locked
Turning off UAC RRS feed

  • General discussion

  • If you get tired, as a tester, of UAC, you can turn it off using MSCONFIG. Just fire up MSCONFIG.EXE, click the last tab, and then you can turn UAC off (and back on again). You do have to reboot for this change to take effect. Also, by default, you'll see a security warning in the System Tray (you can of course just hide the icon but you can not kill it).

    Naturally, turning of UAC can have security implications - so think VERY carefully before turning this off.
    Friday, June 2, 2006 12:52 PM

All replies

  • The goal of UAC is to protect users from them selfs - To many user work as administrators - when they shold not -

     

    Try and work as a user and let the uac warning protect your computer.

     

    Good security starts with a Plan - Think Security - limit administrator users

    use the run as when you need it.

     

    Jay

    Thursday, June 8, 2006 7:10 AM
  • I agree with JayTF.  If we do not use it, how is Microsoft suppost to make it better the the final release comes around.  If you feel that it shouldn't have popped up, file a bug report

    Jason

    Thursday, June 8, 2006 3:41 PM
  • The goal of the OS is to enable the user to do work and to be productive. UAC is a great idea, but has issues in Beta 2. I can't tell you how many hundred times I've had to click just to delete a folder full of files! It took several hours - ultimately it was faster to format and retreive the files I needed from backup.

    These forums are for IT Pros (not end users) and as such they should know to turn off  UAC when appropriate.
    Thursday, June 8, 2006 6:39 PM
  • At the London Reviewer's Workshop, this issue was discussed. MS has listened to the beta testerst and is aware that improvements need to be made.

    We'll see what this looks like in 3 months time or so when MS ships RC1 (or earlier if the fixes get into an earlier build).

    IT Pros still need to know how to turn it off when appropriate. Naturally, the advice to consider this carefully contiues to be sound.
    Thursday, June 8, 2006 6:42 PM
  • Did you try to use the good old command line

    rd topfolder /s /q

    ( or         rmdir topfolder /s /q )

    to purge all folders, sub-folders and files to see if the UAC will kick-in in your case?

    Friday, June 9, 2006 8:56 PM
  • I don't agree with turning it off, and any major changes Microsoft makes (besides some tweaks like improving the "screen darkening" it does) are just going to worsen the admin account problem. We've been running in a dangerous administrator environment for years, and while it can be argued that it's all Microsoft's fault to begin with, they now seem to be trying to reverse this mistake with UAC. I for one am enjoying the change even though it does take some getting used to and workarounds will have to exist during the transitory phase. However, just turning it off is going to just keep everybody local administrators and let malicious programs continue their dirty work. Teaching users not to click links or open rotten emails only goes so far; taking away their ability to install programs and make major changes to their OS is a step in the right direction.

    Believe me, I have always been infuritated by the complete ability to own and operate every bit and byte of my own computer. It's mine, I paid for it, I want complete control. (This of course precludes any work machine; my company owns that and for that UAC is the best darn invention out there. Users do not own company machines and therefore should not be able to completely modify the entire computer.) Even with this said, I am all for UAC and its cleaner ability to run as non-admin. Doing it in XP is too difficult, and the workarounds not clean enough. It can be done, but only for the most hardcore of security conscious people.

    Let's be honest, you need to be an administrator on your machine to set up hardware and install programs. Heck, you only need the rights to that, and UAC even will let you set up a machine as a Joe Schmoe (using an admin account when needed, which it graciously will prompt you for). After that, changes to your machine are infrequent enough that you can run as a non-admin all the time, and this is where we need to be at. I'm not saying UAC works perfectly; there are still quite a few things to work out (I'm still baffled at my inability to change a shortcut icon in Administrative tools; guess I need to be an admin to do that, but it's kind of overkill). Tossing the entire thing in the trash is not the answer, even for beta testing. All that's doing is ignoring the point of the control to begin with, and it is something we need to start getting used to right now.
    Friday, June 23, 2006 5:55 PM
  • I installed Zonealarm Pro on my sister's family computer.  They had no firewall and really needed one.  However, if any of you have used Zonealarm Pro, you know it can be annoying with it's regular pop-ups asking for permission to do something.  
    One day, I was at my sister's house and she was on the Internet and Zonealarm starting popping up it's permission widows.  Much to my horror, she wasn't even reading them.  She just clicked on "Allow", to get rid of them.  I had told her about the importance of a firewall, and she understood, but Zonealarm had become an annoyance to her.

    I guarantee, the same thing will happen with UAC.  People will stop reading the annoying windows and click right through them so they can get their task done.

    UAC might seem to be a good idea, but for the most part, it will fail, and/or people will just turn it off.

    Another note - as an IT professional I have been logging into Windows as an administrator for years.   I have never gotten a virus or any spyware infections. 
    I know how to protect my computer and what not to do.  Your average home user might benefit somewhat from UAC, but for an experienced  IT person / power user, this will just be an annoyance.

     

    Wednesday, June 28, 2006 12:31 AM
  • You are missing the point.

