Most of the more tech savvy Vista users I talked to disabled UAC (User Account Control) or at least its confirmation prompts. I didn't like UAC right from the beginning, but I was curious enough to see if it would really increase security and how it would affect my work. So I kept its default settings. But I wonder how many of you weren't so patient and disabled it.

Latest posts by Michael Pietroforte (see all)

I must admit that for now, I am not so much disturbed by the UAC prompts anymore. I suppose, this is due to the fact that UAC has already trained me very well. So I usually don't even notice the confirmation requests. I became aware of this when I worked with Windows Server 2008 because the prompts seem to pop up not as frequent as under Vista. So I always felt like something was missing. There are certainly good reasons not to disable UAC.

To date however, I didn't encounter any case where Vista's UAC really prevented malware from starting on my computer or other Vista machines in our network. You could say that the false positive rate is exactly 100%. Do you know of a positive case? If you don't, then maybe you know of someone who did. Or maybe you know somebody whose grandmother has a cousin who heard of someone in the neighborhood who has a sister who didn't have anti-virus software installed and who almost were infected by a virus, if not, well, a UAC prompt saved her day.

Please, don't get me wrong. I fully support the idea behind UAC. Even IT pros shouldn't logon as administrator, if they just want to read their mail or surf the web. My point is that Vista's UAC is a bad solution to this common Windows problem. Why do I have to confirm it twice if I just want to move a desktop icon to the Recycle Bin? And why doesn't Vista have an su command like UNIX that allows you to switch to administration mode whenever you have to administrate a PC?

Subscribe to 4sysops newsletter!

I hope I didn't influence your answer for this poll. Just let us know if you already disabled UAC altogether or if you disabled the confirmation prompts only. With the latter's setting, UAC would still be running in the background, but it won't prompt you if an application is about to be elevated.

Did you disable Vista's UAC?

View Results

  1. Avatar
    Jon 16 years ago

    I have UAC set to silently elevate applications, for exactly the reasons outlined in this article. I too agree with the concept of UAC.

    However, I wish I could find a way to set UAC to notify me that an application is being elevated without requiring my confirmation. Maybe a balloon tip that fades away 10 seconds later or something, so that I could take steps to stop it if I don’t feel that it should be running with administrative rights. Oh well… maybe in Vista SP2? 🙂

  2. Avatar
    Lukas Beeler 16 years ago

    I’ve changed the UAC settings globally to prompt for username and password (which makes it rather similar to “sudo” on Unix-ish platforms).

    While this can be quite annoying when you perform multiple administrative tasks right after each other, it gives more focus and care when you have to pay attention.

    Keying in your username and password requires more thinking than just pressing “allow”.

    I would’nt use different settings on my machine than on the end users machines – it wouldn’t be fair 🙂

  3. Avatar
    Leonardo 16 years ago

    The closest thing to su in Vista is setting a command prompt window to admin and using that to do “stuff” or start programs in admin mode…
    I just don’t have the patience, I reckon, I can also say I’ve never had an active virus infection or malware on my machines (craptop & desktop)… But I keep patched up, use Eudora, keep up with exploits, and only visit a handful of sites.

  4. Avatar
    Vlad (DarkTrooper) 16 years ago

    su analog under Vista? I’m impressed, how “IT pro” can’t do so simple task! 🙁
    Just create shortcut with admin privileges. Example – I rum my Total Commander as administrator, and never get messages from UA, when I install programs or deleting files in Program Files. Who don’t allow you run Control panel, or mmc as administrator, and get UAC message only once? Who don’t allow you works under XP with user privileges, but if you need – start programs with runas?

  5. Avatar
    Leonardo 16 years ago

    I use a combination of disabled UAC and elevated shortcuts for the applications needing it. Time is money, temper is short. I don’t like redundant prompts or condescending people explaining the blatantly obvious.

  6. Avatar

    Jon, I personally find these balloons disturbing, but it would be a better solution than the UAC prompts.

