turn off user account control

Posted February 16, 2009 · February 16, 2009

How to turn off User Account Control ?

The endless prompts are driving me batty ...

Posted February 16, 2009 · February 16, 2009

See this link from my website:

http://www.winuser.co.uk/windows_vista_faq...nt_control.html

--

John Barnett MVP

Windows XP Associate Expert

Windows Desktop Experience

Web: http://www.winuser.co.uk

Web: http://xphelpandsupport.mvps.org

Web: http://vistasupport.mvps.org

Web: http://www.silversurfer-guide.com

The information in this mail/post is supplied "as is". No warranty of any

kind, either expressed or implied, is made in relation to the accuracy,

reliability or content of this mail/post. The Author shall not be liable for

any direct, indirect, incidental or consequential damages arising out of the

use of, or inability to use, information or opinions expressed in this

mail/post..

"John A Grandy" <johnagrandy@g-mail-dot-com> wrote in message

news:#kL9158jJHA.2460@TK2MSFTNGP06.phx.gbl...

> How to turn off User Account Control ?

> The endless prompts are driving me batty ...

Posted February 16, 2009 · February 16, 2009

John A Grandy wrote:

> How to turn off User Account Control ?

> The endless prompts are driving me batty ...

Control Panel > Security Center > Other Security Settings

--

Bruce Chambers

Help us help you:

http://www.catb.org/~esr/faqs/smart-questions.html

http://support.microsoft.com/default.aspx/kb/555375

They that can give up essential liberty to obtain a little temporary

safety deserve neither liberty nor safety. ~Benjamin Franklin

Many people would rather die than think; in fact, most do. ~Bertrand Russell

The philosopher has never killed any priests, whereas the priest has

killed a great many philosophers.

~ Denis Diderot

Posted February 16, 2009 · February 16, 2009

"John A Grandy" <johnagrandy@g-mail-dot-com> wrote in message

news:%23kL9158jJHA.2460@TK2MSFTNGP06.phx.gbl...

> How to turn off User Account Control ?

> The endless prompts are driving me batty ...

Why are you getting "endless prompts" I ONLY get a prompt when installing

certain applications. I quite often go for days and days without any prompts

at all. You shouldn't be getting "endless prompts" under normal use, unless

you are using software that is not fully Vista compatible...

--

Asking a question?

Please tell us the version of the application you are asking about,

your OS, Service Pack level

and the FULL contents of any error message(s)

Posted February 16, 2009 · February 16, 2009

"John Barnett MVP" <freelance@invalid.invalid> wrote in message

news:%23be6EA9jJHA.4448@TK2MSFTNGP05.phx.gbl...

> See this link from my website:

> http://www.winuser.co.uk/windows_vista_faq...nt_control.html

>

Should we not be finding out why the OP is getting endless prompts rather

than just showing him how to turn UAC off?

--

Asking a question?

Please tell us the version of the application you are asking about,

your OS, Service Pack level

and the FULL contents of any error message(s)

Posted February 16, 2009 · February 16, 2009

I have simply answered the OP's specific question which was how to turn UAC

off. As far as the OP is concerned the prompts are 'driving him batty.' If

there was a specific problem I would imagine that the OP would have pointed

that out, in which case we could have elaborated a little more.

While I agree, Yes we could have asked 'what is your specific problem' but I

have found that, in many cases, a reply to ones specific questioning isn't

always forthcoming. We spend a lot of time answering questions, not only on

this newsgroup, but many others, and although most posts answered by me are

flagged I don't always have the time to keep going back over old posts to

see if someone has answered my specific question.

Your own signature line says it all. We can only answer the question posed

by the poster, if all the information isn't there we can only give an

'approximate' answer and hope that that solves the problem. We certainly are

not infallible, but we also do not get paid for our contributions to users

problems and, in the end, we do have to juggle between a full time job and

voluntary support technicians. We are not super human, we can't read minds,

all we can do is answer the original question posed.

--

John Barnett MVP

Windows XP Associate Expert

Windows Desktop Experience

Web: http://www.winuser.co.uk

Web: http://xphelpandsupport.mvps.org

Web: http://vistasupport.mvps.org

Web: http://www.silversurfer-guide.com

The information in this mail/post is supplied "as is". No warranty of any

kind, either expressed or implied, is made in relation to the accuracy,

reliability or content of this mail/post. The Author shall not be liable for

any direct, indirect, incidental or consequential damages arising out of the

use of, or inability to use, information or opinions expressed in this

mail/post..

"Gordon" <gbplinux@gmail.com> wrote in message

news:eThoGDBkJHA.1248@TK2MSFTNGP03.phx.gbl...

> "John Barnett MVP" <freelance@invalid.invalid> wrote in message

> news:%23be6EA9jJHA.4448@TK2MSFTNGP05.phx.gbl...

>> See this link from my website:

>> http://www.winuser.co.uk/windows_vista_faq...nt_control.html

>>

>

> Should we not be finding out why the OP is getting endless prompts rather

> than just showing him how to turn UAC off?

>

> --

> Asking a question?

> Please tell us the version of the application you are asking about,

> your OS, Service Pack level

> and the FULL contents of any error message(s)

Posted February 16, 2009 · February 16, 2009

Under "Control Panel" select "User Accounts". Find the one you use and the

bottom selection should say something like "turn user account control on or

off". Excuse me if the text is not 100 % correct as I am using a Danish

version and therefore do not know what it actually says in the English

version

"John A Grandy" <johnagrandy@g-mail-dot-com> skrev i meddelelsen

news:%23kL9158jJHA.2460@TK2MSFTNGP06.phx.gbl...

> How to turn off User Account Control ?

