Guest riix Posted August 14, 2008 Posted August 14, 2008 Hi all, I'm totally confused and wondering if I got this wrong or, after 2 decades of NT its still microsoft that's got this wrong. - I figure that better than UAC would be to run as Power User, and use the "Run As Administrator" when needed - which is often - Visual Studio, Event Viewer, IIS, SQL Server, etc. - so I enabled the Administrator id, turn off UAC (after all, won't need it anymore and might speed up this doggy), downgraded my id to 'PU' and try it out. - Boots and I log on (so far so good). Go to run VS - what? "Run As Administrator" is grayed out ??? so I google this and find out you gotta have UAC running to get this to work .. DUH Microsoft ??? what's the connection between these two concepts ?? - But ok, log on as Administrator, turn UAC back on, reboot and log on again as a 'PU' . OK, let's try VS again - "Run As Administrator" works ! and voila a (big) box pops up (what ever happened to respect for screen real estate?) and I have to select an id - it lists my PU id even if its not an administrator (so why??) but, anyhow, I select "Administrator", enter password and .. .. sure bloody enough it works - I'm now running VS as the "Administrator" id .. .. err ... you gotta be kidding right? Because I'm running as "Administrator" .. like I have the Administrator's (My) Document and preferences etc .. .. Unbeliveable - what's wrong with this picture Microsoft? I didn't want to run as the Administrator ID - I just wanted to run with Administrator RIGHTS - i.e., to be ethereally in the Administrators Group for the life of this single process !!!!! Jumping heck, I can't believe we've been with this since NT3 and Microsoft still don't seem to get it. Wouldn't this solve so many darn problems? Even to the point of making UAC unnecessary???? SO .. I'm bitterly disappointed in MS, in Vista. Back to being Administrator and the ever constant UAC nag. Or back to XP .. (anyone have XP64 experiences?) Or just give up, and jump over to Eclipse, Java and Linux .. -- riix Quote
Guest Ultimate User Posted August 14, 2008 Posted August 14, 2008 UAC is a complete must for your average day to day user as Vista is very easily seriously corruptible. Particular programs can save to protected system directories which could lead to complete system malfunction. As far as XP is concerned I feel the benefits gained by using such a great system like Vista by far outweighs a downgrading to XP because of a UAC prompt ? To learn a new operating system because of this would be obsurd, I have been using Linux for 14 years and still feel that I am an average user due to the complexity of the Unix based operating systems. -- Ultimate User Quote
Guest Mr. Arnold Posted August 14, 2008 Posted August 14, 2008 "riix" <guest@unknown-email.com> wrote in message news:916a34dd41239df1dc7665f27879e302@nntp-gateway.com...<span style="color:blue"> > > SO .. I'm bitterly disappointed in MS, in Vista. Back to being > Administrator and the ever constant UAC nag. ></span> http://news.softpedia.com/news/Admin-Appro...sta-45312.shtml <http://www.computerperformance.co.uk/vista/vista_administrator_activate.htm#Summary_of_Vista_Administrator_-_Super_User_(Hidden_Account)> Quote
Guest Steve Thackery Posted August 14, 2008 Posted August 14, 2008 Here's what to do: just make your normal user account an Administrator account, and re-enable UAC. You still run as a normal user, except that when elevation is required you just get a confirmation box, rather than the whole "Administrator's username and password" prompt. It takes one click of the mouse, or two key presses. And to be honest you give nothing away in terms of security, unless other people can get unauthorised access to your machine. Like you, I run a few programs that need elevation, and this is how I run my machine. It's great: whenever something that might affect the integrity or security of the OS is about to happen, UAC gives me a single "are you sure?" prompt. This should have been implemented years ago, to be honest. It's known as Administrator Approval mode, and is very low hassle. SteveT Quote