    1. USERS should not work as Admin.

    2. We should all work as users and only work as admin when we are doing Admin functions.

    3. If you can LEARN to work as a user your computer and network will be ALOT more secure.

    4. As a Security professional I have seen LOTS of network compromised via Administrators local computer with administrators who work all day reading mail, and doing NON Administrator work.

    If you were to be true to you self how much time do you really work as an administrator doing ADMIN work as compared to user work. If you are like most admins, it may be 20/80 with 20 being admin work. So to protect your computer and the network you are connected to 80% of the time, UAC is a good thing

     

    Malware has too easy of a time taking over your machine.  I can send you to 10 websites where the act of viewing the site can give you a rootkit.  Why are internet facing apps running as admin?

     

    Running with a normal (i.e. non-privileged) user account is a Good Thing. We can see this from experience gained by Microsoft’s customers operating managed desktops. Gartner report that the TCO per desktop is 40% lower with managed desktops – reduces helpdesk incidents, increase productivity and uptime. Essentially, by running with low privileges during normal operation, a host of potential problems are avoided.

     

    Enterprises are screaming for increased productivity, increased security, and therefore reducing TCO.

     

    30% of all enterprise customers are at 70% Standard User desktop

     

    In 5 years, the data says that 70% will be at 100% Standard User desktop

    I believe the data.  Every enterprise customer I have talked to in the last year is trying to move to a Standard user desktop

     

    ISV:  Running your app as Standard User means that your app isn’t the security hole

     

    Why isn’t everybody already running as Standard User?  Because it is too hard!  Or I am too lazy to click on Run as Administrator when needed.

     

    UAC aims to address this last point. Running as a standard user is an option today for tightly controlled corporate environments.

     

    However, it’s a non-starter in many environments, especially the home. UAC addresses many of the problems. Essentially, it enables the benefits of running as a standard user to be enjoyed in a far wider range of scenarios.

     

      Here are some Link to View

     

      Getting Started with UAC:   http://www.microsoft.com/technet/windowsvista/evaluate/feat/uaprot.mspx

     

    UAP Developer Guidelines:  http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnlong/html/AccProtVista.asp

       

     UAC Blog:  http://blogs.msdn.com/uac

     

    And for those who say I can not work if not logged in as Administrator

     

    Aaron’s Blog:  “Not running as administrator” http://blogs.msdn.com/Aaron_Margosis

     

    Microsoft's Plea: Don't Turn Off User Account Control http://www.eweek.com/article2/0,1895,1982420,00.asp

    Wednesday, June 28, 2006 9:37 AM
  • Jay, great links. The plea to not turn it off pretty much bunks this whole thread. Anyone who has doubts about its usefulness (or are running as admin on a Vista box) needs to read that article.

     UkonCornelias wrote:

    I guarantee, the same thing will happen with UAC. People will stop reading the annoying windows and click right through them so they can get their task done.


    If they aren't running as admins to begin with, this won't happen. Home users may not ever get the choice (unless Microsoft changes the standard set up of your computer) but in "the business" administrators should be setting up machines and forcing users to run on the box as a regular user. The biggest difference I see with UAC and user interpretation is that all a regular user will see is the box that says "you need admin access" when they try to install some stupid program and be required to input a password. They don't have it, so no installation for them. The quoted argument assumes they will all be admins on the box to begin with (and just click the "continue" button) but this is the scenario UAC is trying to avoid.

    The discussion was started from the IT professional's perspective: admins still running with higher privileges than they need and wanting to remove the UAC dialog box to begin with. Not only is this avoiding the problem, but it is skirting the point of beta testing. We are supposed to be using the Vista beta for testing, right? Again, the article Jay sent us is saying this in a very good way.
    Wednesday, June 28, 2006 5:44 PM
  • At JFinger's work, one of the services we offer our customers is to stage new IBM/Lenovo PCs for our customers, loading the PC up with software needed to run their business.  While we used to be an OEM, we now just do a few tweaks to the OS to make it skewed more towards what our customers expect.  We have done this since the early days of Windows 3.1.  Amazing.
    One of the main issues we are arguing - sorry, discussing - about is the UAC in Vista.

    While I can see the reasoning behind UAC by MS (responsibility now resides with the end-user and MIS departments rather than Redmond, and let's face it, that's what this is really about), I can tell you right here and now that our customers will really hate it and turn it off before they figure out what good it might do.   In fact, there is so much resistance to UAC by our internal staff and stagers that I am afraid they will disable UAC right out of the box in order to avoid lengthy support calls during and after installation.