> The endless prompts are driving me batty ...

Posted February 16, 2009 · February 16, 2009

"John Barnett MVP" <freelance@invalid.invalid> wrote in message

news:eki4HBFkJHA.5124@TK2MSFTNGP03.phx.gbl...

>I have simply answered the OP's specific question which was how to turn UAC

>off. As far as the OP is concerned the prompts are 'driving him batty.' If

>there was a specific problem I would imagine that the OP would have pointed

>that out, in which case we could have elaborated a little more.

>

> While I agree, Yes we could have asked 'what is your specific problem' but

> I have found that, in many cases, a reply to ones specific questioning

> isn't always forthcoming. We spend a lot of time answering questions, not

> only on this newsgroup, but many others, and although most posts answered

> by me are flagged I don't always have the time to keep going back over old

> posts to see if someone has answered my specific question.

>

> Your own signature line says it all. We can only answer the question posed

> by the poster, if all the information isn't there we can only give an

> 'approximate' answer and hope that that solves the problem. We certainly

> are not infallible, but we also do not get paid for our contributions to

> users problems and, in the end, we do have to juggle between a full time

> job and voluntary support technicians. We are not super human, we can't

> read minds, all we can do is answer the original question posed.

>

I agree with all you say, but, as UAC is supposed to be a security function,

my point was, that instead of just telling the OP how to turn off security,

it might have been better to ask why he's getting all the prompts in the

first place. (Could be malware, could be anything, if the OP is not actually

doing anything himself to cause the prompts). I get UAC may be two or three

times a week, while I'm doing an operation that requires raised access

rights. If I suddenly started getting lots of UAC prompts when I wasn't

doing anything, I personally wouldn't ask just how to turn it off, and I

personally wouldn't expect any sort of computer professional to supply that

simplistic response.

Would you recommend turning off an AV application if it started giving lots

of warnings?

Just my 2p worth...

--

Asking a question?

Please tell us the version of the application you are asking about,

your OS, Service Pack level

and the FULL contents of any error message(s)

Posted February 16, 2009 · February 16, 2009

I agree that it is usually best to answer the question as stated, and doing

that here is good. I know that when I ask a question, I am often frustrated

when someone thinks I need to do something different and posts a message

with something that does not help then argues with me when I explain that I

actually do know what I am doing and that their suggestion does not help.

Usually, I am in your position in the sense of being the person answering

questions. I was the first person in the CodeGuru.com forums to reach 10,000

posts and more than 99% of them were attempts to help others. I have also

been answering questions in the MSDN forums. I know that people often ask

for help solving a problem that they think is a solution to a more

fundamental problem and that they should ask for help with the more

fundamental problem.

As for the UAC is concerned, I do find articles explaining how to turn off

UAC but I don't find anything explaining the problems that might exist if I

do; what vulnerabilities are possible that the UAC protects us from. If

turning off the UAC makes an Administrator account behave essentially the

same as the way that an Administrator account behaves in XP then for those

of us that "know what we are doing" and use a limited account for everything

that does not need Administrator privileges then it seems reasonable to turn

it off. I wish someone would explain that and I have not seen that type of

explanation.

"John Barnett MVP" <freelance@invalid.invalid> wrote in message

news:eki4HBFkJHA.5124@TK2MSFTNGP03.phx.gbl...

>I have simply answered the OP's specific question which was how to turn UAC

>off. As far as the OP is concerned the prompts are 'driving him batty.' If

>there was a specific problem I would imagine that the OP would have pointed

>that out, in which case we could have elaborated a little more.

>

> While I agree, Yes we could have asked 'what is your specific problem' but

> I have found that, in many cases, a reply to ones specific questioning

> isn't always forthcoming. We spend a lot of time answering questions, not

> only on this newsgroup, but many others, and although most posts answered

> by me are flagged I don't always have the time to keep going back over old

> posts to see if someone has answered my specific question.

>

> Your own signature line says it all. We can only answer the question posed

> by the poster, if all the information isn't there we can only give an

> 'approximate' answer and hope that that solves the problem. We certainly

> are not infallible, but we also do not get paid for our contributions to

> users problems and, in the end, we do have to juggle between a full time

> job and voluntary support technicians. We are not super human, we can't

> read minds, all we can do is answer the original question posed.

>

> --

>

> --

> John Barnett MVP

> Windows XP Associate Expert

> Windows Desktop Experience

>

> Web: http://www.winuser.co.uk

> Web: http://xphelpandsupport.mvps.org

> Web: http://vistasupport.mvps.org

> Web: http://www.silversurfer-guide.com

>

> The information in this mail/post is supplied "as is". No warranty of any

> kind, either expressed or implied, is made in relation to the accuracy,

> reliability or content of this mail/post. The Author shall not be liable

> for

> any direct, indirect, incidental or consequential damages arising out of

> the

> use of, or inability to use, information or opinions expressed in this

> mail/post..

>

> "Gordon" <gbplinux@gmail.com> wrote in message

> news:eThoGDBkJHA.1248@TK2MSFTNGP03.phx.gbl...

>> "John Barnett MVP" <freelance@invalid.invalid> wrote in message

>> news:%23be6EA9jJHA.4448@TK2MSFTNGP05.phx.gbl...

>>> See this link from my website:

>>> http://www.winuser.co.uk/windows_vista_faq...nt_control.html

>>>

>>

>> Should we not be finding out why the OP is getting endless prompts rather

>> than just showing him how to turn UAC off?

>>

>> --

>> Asking a question?

