved depending on how minor they are and how recently you approved a similar action.

    More detail - http://blogs.msdn.com/e7/archive/2008/10/08/user-account-control.aspx
    Monday, January 12, 2009 4:15 PM

All replies

  • The premise behind is effectively the same as Vista. The only difference in the new default level is when you get prompted. With Vista this used to be (again, default levels - same Vista-equivalent level is available in Win7) on basically anything. With 7, some of those requests are auto-approved depending on how minor they are and how recently you approved a similar action.

    More detail - http://blogs.msdn.com/e7/archive/2008/10/08/user-account-control.aspx
    Monday, January 12, 2009 4:15 PM
  • Okay, thank you.

    I'm a fan of that sudo-like structure so I'm glad it didn't go away.  I'm not sure how I feel about auto-approval, but given how many people just turn UAC off altogether out of annoyance maybe it will help.
    Monday, January 12, 2009 4:32 PM
  • I'd really like to see the installer informing us of the fact that one is creating a Admin account during install, and then the installer should then ask the user to create a normal user account right after creation of the admin account.
    When I installed Win7 the other day, I was asked to create a user account username and password during the install process. I was given no indication that I was in fact creating the Admin account. Everyone will be creating the asked for account, which is an admin account, and they will be logging into that account for everyday use. This is very insecure.
    During install, I believe that the installer should inform users that the first account they are creating is the Administrator account, only to be used ( logged into ) for updating or changing system files and configurations, and should only be used for major configuration changes, and even then preferably offline. After the installer has created this Admin account, I believe that the installer should then present the user with a screen to create their normal user account, with the explanation that this should be their everyday use account, as it will now be much harder for system files to be accidentally changed or deleted by mistake, or malware, rogue applications, or poorly written application installers.
    After complete Win7 install, and during all subsequent boots, at the login screen, the user should only be presented with the normal ( limited user ) log in accounts ( limited account user names ). The Admin account should be 'hidden' at the login screen unless specifically asked for by the person logging in.

    This would really help the average user to log into a good limited user account each time they log in, and would introduce/explain to users the difference between admin and user accounts as well as making it easiest for users to normally log into a limited user account for everyday use and working online.
    As users install new apps, the current Win7 UAC controls would ask for the Admin password, as it does now.

    By the way, you've done a fine job the UAC part, so far as I can see. Great Job ! And Thank You !

    Still, as it stands now, the installation procedure does not explain any of this, nor does it notify people that they are creating and logging into an Admin account, which is currently the only type of account the installer is asking people to create and log into. Not secure at all.
    Monday, January 12, 2009 11:37 PM
  • If I'm not mistaken, Admin accounts don't actually run as admin, until something which requires admin privileges runs, in which case a UAC window pops-up, unlike in XP where running as admin actually is insecure.

    A true admin account is also present unless that has been changed from XP/Vista to 7, and is called administrator, and is only visible when booting to safe mode.
    Tuesday, January 13, 2009 3:23 PM
  • DaBean said:

    If I'm not mistaken, Admin accounts don't actually run as admin, until something which requires admin privileges runs, in which case a UAC window pops-up, unlike in XP where running as admin actually is insecure.

    A true admin account is also present unless that has been changed from XP/Vista to 7, and is called administrator, and is only visible when booting to safe mode.


    Correct, mostly.

    In Vista (and probably 7, but I haven't checked), the administrator account, which doesn't run with UAC, is disabled by default.  One has to go into the management console and purposefully enable it.

    Thank you for your thoughts too, Bruce.  I think this has not been such an issue since XP because of what DaBean said... in theory.  However, the very same problem that you discussed resurfaces when users--or worse, technicians who ought to know better*--decide that the one extra click is too inconvenient and disable UAC.  We really do need education, though I don't know how we could do it in a way that users would read and take to heart.



    *It's bad enough when a Windows tech can't educate himself about how UAC works, but I don't ever, ever, EVER want to hear a *nix user who happily sudos everything complain about UAC. :-)
    Tuesday, January 13, 2009 6:34 PM
  • Thank You both for your replies. :)

     I understand that a system Admin account is already present and hidden, although I have mine showing on the login screen in WinXP, courtesy of TweakUI. Yet, still, under Control Panel, User Accounts, the account that is created during installation will show as an Admin account. To me, that indicates easy access to system files.
    So is the account we are creating during Win7 install really a Admin account ?, or something new ? And if that is the case, I wish they'd call it something else besides the Admin account.  I get confused so easily :(

    Please Keep in mind that I have 6 computers at home, 3 running various Linux Distros, One XP Pro box, a Vista laptop, and now this Win7 machine.
    Admin ( or root ) to me - means total access. Whether that be Linux, WinXP, or Vista, far as I knew...
    Wednesday, January 14, 2009 1:45 AM
  • @Sbattaglia,

    And I agree with your sig.   :)
    Wednesday, January 14, 2009 1:47 AM
  • Well, I was gonna blast my Win7 Beta with more work and a heavy load tonight, and see what developes.
    But I guess I am gonna have to spend my night reading up on what MS did wth these accounts... might have to redefine what an Admin account is...  with regards to MS Win7 anyways.
    grrrr

    Thanks for your replies.
    Wednesday, January 14, 2009 2:01 AM
  • Ahh, It's actually called the Protected Admin ( PA ) account.
    Wish they'd just called it what it is.. a SuperUser Account.

    Ok, Thanks oleg, for that link.  :)
    Wednesday, January 14, 2009 2:57 AM
  • Bruceslog said:

    Ahh, It's actually called the Protected Admin ( PA ) account.
    Wish they'd just called it what it is.. a SuperUser Account.

    Ok, Thanks oleg, for that link.  :)


    SuperUser or Root... that is an excellent way to look at it.  It really is a lot like *nix's user concept now, isn't it?
    Wednesday, January 14, 2009 1:12 PM
  • Yeah, I think with this slightly less annoying UAC 7 will be the most secure Windows OS in regards to the problems caused by that between the chair and desk.
    Wednesday, January 14, 2009 3:13 PM