Guest riix Posted August 15, 2008 Posted August 15, 2008 To all that replied - thanks for your comments and no disrespect intended please, but seems we missed the issues: 1) when attempting to run as a Power User, the "RunAs Administrator" seems to be completely wrong in concept, yet has been around since .. NT3? Can this really be? Or am I totally not understanding how its supposed to work? 2) Why does disabling UAC also disable "RunAs.." - again: these are totally different concepts, why are they coupled? 3) UAC is _not_ a minor inconvenience, it is a major hassle for members of a development shop. Its not just a click. Its the constant jarring effect of the screen going dim (or even black) for a second or two, the box, the click, the blink back to reality, then a few seconds later .. Event Viewer, IIS Admin, SQL studio, etc. Doing this, maybe 30-40 times a day? When XP just worked? And all this because the Vista product, and Microsoft narrow-mindness, won't allow me to work in a more intelligent fashion - which is: as a Power User and not as an Administrator? 4) and maybe that's a bottom line - why does Vista install and create its users as Administrators? A while ago my son bought a new Acer computer with Vista Home Exceptional (or whatever its called). First thing I did was create an Adminstrator id, write the password on his monitor, then downgraded his ID to Normal User. He's now been using it for over a month and HAS NOT EVEN NOTICED he's not an Administrator, that is, it hasn't affected him at all. Why doesn't Vista do this by default ? 5) I've just found references to "UAC Manifest" files - does anyone have real, honest, practical experience with this as a way of calming UAC? Cheers. -- riix Quote
Guest Kayman Posted August 15, 2008 Posted August 15, 2008 On Fri, 15 Aug 2008 07:53:00 -0500, riix wrote: <span style="color:blue"> > To all that replied - thanks for your comments and no disrespect > intended please, but seems we missed the issues: > > 1) when attempting to run as a Power User, the "RunAs Administrator" > seems to be completely wrong in concept, yet has been around since .. > NT3? Can this really be? Or am I totally not understanding how its > supposed to work? > > 2) Why does disabling UAC also disable "RunAs.." - again: these are > totally different concepts, why are they coupled? > > 3) UAC is _not_ a minor inconvenience, it is a major hassle for > members of a development shop. Its not just a click. Its the constant > jarring effect of the screen going dim (or even black) for a second or > two, the box, the click, the blink back to reality, then a few seconds > later .. Event Viewer, IIS Admin, SQL studio, etc. > > Doing this, maybe 30-40 times a day? When XP just worked? </span> TweakUAC for Windows Vista. http://www.tweak-uac.com/home/ <span style="color:blue"> > And all this because the Vista product, and Microsoft narrow-mindness, > won't allow me to work in a more intelligent fashion - which is: as a > Power User and not as an Administrator?</span> Windows Vista Secret #4: Disabling UAC "...you probably consider yourself a power user. You pride yourself in the responsibility of having full and absolute control over your machine environment..." http://blogs.msdn.com/tims/archive/2006/09/20/763275.aspx <span style="color:blue"> > 4) and maybe that's a bottom line - why does Vista install and create > its users as Administrators? A while ago my son bought a new Acer > computer with Vista Home Exceptional (or whatever its called). First > thing I did was create an Adminstrator id, write the password on his > monitor, then downgraded his ID to Normal User. He's now been using it > for over a month and HAS NOT EVEN NOTICED he's not an Administrator, > that is, it hasn't affected him at all. > > Why doesn't Vista do this by default ?</span> Speed Vista: Turn off UAC, or at least make it less annoying http://www.pctipsbox.com/speed-vista-turn-...-less-annoying/ <span style="color:blue"> > 5) I've just found references to "UAC Manifest" files - does anyone > have real, honest, practical experience with this as a way of calming > UAC?</span> Understanding and Configuring User Account Control in Windows Vista. http://technet.microsoft.com/en-us/library/cc709628.aspx User Account Control Step-by-Step Guide. http://technet.microsoft.com/en-us/library/cc709691.aspx How to disable UAC http://www.vista4beginners.com/How-to-disable-UAC Quote