>> Please tell us the version of the application you are asking about,

>> your OS, Service Pack level

>> and the FULL contents of any error message(s)

>

Posted February 16, 2009 · February 16, 2009

http://www.tweak-uac.com/

Tweak UAC Utility - put UAC in Quiet Mode or On/OFF easily

http://xenomorph.net/?page_id=336

Vista Tweaker - UAC too

http://www.petri.co.il/disable_uac_in_windows_vista.htm

Disable UAC

http://technet.microsoft.com/en-us/windows...a/aa905108.aspx

User Account Control

http://technet.microsoft.com/en-us/windows...a/aa906022.aspx

TechNet Getting Started with UAC

http://technet2.microsoft.com/WindowsVista...3.mspx?mfr=true

Windows Vista User Account Control Step by Step Guide

http://windowshelp.microsoft.com/windows/e...59f44e1033.mspx

Understanding UAC

"John A Grandy" <johnagrandy@g-mail-dot-com> wrote in message

news:%23kL9158jJHA.2460@TK2MSFTNGP06.phx.gbl...

> How to turn off User Account Control ?

> The endless prompts are driving me batty ...

Posted February 16, 2009 · February 16, 2009

On Mon, 16 Feb 2009 11:47:36 -0800, "Sam Hobbs"

<Gateremovethis@SamHobbs.org> wrote:

>I agree that it is usually best to answer the question as stated, and doing

>that here is good. I know that when I ask a question, I am often frustrated

>when someone thinks I need to do something different and posts a message

>with something that does not help then argues with me when I explain that I

>actually do know what I am doing and that their suggestion does not help.

Then "Gordon" the nanny probably pisses you off a lot.

>Usually, I am in your position in the sense of being the person answering

>questions. I was the first person in the CodeGuru.com forums to reach 10,000

>posts and more than 99% of them were attempts to help others. I have also

>been answering questions in the MSDN forums. I know that people often ask

>for help solving a problem that they think is a solution to a more

>fundamental problem and that they should ask for help with the more

>fundamental problem.

>

>As for the UAC is concerned, I do find articles explaining how to turn off

>UAC but I don't find anything explaining the problems that might exist if I

>do; what vulnerabilities are possible that the UAC protects us from. If

>turning off the UAC makes an Administrator account behave essentially the

>same as the way that an Administrator account behaves in XP then for those

>of us that "know what we are doing" and use a limited account for everything

>that does not need Administrator privileges then it seems reasonable to turn

>it off. I wish someone would explain that and I have not seen that type of

>explanation.

Good GRIEF! There have been countless posts in these groups about UAC

and there are countless more articles on the Web.

You need to go to Google Groups, find this group, and run a search.

Or just search Google in general.

>"John Barnett MVP" <freelance@invalid.invalid> wrote in message

>news:eki4HBFkJHA.5124@TK2MSFTNGP03.phx.gbl...

>>I have simply answered the OP's specific question which was how to turn UAC

>>off. As far as the OP is concerned the prompts are 'driving him batty.' If

>>there was a specific problem I would imagine that the OP would have pointed

>>that out, in which case we could have elaborated a little more.

>>

>> While I agree, Yes we could have asked 'what is your specific problem' but

>> I have found that, in many cases, a reply to ones specific questioning

>> isn't always forthcoming. We spend a lot of time answering questions, not

>> only on this newsgroup, but many others, and although most posts answered

>> by me are flagged I don't always have the time to keep going back over old

>> posts to see if someone has answered my specific question.

>>

>> Your own signature line says it all. We can only answer the question posed

>> by the poster, if all the information isn't there we can only give an

>> 'approximate' answer and hope that that solves the problem. We certainly

>> are not infallible, but we also do not get paid for our contributions to

>> users problems and, in the end, we do have to juggle between a full time

>> job and voluntary support technicians. We are not super human, we can't

>> read minds, all we can do is answer the original question posed.

>>

>> --

>>

>> --

>> John Barnett MVP

>> Windows XP Associate Expert

>> Windows Desktop Experience

>>

>> Web: http://www.winuser.co.uk

>> Web: http://xphelpandsupport.mvps.org

>> Web: http://vistasupport.mvps.org

>> Web: http://www.silversurfer-guide.com

>>

>> The information in this mail/post is supplied "as is". No warranty of any

>> kind, either expressed or implied, is made in relation to the accuracy,

>> reliability or content of this mail/post. The Author shall not be liable

>> for

>> any direct, indirect, incidental or consequential damages arising out of

>> the

>> use of, or inability to use, information or opinions expressed in this

>> mail/post..

>>

>> "Gordon" <gbplinux@gmail.com> wrote in message

>> news:eThoGDBkJHA.1248@TK2MSFTNGP03.phx.gbl...

>>> "John Barnett MVP" <freelance@invalid.invalid> wrote in message

>>> news:%23be6EA9jJHA.4448@TK2MSFTNGP05.phx.gbl...

>>>> See this link from my website:

>>>> http://www.winuser.co.uk/windows_vista_faq...nt_control.html

>>>>

>>>

>>> Should we not be finding out why the OP is getting endless prompts rather

>>> than just showing him how to turn UAC off?

>>>

>>> --

>>> Asking a question?

>>> Please tell us the version of the application you are asking about,

>>> your OS, Service Pack level

>>> and the FULL contents of any error message(s)

>>

Posted February 16, 2009 · February 16, 2009

"Hank J." <henry@doctorjeckyl.invalid> wrote in message

news:4umjp49me9tup560c151jnalb0stgdd9as@4ax.com...

> Then "Gordon" the nanny probably pisses you off a lot.

>

Do a lot of posting here do we? Who rattled your cage?

--

Asking a question?

Please tell us the version of the application you are asking about,

your OS, Service Pack level

and the FULL contents of any error message(s)

Posted February 17, 2009 · February 17, 2009

"Gordon" <gbplinux@gmail.com> wrote in message

news:eThoGDBkJHA.1248@TK2MSFTNGP03.phx.gbl...

