Comments on: Why and how to disable the UAC elevation prompts (Secure Desktop Prompting)

By: Blue

Blue — Sun, 08 Jun 2008 00:32:27 +0000

Just finished turning off uac, had to take ownership of my own drive and remove some funky deny rights that get leftover, but not that long of process.

The uac is just very bad concept. There is not a control panel app that gives quick control with help files. I bet if MS kept track of problems prevented by this in real world test cases, number of benefits = 0.

Modern virus, malware, and other junk will not be slowed down by this. All this will do is get in the way of what users want to do.

By: Julian

Julian — Fri, 25 Apr 2008 07:31:46 +0000

Thanks for this — it was very useful! I was trying to test this prompt coming up in my app and the sysops had turned this feature off. Horribly confusing.

By: CultureRevolt

CultureRevolt — Fri, 22 Feb 2008 07:07:42 +0000

i agree with most here that UAC prompts are annoying because they are so obtrusive when they show… but i keep them on just for the hell of it… i know when i do something that require admin privileges so i readily click allow when the dialog box shows up… but should there come a time when the box shows up and i have not done something to trigger it myself, i will know something is up… i use comodo firewall with defense+ turned WAY up for the same reason… i want to know everything my system is doing at any given time even if it means i have to click allow to windows or my firewall… i guess i may just be paranoid… but is the UAC prompt any different than a root password prompt when a user accesses certain parts of some linux distros… not really… personally, i would rather have to do these things so i know exactly what my system is doing… but that is just me… :-p

By: Chris Shaker

Chris Shaker — Thu, 20 Dec 2007 02:16:38 +0000

It is really stupid to have Vista asking over and over if I want to run the Disk Cleanup program, or Firefox. Ask me once, then get on with it the next time I tell you to run it.

I agree with the author of this article, the Vista UAC is training us to automatically approve any thing it asks.

Dumb user interface.

And, yes, if my house alarm was going off all of the time, with false alarms, I’d turn it off, too.

Chris Shaker

By: mark

mark — Fri, 12 Oct 2007 23:13:05 +0000

Hi,
Now i need to know how to turn off the annoying notice that tells me that I have disabled the UAC.

The UAC “MAY” be usefull for my grandmother but 99% of the time, I know what I want to do an do not want to confirm. For the other 1%, hey I screwed up and will deal with the consequences.

Anyone at Microsoft ever heard of Pareto’s rule?

mark

By: Vinie

Vinie — Fri, 08 Jun 2007 00:14:45 +0000

I agree with Michael. The prompts are annoying and not useful because they ask you so many times. Now I don’t even read the prompt, I just memorize the location of the OK button and leave my mouse pointer there so that I can click right at the moment the popup shows.

Maybe the purpose of the prompts is that Microsoft will say ‘Hey, we warned you about the threat and you allowed it’ when something bad really happens.

By: Craig

Craig — Thu, 31 May 2007 19:03:20 +0000

I have to agree with Michael.. I have been using Vista for only a couple days now, and already I am swearing when my screen blacks out and blindly clicking the ok button.

And as far as calling wolf too many times… when was the last time you heard a car alarm going off in the middle of the night and did anything besides hope the owner would turn it off soon?

By: aSToViRuS

aSToViRuS — Thu, 03 May 2007 10:51:32 +0000

[...] start the Local Security Policy tool [...]
To do so, run this command:
%SystemRoot%\system32\secpol.msc /s

By: CCC

CCC — Mon, 09 Apr 2007 07:22:13 +0000

DON’T DISABLE THE UAC

By: » 0×1D7 - UAC by Jordan Hofker

» 0×1D7 - UAC by Jordan Hofker — Thu, 15 Feb 2007 16:31:00 +0000

[...] To disable the prompts, you can do it the Local Security Policy tool way, or the registry entry way. They do the same thing, so it’s up to you. [...]

By: Keith

Keith — Sat, 13 Jan 2007 02:44:21 +0000

As this article points out, asking an administrator for consent to do tasks that require root access serves no purpose. It is dumb for someone who administrates a computer (let alone a regular user), to even login to the machine with an account that has root access in the first place because it’s not necessary…at least it’s not on Linux. Root/administrator logins should be completely disabled. This is why we have sudo on Linux.

It looks like the only similarity between UAC for non-administrator users and sudo is getting a prompt. Other than that, UAC for non-administrator users seems like su or runas. There is no Linux equivalent to UAC for administrators, because well, as this article points out, such a feature is not really useful.

By: Why and how to disable the UAC elevation prompts (Secure Desktop Prompting) : Tech Tips

Tue, 02 Jan 2007 06:09:07 +0000

[...] Why and how to disable the UAC elevation prompts (Secure Desktop Prompting) [...]

By: Michael

Michael — Mon, 01 Jan 2007 19:15:27 +0000

Unbekannter Kommentator, you should not get insulting just because someone doesn't share your opinion.

I am not sure if I get your argument. But your point seems to be that because similar features for Mac OS X and Linux improved security, it will do the same for Windows. I don’t know about Macs, but sudo in Linux works differently than UAC prompting. It is more comparable with the runas command which is available for older Windows versions. It is something very different from a psychological point of view if an admin tells the OS explicitly to run a command with root privileges, especially if he has to authenticate with a password. On a Linux box I also have the su command. So I can logon as admin without much hassle If I have to do several things which need root privileges.

My argument is that these UAC prompts will decrease security because sysops will just forget to think of them as warnings and become used to clicking on them. They will just see this prompt “Windows wants your permission to continue”. Of course, I always want to continue. Why not? So, I click on it. This is dangerous because there are security related prompts which make sense. But if you train admins like rats, clicking all day on security prompts, they will confirm them even in cases where it is not advisable do so. That’s why I say that security related prompts with such a high rate of false-positives don’t address this problem.

As to your argument about file deletion: You know what I like most about Linux? If I type “rm * -r” it will just do what I want without bugging me with “Linux wants your permission to continue”. That is what I call a low false positive rate.

Sudo is a useful tool. There is no doubt about it. Parts of UAC, too. But UAC prompts for admins are not. This is a psychological argument, not a technical one.

By: Kommentator

Kommentator — Fri, 29 Dec 2006 20:25:17 +0000

Quite a bit of an arrogant attittude, don’t you think?

Would you call the confirmation on final file deletion useless as well, because the “false positive chance” is so high?

And obviously you don’t possess a house alarm, otherwise you would’ve know about pre-alarms that do actually sound each time you open the front door.

Most people seem to forget that the same technology exists in MacOSX and Linux (especially Ubuntu) for many years now, and has proven to be very fine there. Haven’t read a single word of bashing that in years. And now that it’s in Vista, it suddenly got bad?

Sure, MacOSX and Linux apps are often coded better (Apple started publishing books on software design for its OS right along with the OS, first MacInside volumes from 1987 or something, and Linux users are paranoid about security by default )… but this feature could at least force Windows developer a bit to become more careful. Telling people to disable this will in the end lead to still no one caring… yeah sure, gets you less clicks, but keeps the software bad.
Hell, did sudo “decrease” security on Linux machines ???

If we KEEP this warnings, maybe more developers will start to wonder if they actually need admin rights, and adjust their apps.