Guest Beoweolf Posted August 15, 2008 Posted August 15, 2008 Your question, seems more an indictment than a genuine question. My comment, much as yours, is offered as an opinion or view, except from an administration point of view, no disrespect intended or hidden agenda. The fact that development is hindered by having to respect secure calls should be a warning to development that your intended audience will similarly be affected. Business as usual, shortcuts and all is not acceptable in Vista. Just as users are having to deal with a more secure environment, seems development is going to have to learn a new way building code. As I'm sure you already know, Vista Home(?) is built with the intent of servicing less knowledgeable consumers/users. Further it is intended to run, seamlessly without use of administrator, due to its limited target user. Back on topic, I continue to find it strange when the biggest historical complaint against Microsoft client OS's has been lack of security, yet when it finally assumes a much more secure posture, the reward is more complaints about it being "too" secure. I would expect, that if developers complain enough, Microsoft may take a step toward making a developers version Vista with all the offending safeguards removed. However, I would expect it would lengthen the test cycle, since at some point the code must run in the real world of the ultimate consumer. Bottom line - You can turn UAC off. If you are the administrator, why would you need "run as"? It does not seem logical to want the rights and not want to accept the responsibility. Power user had been inactivated/removed, since W2K/XP/XP-Pro, when client is installed on a domain...hasn't it? "riix" <guest@unknown-email.com> wrote in message news:e100bf9a5d61a24164a35762cccd0b06@nntp-gateway.com...<span style="color:blue"> > > To all that replied - thanks for your comments and no disrespect > intended please, but seems we missed the issues: > > 1) when attempting to run as a Power User, the "RunAs Administrator" > seems to be completely wrong in concept, yet has been around since .. > NT3? Can this really be? Or am I totally not understanding how its > supposed to work? > > 2) Why does disabling UAC also disable "RunAs.." - again: these are > totally different concepts, why are they coupled? > > 3) UAC is _not_ a minor inconvenience, it is a major hassle for > members of a development shop. Its not just a click. Its the constant > jarring effect of the screen going dim (or even black) for a second or > two, the box, the click, the blink back to reality, then a few seconds > later .. Event Viewer, IIS Admin, SQL studio, etc. > > Doing this, maybe 30-40 times a day? When XP just worked? > > And all this because the Vista product, and Microsoft narrow-mindness, > won't allow me to work in a more intelligent fashion - which is: as a > Power User and not as an Administrator? > > 4) and maybe that's a bottom line - why does Vista install and create > its users as Administrators? A while ago my son bought a new Acer > computer with Vista Home Exceptional (or whatever its called). First > thing I did was create an Adminstrator id, write the password on his > monitor, then downgraded his ID to Normal User. He's now been using it > for over a month and HAS NOT EVEN NOTICED he's not an Administrator, > that is, it hasn't affected him at all. > > Why doesn't Vista do this by default ? > > 5) I've just found references to "UAC Manifest" files - does anyone > have real, honest, practical experience with this as a way of calming > UAC? > > Cheers. > > > -- > riix </span> Quote
Guest riix Posted August 15, 2008 Posted August 15, 2008 Beoweolf;805441 Wrote: <span style="color:blue"> > Your question, seems more an indictment than a genuine question.</span> Others can say it more succinctly that me: 'Am I at risk if I disable UAC?' (http://www.tweak-uac.com/am-i-at-risk-if-i-disable-uac/) Beoweolf;805441 Wrote: <span style="color:blue"> > The fact that development is hindered by having to respect secure calls > should be a warning to development that your intended audience will > similarly be affected.</span> I'm not sure what you're referring to; certainly I don't anticipate our product buyers ("intended audience") to have to use Event Viewer, IIS Admin, or SQL Server Studio (at least not to use our product). Beoweolf;805441 Wrote: <span style="color:blue"> > seems development is going to have to learn a new way building code.</span> Yes a tedious, non-productive and irritating way .. Beoweolf;805441 Wrote: <span style="color:blue"> > As I'm sure you already know, Vista Home(?) is built with the intent of > servicing less knowledgeable consumers/users. Further it is intended to > run, seamlessly without use of administrator, due to its limited target > user.</span> I don't disagree. This is why I wonder that Vista Home doesn't 'promote' creation of basic accounts but instead creates Administrator accounts? Beoweolf;805441 Wrote: <span style="color:blue"> > Back on topic, I continue to find it strange when the biggest > historical complaint against Microsoft client OS's has been lack of > security, yet when it finally assumes a much more secure posture, the > reward is more complaints about it being "too" secure.