> "John Barnett MVP" <freelance@invalid.invalid> wrote in message

> news:%23be6EA9jJHA.4448@TK2MSFTNGP05.phx.gbl...

>> See this link from my website:

>> http://www.winuser.co.uk/windows_vista_faq...nt_control.html

>>

>

> Should we not be finding out why the OP is getting endless prompts rather

> than just showing him how to turn UAC off?

>

> --

> Asking a question?

> Please tell us the version of the application you are asking about,

> your OS, Service Pack level

> and the FULL contents of any error message(s)

UAC is a love/hate function with no grey area in-between. I have it turned

OFF..

--

Mike Hall - MVP

Mike's Window - My Blog..

http://msmvps.com/blogs/mikehall/default.aspx

Posted February 17, 2009 · February 17, 2009

"Mike Hall - MVP" <mikehall@remove_mvps.com> wrote in message

news:uJN$i4SkJHA.4028@TK2MSFTNGP03.phx.gbl...

> "Gordon" <gbplinux@gmail.com> wrote in message

> news:eThoGDBkJHA.1248@TK2MSFTNGP03.phx.gbl...

>> "John Barnett MVP" <freelance@invalid.invalid> wrote in message

>> news:%23be6EA9jJHA.4448@TK2MSFTNGP05.phx.gbl...

>>> See this link from my website:

>>> http://www.winuser.co.uk/windows_vista_faq...nt_control.html

>>>

>>

>> Should we not be finding out why the OP is getting endless prompts rather

>> than just showing him how to turn UAC off?

>>

>> --

>> Asking a question?

>> Please tell us the version of the application you are asking about,

>> your OS, Service Pack level

>> and the FULL contents of any error message(s)

>

> UAC is a love/hate function with no grey area in-between. I have it turned

> OFF..

>

But you, I presume, know what you are doing. The OP presumably, may not....

--

Asking a question?

Please tell us the version of the application you are asking about,

your OS, Service Pack level

and the FULL contents of any error message(s)

Posted February 17, 2009 · February 17, 2009

On Tue, 17 Feb 2009 18:47:48 -0000, "Gordon" <gbplinux@gmail.com>

wrote:

>"Mike Hall - MVP" <mikehall@remove_mvps.com> wrote in message

>> UAC is a love/hate function with no grey area in-between. I have it turned

>> OFF..

>>

>

>But you, I presume, know what you are doing. The OP presumably, may not....

IIRC, not too long ago you were saying that anyone who ran with UAC

off was part of the rabble that was responsible for all the malware

and virus infestations world wide.

Somehow Mike escaped that, hmm?

Posted February 17, 2009 · February 17, 2009

How did we ever live without UAC?

If you didn't have problems with malware before UAC, you probably don't need

UAC now.

With any other detection scheme, all those prompts would be called "false

positives" and leads to ignoring the prompt.

In that sense only, UAC is garbage.

Is it protecting me? Not unless you actually pay attention to all those

prompts and recognize who started the process.

Nothing beats safe hex.

"Gordon" <gbplinux@gmail.com> wrote in message

news:%23ywM4ATkJHA.4132@TK2MSFTNGP04.phx.gbl...

> "Mike Hall - MVP" <mikehall@remove_mvps.com> wrote in message

> news:uJN$i4SkJHA.4028@TK2MSFTNGP03.phx.gbl...

> > "Gordon" <gbplinux@gmail.com> wrote in message

> > news:eThoGDBkJHA.1248@TK2MSFTNGP03.phx.gbl...

> >> "John Barnett MVP" <freelance@invalid.invalid> wrote in message

> >> news:%23be6EA9jJHA.4448@TK2MSFTNGP05.phx.gbl...

> >>> See this link from my website:

> >>>

http://www.winuser.co.uk/windows_vista_faq...nt_control.html

> >>>

> >>

> >> Should we not be finding out why the OP is getting endless prompts

rather

> >> than just showing him how to turn UAC off?

> >>

> >> --

> >> Asking a question?

> >> Please tell us the version of the application you are asking about,

> >> your OS, Service Pack level

> >> and the FULL contents of any error message(s)

> >

> > UAC is a love/hate function with no grey area in-between. I have it

turned

> > OFF..

> >

>

> But you, I presume, know what you are doing. The OP presumably, may

not....

>

> --

> Asking a question?

> Please tell us the version of the application you are asking about,

> your OS, Service Pack level

> and the FULL contents of any error message(s)

>

Posted February 17, 2009 · February 17, 2009

Mark H wrote:

> How did we ever live without UAC?

>

> If you didn't have problems with malware before UAC, you probably don't need

> UAC now.

> With any other detection scheme, all those prompts would be called "false

> positives" and leads to ignoring the prompt.

> In that sense only, UAC is garbage.

>

> Is it protecting me? Not unless you actually pay attention to all those

> prompts and recognize who started the process.

>

> Nothing beats safe hex.

>

You are wrong, and with UAC on one is practicing safehex.

Jack the Ripper wrote:

> Saucy wrote:

>> "Not Even Me" <cargod01@hotmail.com> wrote in message

>> news:uNylAgOkJHA.5732@TK2MSFTNGP05.phx.gbl...

>>> "Jack the Ripper" <Jack@Rripper.com> wrote in message

>>> news:eUh6F1LkJHA.4760@TK2MSFTNGP04.phx.gbl...

