Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Fresh Look at Vista's User Account Control

Posted by ryuzaki0 on from the let-me-in dept.

Art Grimm writes to mention a post at Ed Bott's Microsoft Report on ZDNet. There, he talks about Vista's User Account Control, and the issues he sees with the setup as it exists now. From the article: "The UAC prompts I depicted in the first post are those that appear when you install a program, when you run a program that requires access to sensitive locations, or when you configure a Windows setting that affects all users. But as many beta testers have discovered, UAC prompts can also show up when you perform seemingly innocent file operations on drives formatted using NTFS. In this post, I explain why these prompts appear and why some so-called Windows experts miss the obvious reason (and the obvious fix)."

12 of 332 comments (clear)

  1. How annoying by kimvette · · Score: 5, Informative

    Could they possibly make that "article" any more annoying? They'd have been better-served to turn it into a flash-animated slide show. I'm not going to click all the way through that thing.

    Either put it all on one or two pages (interspersed with ads if you must), or put it into a slide show if the article is written as a slide show.

    --
    The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    1. Re:How annoying by AKAImBatman · · Score: 5, Funny

      this one is like two sentences, a picture and a "more" button.

      I think he was trying to capture the "flavor" of Windows Vista. i.e. You'll be spending 90% of your time clicking...

      (Click Next to Continue)

      through...

      (Click Next to Continue)

      the dialog...

      (Click Next to Continue)

      boxes. Each one of...

      (Click Next to Continue)

      these boxes...

      (Click Next to Continue)

      will annoy you with something else...

      (Click Next to Continue)

      incredibly trivial.

      --
      Javascript + Nintendo DSi = DSiCade
    2. Re:How annoying by causality · · Score: 5, Insightful

      Sorry guys, I have karma to burn so take your moderator frustrations out on me if you must, but that moderation is bullshit (and damn do mods seem to dislike it when you point this out). Flamebait? What strong belief does it blatently attack in an attempt to start a verbal war? Try reading the FAQ you fucks. Articles like this are shit, and I am also not going to continue viewing this article because I do not wish to knowingly reward shit with ad revenue dollars -- yes, you see, there is a decision to make here involving voting with your feet and whether you wish or do not wish to reward something with real $$. Just think about the kind of traffic the Slashdot Effect generates for a site and its advertisers. Therefore, if anything, kimvette is doing me a favor, and I suspect I am not the only person who can say that. So anyway, it is likely that calling bullshit when I see it, in the only forum in which I can do so (seeing how I do not have mod points right now and there is no section here devoted to discussing this sort of thing) will cost me a few points, but oh well.

      Slashdot badly needs a way to moderate articles themselves, and "-1 Conflict of Interest" (for obvious attempts to drive traffic to sites that just happen to be ad-supported and also just happen to be owned by the person who submitted the article) and "-1 Excess Pagination" need to be two of the categories. I'm not even going to mention dupes.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    3. Re:How annoying by oringo · · Score: 5, Funny

      You took this wrong, mate. The author is a genius and he's giving you a preview of how annoying the Vista UAC is going to be through a web simulation!

  2. This is not a good approach by jawtheshark · · Score: 5, Insightful
    Franky... Nobody is "Administrator" of the machine anymore? (Administrators Group is not enough) Really? So essentially, they reduced the "Administrators" groups to "Well, you can admin, but you have to know what you do, and we'll annoy the hell out fo you".

    The whole point of Administrator is that you know what you do and you can Admin a machine securely. I know Joe Sixpack doesn't know how to, but doing this will put Admins all over the world in the place of "Limited User". In the end our Dear Joe Sixpack will just click and click until the task is done anyway. He will be frustrated and will get spyware anyway.

    What we need is the equivalent of a Car Mechanic for administration. You call your mechanic and he'll do the maintenance for a fee. Frankly, it's the only way for home users.

    Oh, and those that say that you can't run in Limited User on XP (as in the fine article is stated) are completely ignorant. I'm running Limited right now, and I have no problem. Granted, I have to set the ACLs on both directories and registry settings, but it's never been very hard. The only program I've never been able to run as non-admin is a game called "Children Of The Nile", and I still don't know how to run it as a Limited User. The user that needed it got the "Run As" option checked in the shortcut. Sure she has Admin access that way, but she's my sister and knows that she shouldn't run Admin.