</span> Are you referring to my post or to comments 'out there' in general? My issue is not about it being "too" secure (refer again to above link for a better stating of facts than I could ever do), my issue instead is how intrusive and irritating this supposed 'safeguard' is. Beoweolf;805441 Wrote: <span style="color:blue"> > Bottom line - You can turn UAC off. If you are the administrator, why > would you need "run as"? It does not seem logical to want the rights and > not want to accept the responsibility. > > Power user had been inactivated/removed, since W2K/XP/XP-Pro, when > client is > installed on a domain...hasn't it?</span> You missed the point. I do not want to run as administrator. I don't think I should need such lofty privileges just to write programs. And if I turn off UAC then RunAs doesn't work. However .. to end this thread - thank yous Kayman for pointing out Tweak-UAC; I think its an acceptable compromise. "riix" <guest@xxxxxx-email.com> wrote in message news:e100bf9a5d61a24164a35762cccd0b06@xxxxxx-gateway.com... -- riix Quote
Guest oscar Posted August 15, 2008 Posted August 15, 2008 In the spirit of friendly and informative dialogue I submit this: First thing one needs to do when migrating from XP to Vista is to forget about XP. Vista is not an upgraded version of XP. Vista is a new and different OS with more powerful features than XP. I've had Vista for a year now. No blue screen. No need to reinstall OS because of a corrupt file. I think that the UAC has contributed to protecting the integrity of the OS. I've run Vista with various kinds of UAC configurations. Right now I find the best set up for me is using a standard account everyday with the administrator account sitting on the sideline in case I ever need to access it (which I rarely do.) Yes, the UAC will ask me for the administrator password once in a while but only for global operations that will affect other users. I do not find the occasional UAC prompt a nuisance anymore than I find my home security lighting system. If I had the money I’d replace all of my XP machines with Vista. -- oscar style_emoticons/ ....Right click is your very good friend... "riix" wrote: <span style="color:blue"> > > To all that replied - thanks for your comments and no disrespect > intended please, but seems we missed the issues: > > 1) when attempting to run as a Power User, the "RunAs Administrator" > seems to be completely wrong in concept, yet has been around since .. > NT3? Can this really be? Or am I totally not understanding how its > supposed to work? > > 2) Why does disabling UAC also disable "RunAs.." - again: these are > totally different concepts, why are they coupled? > > 3) UAC is _not_ a minor inconvenience, it is a major hassle for > members of a development shop. Its not just a click. Its the constant > jarring effect of the screen going dim (or even black) for a second or > two, the box, the click, the blink back to reality, then a few seconds > later .. Event Viewer, IIS Admin, SQL studio, etc. > > Doing this, maybe 30-40 times a day? When XP just worked? > > And all this because the Vista product, and Microsoft narrow-mindness, > won't allow me to work in a more intelligent fashion - which is: as a > Power User and not as an Administrator? > > 4) and maybe that's a bottom line - why does Vista install and create > its users as Administrators? A while ago my son bought a new Acer > computer with Vista Home Exceptional (or whatever its called). First > thing I did was create an Adminstrator id, write the password on his > monitor, then downgraded his ID to Normal User. He's now been using it > for over a month and HAS NOT EVEN NOTICED he's not an Administrator, > that is, it hasn't affected him at all. > > Why doesn't Vista do this by default ? > > 5) I've just found references to "UAC Manifest" files - does anyone > have real, honest, practical experience with this as a way of calming > UAC? > > Cheers. > > > -- > riix > </span> Quote