>>>> Justin wrote:

>>>>> Jack the Ripper wrote:

>>>>>> Justin wrote:

>>>>>>> Jack the Ripper wrote:

>>>>>>>> +Bob+ wrote:

>>>>>>>>> On Sun, 15 Feb 2009 15:43:31 -0500, Jack the Ripper

>>>>>>>>> <Jack@Rripper.com>

>>>>>>>>> wrote:

>>>>>>>>>

>>>>>>>>>> Nothing is bulletproof, but one doesn't see a lot of posts by

>>>>>>>>>> Vista users about virus or malware issues, not like you see on

>>>>>>>>>> XP.

>>>>>>>>>

>>>>>>>>> No, but you do see a lot of posts about how UAC sucks. Good

>>>>>>>>> idea, bad

>>>>>>>>> implementation.

>>>>>>>>>

>>>>>>>>

>>>>>>>> It's the posts of the ignorant. I would rather have it enabled

>>>>>>>> so that I am not on the Internet with full admin rights, like

>>>>>>>> the previous versions of the NT based O/S(s,) which are open by

>>>>>>>> default O/S(s) and wide-open to attack/compromise by default.

>>>>>>>>

>>>>>>>> Is that so hard for you or anyone else to understand?

>>>>>>>

>>>>>>> As long as you're not logged on as admin you should be fine. At

>>>>>>> most I keep users at Power User rights.

>>>>>>> While I understand running as admin is unsafe, simply having the

>>>>>>> account enabled is not a security risk.

>>>>>>

>>>>>> I am going to try to explain this again. The out of the box admin

>>>>>> account on Vista that is given to a user or any subsequent admin

>>>>>> account that is created on Vista with UAC enabled is NOT a

>>>>>> full-rights-admin account. It's only a Standard user account,

>>>>>> which must be escalated to a use the full-adminrights token to do

>>>>>> anything requiring admin-full-rights as an administrator.

>>>>>

>>>>> I get it.

>>>>> I don't need any escalation to admin. The problem is, what if

>>>>> there's some malware. Some malware named "winenhancer." The user

>>>>> sees the UAC prompt "Winenhancer must access the internet!" and the

>>>>> user clicks on yes.

>>>>> So UAC only works when the user knows everything about the PC,

>>>>> which is unrealistic for a standard dumb user whose job is to type

>>>>> out proposals and reports.

>>>>

>>>> Oh, I get it. It's not the responsibility of the dumb user to know

>>>> what he or she is dumbly clicking on as they point and click. It's

>>>> their responsibly to know the situation, but they don't and most

>>>> never will.

>>>>

>>>> However, network admins take that responsibly for this type of

>>>> worker by using a network proxy that only allows the users to go to

>>>> approved sites closing the attack vector and mitigating such damage,

>>>> as its their responsibility to protect company's interest and not

>>>> some office clerk, lock them down.

>>>>

>>>> Just like with Linux which has the same kind of an approval process

>>>> within its O/S, they point, click, approve and it's all bets are

>>>> off. But with UAC enabled when one does this, the damages are

>>>> mitigated to a certain degree as UAC protects critical areas and

>>>> also not allowing the malware to continuously run under the context

>>>> of the user-admin full-rights access token, to spread damage.

>>>>

>>>> But rather with UAC enabled, the compromise runs under the context

>>>> of the admin's Standard user token, because admin user on Vista is

>>>> returned to using that token upon privileged escalation completion,

>>>> and it's a limit rights token, which mitigates/limits damage.

>>>>

>>>> Like I said, nothing is bulletproof not even god's O/S Linux, but

>>>> UAC on the MS platform is better than have nothing at all, which is

>>>> the case in fact with the previous versions of the NT based O/S

>>>> platform, open by default O/S(s), to help protect the O/S.

>>>

>>> Real time scanning by (even free) third party programs provides (in

>>> many cases) superior protection with less annoyance.

>>> So why put something in the OS that just pisses many people off and

>>> is (by MS admission) made irritating on purpose?

>>>

>>

>> Didn't he just explain it to you? Re-read his post:

>>

>> "But rather with UAC enabled, the compromise runs under the context

>> of the admin's Standard user token, because admin user on Vista is

>> returned to using that token upon privileged escalation completion,

>> and it's a limit rights token, which mitigates/limits damage."

>>

>> Combining secutity features such as UAC and real time scanning makes

>> systems more difficult to compromise both directly and indirectly

>> [say, by social engineering].

>>

>

> EXCELLENT!

Posted February 17, 2009 · February 17, 2009

"DonQ" <DonQ@uixote.invalid> wrote in message

news:2q3mp4tm54v4oln36cvkcf5v41lqceb8k1@4ax.com...

> On Tue, 17 Feb 2009 18:47:48 -0000, "Gordon" <gbplinux@gmail.com>

> wrote:

>

>>"Mike Hall - MVP" <mikehall@remove_mvps.com> wrote in message

>

>>> UAC is a love/hate function with no grey area in-between. I have it

>>> turned

>>> OFF..

>>>

>>

>>But you, I presume, know what you are doing. The OP presumably, may

>>not....

>

> IIRC, not too long ago you were saying that anyone who ran with UAC

> off was part of the rabble that was responsible for all the malware

> and virus infestations world wide.

>

> Somehow Mike escaped that, hmm?

Of course. I expect someone with MVP status to know what they are doing.

Most people do not - along with running as an admin account on a daily

basis, which is also a major factor in the proliferation of viruses and

Trojans.

And in any case - if one does WORK with the machine rather than fiddling and

messing with it, then the instance of UAC popping up is negligible. I get

UAC maybe two or three times a WEEK.

--

Asking a question?

Please tell us the version of the application you are asking about,

your OS, Service Pack level

and the FULL contents of any error message(s)

Posted February 20, 2009 · February 20, 2009

If your antivirus asked you every time you clicked on a file:

"The file you are about to open may be a virus. Do you wish to continue?"