    No, all problems are just the cause of the legacy of poor security in the past. Nagging dialogboxes won't help.

    --
    Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
    1. Re:This is not a good approach by Gnavpot · · Score: 5, Informative
      Tell me how to get Monsters Inc. Scream Team Training to run on a non-admin account without me manually entering an admin pw into Run As... every time and I'll be unbelievably grateful.
      If you are on XP Pro (not XP Home), you should look into the '/savecred' option for the command line version of RunAs.

      First time a program is started with 'runas /savecred /user:administrator', you will be prompted for the administrator password. The next time this command is used to start the program, XP will remember that this user is allowed to run the program with administrator priviledges and will not ask for a password. To make things a little more convenient and self-explanatory, you can put the command into a .bat file, make a shortcut to the .bat file and select the program's icon for the shortcut.

      It is certainly not a perfect solution, but it can solve some problems.

      However, you should not use this solution if you don't trust the user. I am almost certain that the program can be replaced with another program with the same name without revoking the priviledges.
    2. Re:This is not a good approach by laplandsix · · Score: 5, Informative

      Right click the shortcut and prepend the following:

      C:\WINDOWS\system32\runas.exe /savecred /user:administrator
      The first time you run the app it'll prompt you for the admin password (in an UGLY ass dos box) after that it'll run with no prompting. Honestly, this isn't rocket science. Not quite as slick as suid, but it works. Until you change the admin password of course.

      --
      Free The Lapland Six!!!
      http://www.whatiwore.com
      What I wore, now with 100% more pool project!
  3. Well, it figures by Giant+Ape+Skeleton · · Score: 5, Funny

    With more and more people using Firefox, all those popups had to go somewhere...

    --
    The difference between stupidity and genius is that genius has its limits.
  4. I wish they would fix XP's account control by Oldsmobile · · Score: 5, Insightful

    I wish they would work a bit on account control on WinXP, it is a total disaster. I WANT to use my computer as a limited user, but when I need to do something in Administrator, I shouldn't be bothered to switch users. Why oh why can't they just make it so that is asks for the admin password like with every other goddamned OS!?!

    Vista is nice and all that, but how about fixing XP first!!!!

    --
    Some say he is made with ascii, others that he is eyeballed daily by millions. All we know is, he is known as the Sig
  5. Windows experts? by Anonymous Coward · · Score: 5, Funny

    "I explain why these prompts appear and why some so-called Windows experts miss the obvious reason (and the obvious fix)."

    Well, good thing MS targets this OS exclusively to Windows experts. What utter fools we've all been for assuming this would effect our non-expert friends and families!

  6. No one says that you cannot. by khasim · · Score: 5, Insightful
    Oh, and those that say that you can't run in Limited User on XP (as in the fine article is stated) are completely ignorant.
    What the article actually said was:
    When you use Windows XP, you are almost certainly using an account that belongs to the Administrators group. (The challenges of running as a Limited user in XP are well documented.)
    What was that about "ignorant"?
    Granted, I have to set the ACLs on both directories and registry settings, but it's never been very hard.
    Go ahead and ask 100 people on the street whether they use Windows and whether they know what an ACL is and how to change it.

    Running as a Limited User is not impossible.

    It just requires spending a LOT of time and effort to LEARN how to do so ...

    and that pre-supposes that the person understands the risk of running as Administrator.

    So, someone has to already be aware of the threat ...
    Then that person has to choose to try to avoid that threat ...
    Then, then that person has to spend time becoming further educated ...
    Then, then, then that person has to spend time fixing the ACL's and such.

    Or just choose to run as Administrator and all those problems go away (and you get new problems, but all your apps run).
  7. Obvious choices by Smorkin'+Labbit · · Score: 5, Insightful

    I like the options "Continue" / "Skip" / "Cancel". Very obvious for a normal user what the difference between Skip & Cancel is ;-)