Guest Mr. Arnold Posted August 15, 2008 Posted August 15, 2008 "riix" <guest@unknown-email.com> wrote in message news:e100bf9a5d61a24164a35762cccd0b06@nntp-gateway.com...<span style="color:blue"> > > To all that replied - thanks for your comments and no disrespect > intended please, but seems we missed the issues: > > 1) when attempting to run as a Power User, the "RunAs Administrator" > seems to be completely wrong in concept, yet has been around since .. > NT3? Can this really be? Or am I totally not understanding how its > supposed to work?</span> There is no more Power User on Vista, as stated in the article. <http://technet.microsoft.com/en-us/magazine/cc160882.aspx> <span style="color:blue"> > > 2) Why does disabling UAC also disable "RunAs.." - again: these are > totally different concepts, why are they coupled?</span> UAC and Run As Administrator are tied together on Vista and are the new security profile for the Admin and Standard user accounts. Even Admin on Vista is locked down to Standard User and must have its rights escalated, as stated in the link. <http://technet.microsoft.com/en-us/library/cc709691.aspx> <span style="color:blue"> > > 3) UAC is _not_ a minor inconvenience, it is a major hassle for > members of a development shop. Its not just a click. Its the constant > jarring effect of the screen going dim (or even black) for a second or > two, the box, the click, the blink back to reality, then a few seconds > later .. Event Viewer, IIS Admin, SQL studio, etc. > > Doing this, maybe 30-40 times a day? When XP just worked? > > And all this because the Vista product, and Microsoft narrow-mindness, > won't allow me to work in a more intelligent fashion - which is: as a > Power User and not as an Administrator?</span> 1) You disable UAC. 2) You use something like TweakUac. 3) You set your account to be Super Admin so that you still have UAC enabled because some applications will not work correctly with UAC off, those applications using the Vista UAC manifest as an example, and by being Super Admin, UAC will not prompt you as Super Admin, as stated in the link. <http://www.computerperformance.co.uk/vista/vista_administrator_activate.htm#Summary_of_Vista_Administrator_-_Super_User_(Hidden_Account)> <span style="color:blue"> > > 4) and maybe that's a bottom line - why does Vista install and create > its users as Administrators? A while ago my son bought a new Acer > computer with Vista Home Exceptional (or whatever its called). First > thing I did was create an Adminstrator id, write the password on his > monitor, then downgraded his ID to Normal User. He's now been using it > for over a month and HAS NOT EVEN NOTICED he's not an Administrator, > that is, it hasn't affected him at all.</span> That's because Standard user on Vista has more rights than Limited user on XP as an example, which was preventing a Limited user on XP from doing things. This as been corrected on Vista. However, if the user your son was running a solution as Standard user or as Admin, because Admin on Vista is locked down to a Standard user, and UAC is enabled, the user is going to be prompted for credentials for privilege escalation.<span style="color:blue"> > > Why doesn't Vista do this by default ? ></span> Ask MS. <span style="color:blue"> > 5) I've just found references to "UAC Manifest" files - does anyone > have real, honest, practical experience with this as a way of calming > UAC? ></span> A programs running on Vista with UAC enabled, the developer can present the UAC credentials to Vista for privilege escalation by using the manifest. That UAC challenge box is still going to pop in the user's face, to allow or disallow as Admin or if Standard user give user-id and psw for an Admin account. <http://community.bartdesmet.net/blogs/bart/archive/2006/10/28/Windows-Vista-_2D00_-Demand-UAC-elevation-for-an-application-by-adding-a-manifest-using-mt.exe.aspx> Quote
Guest Kerry Brown Posted August 16, 2008 Posted August 16, 2008 ><span style="color:blue"> > You missed the point. I do not want to run as administrator. I don't > think I should need such lofty privileges just to write programs. And if > I turn off UAC then RunAs doesn't work. ></span> The whole point of UAC is to allow you to run with an administrator account when needed (as in a development environment) but still maintain better security than previous versions of Windows. With UAC enabled when you logon with an administrator account you get two tokens, a standard user token, and an administrator token. The administrator token is never used unless UAC steps in and allows it. In effect you are running as a standard user until you see a UAC prompt. When you see a UAC prompt if you respond in the affirmative the admin token is unhidden and the process will run with the admin token. The key point is only that process has the admin token. Everything else is still running as a standard user. For development either turn UAC off or leave it on and run with an administrator account. With UAC off you will need a different computer (possibly virtual) for testing. -- Kerry Brown MS-MVP - Windows Desktop Experience: Systems Administration http://www.vistahelp.ca/phpBB2/ http://vistahelpca.blogspot.com/ Quote