How long before you turned it off?

If your firewall produced a message every time you accessed the internet:

"Your computer is attempting to connect with the internet. This could result

in the loss of personal information. Do you wish to continue?"

How long before you turned it off?

Live in whatever fear makes you feel safer.

Still malware free after 30+ years on computers.

"Jack the Ripper" <Jack@Rripper.com> wrote in message

news:%23qyeOLUkJHA.996@TK2MSFTNGP04.phx.gbl...

> Mark H wrote:

>> How did we ever live without UAC?

>>

>> If you didn't have problems with malware before UAC, you probably don't

>> need

>> UAC now.

>> With any other detection scheme, all those prompts would be called "false

>> positives" and leads to ignoring the prompt.

>> In that sense only, UAC is garbage.

>>

>> Is it protecting me? Not unless you actually pay attention to all those

>> prompts and recognize who started the process.

>>

>> Nothing beats safe hex.

>>

>

> You are wrong, and with UAC on one is practicing safehex.

>

> Jack the Ripper wrote:

> > Saucy wrote:

> >> "Not Even Me" <cargod01@hotmail.com> wrote in message

> >> news:uNylAgOkJHA.5732@TK2MSFTNGP05.phx.gbl...

> >>> "Jack the Ripper" <Jack@Rripper.com> wrote in message

> >>> news:eUh6F1LkJHA.4760@TK2MSFTNGP04.phx.gbl...

> >>>> Justin wrote:

> >>>>> Jack the Ripper wrote:

> >>>>>> Justin wrote:

> >>>>>>> Jack the Ripper wrote:

> >>>>>>>> +Bob+ wrote:

> >>>>>>>>> On Sun, 15 Feb 2009 15:43:31 -0500, Jack the Ripper

> >>>>>>>>> <Jack@Rripper.com>

> >>>>>>>>> wrote:

> >>>>>>>>>

> >>>>>>>>>> Nothing is bulletproof, but one doesn't see a lot of posts by

> >>>>>>>>>> Vista users about virus or malware issues, not like you see on

> >>>>>>>>>> XP.

> >>>>>>>>>

> >>>>>>>>> No, but you do see a lot of posts about how UAC sucks. Good

> >>>>>>>>> idea, bad

> >>>>>>>>> implementation.

> >>>>>>>>>

> >>>>>>>>

> >>>>>>>> It's the posts of the ignorant. I would rather have it enabled

> >>>>>>>> so that I am not on the Internet with full admin rights, like

> >>>>>>>> the previous versions of the NT based O/S(s,) which are open by

> >>>>>>>> default O/S(s) and wide-open to attack/compromise by default.

> >>>>>>>>

> >>>>>>>> Is that so hard for you or anyone else to understand?

> >>>>>>>

> >>>>>>> As long as you're not logged on as admin you should be fine. At

> >>>>>>> most I keep users at Power User rights.

> >>>>>>> While I understand running as admin is unsafe, simply having the

> >>>>>>> account enabled is not a security risk.

> >>>>>>

> >>>>>> I am going to try to explain this again. The out of the box admin

> >>>>>> account on Vista that is given to a user or any subsequent admin

> >>>>>> account that is created on Vista with UAC enabled is NOT a

> >>>>>> full-rights-admin account. It's only a Standard user account,

> >>>>>> which must be escalated to a use the full-adminrights token to do

> >>>>>> anything requiring admin-full-rights as an administrator.

> >>>>>

> >>>>> I get it.

> >>>>> I don't need any escalation to admin. The problem is, what if

> >>>>> there's some malware. Some malware named "winenhancer." The user

> >>>>> sees the UAC prompt "Winenhancer must access the internet!" and the

> >>>>> user clicks on yes.

> >>>>> So UAC only works when the user knows everything about the PC,

> >>>>> which is unrealistic for a standard dumb user whose job is to type

> >>>>> out proposals and reports.

> >>>>

> >>>> Oh, I get it. It's not the responsibility of the dumb user to know

> >>>> what he or she is dumbly clicking on as they point and click. It's

> >>>> their responsibly to know the situation, but they don't and most

> >>>> never will.

> >>>>

> >>>> However, network admins take that responsibly for this type of

> >>>> worker by using a network proxy that only allows the users to go to

> >>>> approved sites closing the attack vector and mitigating such damage,

> >>>> as its their responsibility to protect company's interest and not

> >>>> some office clerk, lock them down.

> >>>>

> >>>> Just like with Linux which has the same kind of an approval process

> >>>> within its O/S, they point, click, approve and it's all bets are

> >>>> off. But with UAC enabled when one does this, the damages are

> >>>> mitigated to a certain degree as UAC protects critical areas and

> >>>> also not allowing the malware to continuously run under the context

> >>>> of the user-admin full-rights access token, to spread damage.

> >>>>

> >>>> But rather with UAC enabled, the compromise runs under the context

> >>>> of the admin's Standard user token, because admin user on Vista is

> >>>> returned to using that token upon privileged escalation completion,

> >>>> and it's a limit rights token, which mitigates/limits damage.

> >>>>

> >>>> Like I said, nothing is bulletproof not even god's O/S Linux, but

> >>>> UAC on the MS platform is better than have nothing at all, which is

> >>>> the case in fact with the previous versions of the NT based O/S

> >>>> platform, open by default O/S(s), to help protect the O/S.

> >>>

> >>> Real time scanning by (even free) third party programs provides (in

> >>> many cases) superior protection with less annoyance.

> >>> So why put something in the OS that just pisses many people off and

> >>> is (by MS admission) made irritating on purpose?