    Lukas, I agree that this improves security. However, typing your password every time you need admin privileges can be time consuming. It is quite en vogue to work with sudo under Linux these days. But I think if the “bad guys” managed to steal so much of your time, they already won the game. That is why I prefer the su command under Linux. It allows you to logon as root whenever you have to administrate a machine. This is secure enough in my view, and doesn’t cost so much time. It is certainly much securer than UAC’s confirmation prompts.

    Leonardo, that is a good idea even though it is a bit cumbersome, too, since Windows is just not made for the command line. But maybe it is a good option if you just create some batch files for launching all your admin tools.

    Vlad, there are many ways to elevate apps. Some of them even allow you to avoid UAC prompts in some cases. Your solution is certainly nice. However, you will still get UAC prompts when you move an icon from your desktop to the Recycle Bin or when an application works with standard user rights, but needs admin privileges for certain operations (VMware Workstation for example). I also find it quite complicated to use another application to launch elevated programs. I just want to go to the Vista’s Start Search prompt and launch my tool. And what are you doing if you have to logon on another machine than your own? I just gave you a few examples where your solution won’t work. I think the su command is something totally different because then you are really logged on as root. And it is available on every Linux box I logon to without any preparations.

  7. Avatar
    Lukas Beeler 16 years ago

    Michael, on Linux et. al., the biggest improvement of sudo vs. su is that you no longer have a single root password that everybody knows (accountability etc.). And if you need to do extended system configuration, you can always do sudo $SHELL.

    What i never really understood is why people complain about “many” UAC prompts. When i’m working, i usually do not get a single UAC prompt. This changes when i install software or change system settings, but that doesn’t happen everyday.

    This might be completely different if you’re a developer and need debug rights all the time, where it might make sense to disable UAC altogether.

    I usually login as a local Administrator when i have to do extensive changes on my machines, because that removes the UAC prompts too.

    OTOH, UAC on a server doesn’t make any sense, at all. But WS2008 doesn’t come with UAC enabled.

  8. Avatar

    Lukas, you are certainly right about the single password thing. I also use sudo sometimes. It is certainly much more sophisticated than UAC. As to the many UAC prompts, it really depends on what you are doing. For example, I am often testing software. You usually have to configure the system after the installation. So I am getting UAC prompts all day.

  9. Avatar
    Christopher 16 years ago

    I disabled it due to the annoyance factor, but primarily because I use Synergy to control multiple desktops with one keyboard and mouse, and Synergy wouldn’t work when the UAC prompt was up. I suppose I could leave a mouse dangling around connected to each machine, but that somewhat defeats the purpose of Synergy. And I’m fairly careful about my actions as an admin anyway.

  10. Avatar

    Christopher, did you try to disable the UAC prompts only? Maybe synergy works then.

  11. Avatar
    Jason 16 years ago

    Why not use an Exporler alternative, like xplorer2, then use run as on it. That way, you always have an elevated window open to perform admin tasks. Or, better yet, use an app launching tool like RunIT that is launched as an administrator. Check out my blog entry that addresses this:

  12. Avatar
    John 16 years ago
  13. Avatar
    Ronin Vladiamhe 16 years ago

    I’ll be adding a few Vista (Business Edition) systems to our office’s 2000/2003 Server network. The idea behind UAC is pretty good, but in a corporate environment, where a sound computer user policy is not enforced, it tends to tie up IT techs. Unlike XP, Vista appears to require Administrator access to do just about anything. Though Vista still provides for different user levels, any suggestions on the use of the UAC in a corporate environment? Yes, it is a good access tool, but it is inconvenient for regular, non-administrator users, though that isn’t necessarily a bad thing. With the UAC disabled, does the Administrator account become obsolete?

Leave a reply to Lukas Beeler Click here to cancel the reply

Please enclose code in pre tags: <pre></pre>

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account