Guest DevilsPGD Posted August 17, 2008 Posted August 17, 2008 In message <10878302a19c380ba0d55200d531a8a9@nntp-gateway.com> riix <guest@unknown-email.com> wrote: <span style="color:blue"> >I don't disagree. This is why I wonder that Vista Home doesn't >'promote' creation of basic accounts but instead creates Administrator >accounts?</span> This is exactly what UAC does. Users are using a basic "user" level token at all times, until a program requests administrator privileges. Quote
Guest DevilsPGD Posted August 17, 2008 Posted August 17, 2008 In message <e100bf9a5d61a24164a35762cccd0b06@nntp-gateway.com> riix <guest@unknown-email.com> wrote: <span style="color:blue"> >To all that replied - thanks for your comments and no disrespect >intended please, but seems we missed the issues: > >1) when attempting to run as a Power User, the "RunAs Administrator" >seems to be completely wrong in concept, yet has been around since .. >NT3? Can this really be? Or am I totally not understanding how its >supposed to work?</span> First, there is no such thing as a power user in Vista. If the group exists from an AD context, it has no particular rights on the desktop. Second, if you're running as a standard user, "Run As Administrator" hasn't changed, it still allows the user to run a program under a different security context. If you're running as an administrator already, then the UAC popup by default doesn't require credentials (it already knows who you are, and that you are authorized), so this is technically a regression as you used to be able to run programs as any user. Luckily you can use group policies to change this, if you need to be able to launch programs in a different user context. <span style="color:blue"> >2) Why does disabling UAC also disable "RunAs.." - again: these are >totally different concepts, why are they coupled?</span> UAC controls the elevation process, and is largely what allows processes from two different security contexts to interact on the same console. <span style="color:blue"> >3) UAC is _not_ a minor inconvenience, it is a major hassle for >members of a development shop. Its not just a click. Its the constant >jarring effect of the screen going dim (or even black) for a second or >two, the box, the click, the blink back to reality, then a few seconds >later .. Event Viewer, IIS Admin, SQL studio, etc. > >Doing this, maybe 30-40 times a day? When XP just worked? </span> If XP "just worked" then you were running with administrative access already, or you're using a program that requests administrative access but doesn't need it. <span style="color:blue"> >And all this because the Vista product, and Microsoft narrow-mindness, >won't allow me to work in a more intelligent fashion - which is: as a >Power User and not as an Administrator?</span> A Power User is just an administrator who hasn't promoted themselves yet. <span style="color:blue"> >4) and maybe that's a bottom line - why does Vista install and create >its users as Administrators? A while ago my son bought a new Acer >computer with Vista Home Exceptional (or whatever its called). First >thing I did was create an Adminstrator id, write the password on his >monitor, then downgraded his ID to Normal User. He's now been using it >for over a month and HAS NOT EVEN NOTICED he's not an Administrator, >that is, it hasn't affected him at all. > >Why doesn't Vista do this by default ?</span> Because the majority of users actually use their computers. They install software (Flash come to mind anyone?), upgrade software, stuff like that. iTunes, Adobe Reader, Adobe Flash have all had security updates recently, so either your son is horribly insecure, or uses the administrator password. If he users the administrator password when doing these activities then he's doing what UAC would have done for him. UAC doesn't pop up randomly, it only happens when Vista detects an activity happening that requires administrative privileges, or an application or user specifically requests administrative privileges. Quote
Guest riix Posted August 18, 2008 Posted August 18, 2008 thank you. please no more responses. i'm buying a mac for me and my son. -- riix Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.