> >>>

> >>

> >> Didn't he just explain it to you? Re-read his post:

> >>

> >> "But rather with UAC enabled, the compromise runs under the context

> >> of the admin's Standard user token, because admin user on Vista is

> >> returned to using that token upon privileged escalation completion,

> >> and it's a limit rights token, which mitigates/limits damage."

> >>

> >> Combining secutity features such as UAC and real time scanning makes

> >> systems more difficult to compromise both directly and indirectly

> >> [say, by social engineering].

> >>

> >

> > EXCELLENT!

>

Posted February 20, 2009 · February 20, 2009

Mark H wrote:

> If your antivirus asked you every time you clicked on a file:

> "The file you are about to open may be a virus. Do you wish to continue?"

>

> How long before you turned it off?

Well, AV's don't do that, so it's a moot point.

>

> If your firewall produced a message every time you accessed the internet:

> "Your computer is attempting to connect with the internet. This could

> result in the loss of personal information. Do you wish to continue?"

That's not a personal packet filter's job, and something like that, a

3rd party personal packet filter like Zonealarm and others, that ask

that is nothing but snake-oil technology and is not a FW solution. Those

solutions, the personal packet filter or PFW if you like, shouldn't

take on the role of a malware detection solution.

Unfortunately, many of them do try to take on the jack of all trades and

master of none, and people lean on them like a crutch.

A FW separates two networks, and it sits at the junction point between

the two networks. A FW must have two interfaces with one interface

facing the network it is protecting from, and the other interface facing

the network it is to protect. That is the simplest definition of a FW

and something like ZA and the 3rd party solutions are not FW technology.

>

> How long before you turned it off?

>

> Live in whatever fear makes you feel safer.

> Still malware free after 30+ years on computers.

Look, I get asked once or twice a week about UAC approval, because 99.9%

of the software I run on the machine is Vista compliant that runs under

Standard user rights. And no UAC prompt is required for a program that

runs with standard user rights.

Nor am I playing admin on the machine constantly, even though I develop

and run .Net solutions on the machine as a software developer with

technology such as IIS, SQL Server, VS 2008 and other such technology

running on the Vista machine.

If you're being asked about UAC approval at the rate you're talking

about, then you're playing admin more than what is required, and you

have a lot of software on the machine that is not Vista compliant software.

I have been in IT 30+ years. And you being malware free after 30 years,

not one time have you been hit by malware on the MS platform, I

absolutely do not believe it.

It's most likely that you didn't know that you had malware on the

machine, because all the little detection solutions you had running on

the machine missed them, and you didn't know how to go looke with the

proper tools for yourself to see what was running on the machine.

UAC is not a malware detection or malware prevention solution.

Posted February 21, 2009 · February 21, 2009

Well, you missed it completely.

The point is not what an AV or Firewall does, it's that UAC produces too

many false positive responses to be considered anything but a nuisance.

I believe that in a company environment where standard setups are the only

allowed software, you would hardly or never see the prompts. That's not me.

I test software, restoring backups between every test to revert back to a

"standard" machine. So, I see the prompts 20 to 30 times a day. And, yes, I

just click Continue since I already know what is driving the prompt.

I don't turn UAC off, because it would invalidate the testing and it tends

to cause other errors with permissions during installation of files when

turned off and I have to know what the customer is going to run into as they

would experience it.

Yes, I typically operate as an admin over 50% of the time since I am not

part of a greater network with a bunch of people who would install garbage

for me if I didn't right the rules to block it. And, despite this, I still

don't get malware. I do use an AV, Firewall, Router and occasionally scan

for the garbage, but seldom find anything more than "spyware" cookies. (The

"more" is still classified as spyware, not malware.)

"Jack the Ripper" <Jack@Rripper.com> wrote in message

news:%23CaO%23d6kJHA.4404@TK2MSFTNGP06.phx.gbl...

> Mark H wrote:

>> If your antivirus asked you every time you clicked on a file:

>> "The file you are about to open may be a virus. Do you wish to continue?"

>>

>> How long before you turned it off?

>

> Well, AV's don't do that, so it's a moot point.

>

>>

>> If your firewall produced a message every time you accessed the internet:

>> "Your computer is attempting to connect with the internet. This could

>> result in the loss of personal information. Do you wish to continue?"

>

> That's not a personal packet filter's job, and something like that, a 3rd

> party personal packet filter like Zonealarm and others, that ask that is

> nothing but snake-oil technology and is not a FW solution. Those

> solutions, the personal packet filter or PFW if you like, shouldn't take

> on the role of a malware detection solution.

>

> Unfortunately, many of them do try to take on the jack of all trades and

> master of none, and people lean on them like a crutch.

>

> A FW separates two networks, and it sits at the junction point between the

> two networks. A FW must have two interfaces with one interface facing the

> network it is protecting from, and the other interface facing the network

> it is to protect. That is the simplest definition of a FW and something

> like ZA and the 3rd party solutions are not FW technology.

>

>>

>> How long before you turned it off?

>>

>> Live in whatever fear makes you feel safer.

>> Still malware free after 30+ years on computers.

>

> Look, I get asked once or twice a week about UAC approval, because 99.9%

> of the software I run on the machine is Vista compliant that runs under

> Standard user rights. And no UAC prompt is required for a program that

> runs with standard user rights.

>

> Nor am I playing admin on the machine constantly, even though I develop

> and run .Net solutions on the machine as a software developer with

> technology such as IIS, SQL Server, VS 2008 and other such technology

> running on the Vista machine.

>

> If you're being asked about UAC approval at the rate you're talking about,

> then you're playing admin more than what is required, and you have a lot

> of software on the machine that is not Vista compliant software.