    This is the main concern for our company - support calls.  The less calls we get about UAC, the less expensive it will be to run our business and have time to address our own software issues. 
    And yet if we don't turn off UAC during the staging process (which I don't recommend, but I have a feeling I will lose this battle), our customers absolutely will.  They will because it is annoying as heck, and in a network situation, where end-users are constantly using applications that talk to everything through a network (LAN and WAN and over the internet), UAC will only slow them down and cause problems because users will click OK everytime, all the time, making it meaningless anyway.  And if they click NO, then they will really screw things up, and this will, in turn, cause a support call.  It is a lose-lose situation by having UAC enabled, at least for the end-user and support organizations worldwide.
    For MS, however, it is great because they can now say "turn it on", and wipe their hands free from all responsibility.  That's cool, JFinger up with dat. But don't tell me it is the best thing that ever happened on an OS, that's just plain stupid.
    Friday, February 23, 2007 4:12 PM
  • I agree UAC just plain sucks..Sure if your a newbie and don't know your computer then I guess it could be ok but I've never had any spyware/viruses on any of my XP computers. But it so annoying...LOL..Why not just stop things thru the internet or something..I dunno but when I'm trying to run something that microsoft put into windows and its asking are you sure you want to do that after I just clicked on it....I mean come on...Lame!!! Owell I turned off UAC and its a little better but why did they change and move things around..Same things but just in different places...Again annoying..should of added things not moved things around to make it look like they did something..Owell my bosses told me too look at Vista to see how it would fit into our business in the future and so far I will highly recommend we stay away. I see this operating system causing more problems than anything.

    Also it doesn't work with Office XP (2002). When trying to run outlook it says I need outlook express 4.01 or higher to run it..LOL come on...can't run microsofts legacy apps?  Uhh yeah lets spend another $600 a system just to upgrade office of which maybe 1 person in our who org would need...another big minus!!

    Ok I'm done but I just can't believe this is there next operating system...I thought things were suppose to improve?? You know what this reminds me of...Windows ME but worse!! I wish theyy didn't install this in new computers or I would never even look at it again...But they do so I at least have to figure it out so when I get millions of support calls because the OS not spyware or viruses is causing problems I will know how to fix it...biggest fix..turn off UAC!!

    Wednesday, February 28, 2007 7:24 PM
  • Any One can say "I Do not care about security", "I can tell when I Have spyware", BUT here is the simple truth. When your computer crashes, you cannot work, you blame Microsoft. UAC is a way to reduce users from working as ADMINs. WE all should know that you work with least privilege access, BUT we do not, Companies hate support costs, Companies buy operating system, they said make it secure and MS heard the message. I have seen message posted here saying I would like to Install P2P software on my computer and make it secure! This is almost impossible, due to the way that most P2P software works.  Now working with Vista for the last 16 months I have to tell you 3-5 time a week I get UAC prompts and that not bad. Yes when I install new software I get prompted but no spyware, and my system is running much better that XP.  

     

    Let’s look at the history of PC software  

    The DOS and Windows 95/ 98 were great (no security)

    XP had some security

    XP/sp2 added additional security

    VISTA adds Lots more

    Think about this. IT’S A NEW operating system and you need to learn how to use NEW technology. If you want XP use XP, But VISTA is not XP it a leap ahead in the basic security model. Same happens with all software, but as up upgrade you software you need to upgrade you apps, that just the way it is.

     

    The UAC Model is as follows –

    A user works in VISTA as a Standard user, if that user does something that requires administrator privileges they get a prompt. If you are not an admin you get a Prompt. Just like XP.

    To continue type a administrator user name and password

     

    If you are an Administrator You get a Give you process an elevated privileges prompt where you grant security that Process only the rest of the OS keeps running at standard user mode.

     

    This is a very large difference in that in Vista only that Process is running in elevated mode.

    When you are in XP the full desktop is in elevated mode.

     

    In Windows Vista you will find that once you get beyond the setup phase on most systems, you can work just fine as a standard user.  The problem was what to do when the user needs to complete a task that does require the administrator privilege.  To address this need, we created a new capability in Windows Vista so that when a standard user tries to do something that requires the administrator privilege, the system prompts the user to have an administrator authorize the task by entering their credentials (or confirm the task if you are an administrator).

    Please review these articles to further understand UAC’s

     

    http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/23/security-features-vs-convenience.aspx

     

    http://windowsvistablog.com/blogs/windowsvista/archive/2007/01/25/accessible-uac-prompts.aspx

     

    Wednesday, February 28, 2007 9:45 PM
  • I lose all documents /settings when I turned off UAC. The document and setting do NOT come back again if I turn UAC on. This on a Windows 2003 domain laptop. The laptop is the only Vista computer on the domain. I am logged in  my domain account which has adminstrative rights on the laptop  as well as on the domain/domain computer. Are there any group policy which I need to set as part of adding a Vista Copmuter onto a Windows 2003 domain so that this behaviour is not repeated.. This problem is easily reproducible.

     

    Thursday, May 31, 2007 4:00 PM
  •  

    Too bad if the result is that a piece of software partially installs and you get a message Windows Installer cannot complete this task and exits.  Now you have software taking up disk space and registry space.  It won't run because a vital component is missing.  You can't uninstall it becasuse Windows Installer can't complete that task either since it is attempting to unregister a component it couldn't register in the first place. 

    Yeah great work!!!  Any suggestions???   Incidently the upgrade for the products won't install either since it tries to uninstall the the old version first.

    Tuesday, March 11, 2008 10:10 PM