>

> I have been in IT 30+ years. And you being malware free after 30 years,

> not one time have you been hit by malware on the MS platform, I absolutely

> do not believe it.

>

> It's most likely that you didn't know that you had malware on the machine,

> because all the little detection solutions you had running on the machine

> missed them, and you didn't know how to go looke with the proper tools for

> yourself to see what was running on the machine.

>

> UAC is not a malware detection or malware prevention solution.

>

>

Posted February 21, 2009 · February 21, 2009

Mark H wrote:

> Well, you missed it completely.

No, you have missed the point entirely.

>

> The point is not what an AV or Firewall does, it's that UAC produces too

> many false positive responses to be considered anything but a nuisance.

They are NOT false positive responses. Whatever you are trying to do

requires escalated privileges to use the user-admin account's full-

rights access token to perform the task or allow a program to run that

needs full-admin-rights to execute, with UAC enabled.

>

> I believe that in a company environment where standard setups are the

> only allowed software, you would hardly or never see the prompts. That's

> not me. I test software, restoring backups between every test to revert

> back to a "standard" machine. So, I see the prompts 20 to 30 times a

> day. And, yes, I just click Continue since I already know what is

> driving the prompt.

That's you.

>

> I don't turn UAC off, because it would invalidate the testing and it

> tends to cause other errors with permissions during installation of

> files when turned off and I have to know what the customer is going to

> run into as they would experience it.

You are correct that it will cause problems with UAC disabled, because

the admin-account you're using out of the box that Vista gives one is

not a full-admin-rights account even with UAC disabled. In certain

situations with UAC disable, the user-admin account must still be

escalated and it can't be escalated, therefore, the problem.

>

> Yes, I typically operate as an admin over 50% of the time since I am not

> part of a greater network with a bunch of people who would install

> garbage for me if I didn't right the rules to block it. And, despite

> this, I still don't get malware. I do use an AV, Firewall, Router and

> occasionally scan for the garbage, but seldom find anything more than

> "spyware" cookies. (The "more" is still classified as spyware, not

> malware.)

As far as your testing, you do know about the hidden-full-admin-rights

at all times admin account? You can use that account to test with, leave

UAC enabled, and you will not get any UAC prompts, because it's already

escalated to full-admin-rights. And yes, it's that same account that's

on the previous versions of the NT based O/S(s).

<http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-windows-vista/>

<http://technet.microsoft.com/en-us/library/cc709691.aspx>

Here is a little FYI for you, anything that runs with the O/S can be

fooled just like the O/S can be fooled, because it all written by human

beings and we are not perfect.

<http://technet.microsoft.com/en-us/library/cc512587.aspx>

You shouldn't lean on your little detection crutch too hard. You should

look around from time to time to see what's running on the machine with

the proper tools.

<http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_Rootkit_Tools_in_a_Windows_Environment.html>

Posted February 21, 2009 · February 21, 2009

"Jack the Ripper" <Jack@Rripper.com> wrote in message

news:ufyvTt9kJHA.1168@TK2MSFTNGP05.phx.gbl...

>

> They are NOT false positive responses. Whatever you are trying to do

> requires escalated privileges to use the user-admin account's full- rights

> access token to perform the task or allow a program to run that needs

> full-admin-rights to execute, with UAC enabled.

Another possibility is that the developers might not be using the least

privileges that their software needs and instead required Administrator

privileges.

Posted February 21, 2009 · February 21, 2009

If there were a very real possibility that prompts such as that could

prevent malware from getting executed (or not killed depending on the

definition of executed) then it would be foolish to turn them off.

"Mark H" <jmhonzell@nospam.comcast.net> wrote in message

news:5C5DCE79-4D78-43EE-8218-203820AC74D3@microsoft.com...

> If your antivirus asked you every time you clicked on a file:

> "The file you are about to open may be a virus. Do you wish to continue?"

>

> How long before you turned it off?

>

> If your firewall produced a message every time you accessed the internet:

> "Your computer is attempting to connect with the internet. This could

> result in the loss of personal information. Do you wish to continue?"

>

> How long before you turned it off?

Posted February 21, 2009 · February 21, 2009

Sam Hobbs wrote:

> "Jack the Ripper" <Jack@Rripper.com> wrote in message

> news:ufyvTt9kJHA.1168@TK2MSFTNGP05.phx.gbl...

>>

>> They are NOT false positive responses. Whatever you are trying to do

>> requires escalated privileges to use the user-admin account's full-

>> rights access token to perform the task or allow a program to run that

>> needs full-admin-rights to execute, with UAC enabled.

>

> Another possibility is that the developers might not be using the least

> privileges that their software needs and instead required Administrator

> privileges.

Then it's not Vista compliant software. And mostly, what is requiring

admin rights to run is old legacy COM solutions.

http://www.developer.com/net/net/article.php/3695651

One of the requirements of Vista compliant software is that it only

needs Standard user rights to execute.

Sign In

turn off user account control

Recommended Posts

Guest John A Grandy

Popular Days

Popular Days

Guest John Barnett MVP

Guest Bruce Chambers

Guest Gordon

Guest Gordon

Guest John Barnett MVP

Guest Allan Michaelsen

Guest Gordon

Guest Sam Hobbs

Guest Spirit

Guest Hank J.

Guest Gordon

Guest Mike Hall - MVP

Guest Gordon

Guest DonQ

Guest Mark H

Guest Jack the Ripper

Guest Gordon

Guest Mark H

Guest Jack the Ripper

Guest Mark H

Guest Jack the Ripper

Guest Sam Hobbs

Guest Sam Hobbs

Guest Jack the Ripper

Join the conversation

Browse

Activity

Support