Much has been said, and ridiculed, about the UAC feature in Microsoft Vista. Aside from 2 security MVPs and a handful of Microsoft employees I have not met anyone else that either likes this feature or is not asking to have it removed.
Susan and Dana are on the pro side. The entire world seems to be against them.
Some background: UAC comes out of the years and years of no easy process priviledge escalation control in Microsoft Windows. While working on a Workstation in an Administrator mode (default for XP and below) any process can without permission modify the registry, install drivers, change system configuration, etc. This lack of control is the main contributor to the spread of viruses, spyware and rootkits on the Windows platform and perhaps the main reason why Windows gets the “insecure” label so easilly.
So after Microsoft tried and failed to conquer the anti-spyware market, after they tried and failed to conquer the anti-virus market, they decided to actually fix the problem. (ok, truth is these efforts were being made in parallel but lying makes it sound better) So how does one fix the problem? By lifting the technology from the people that have already solved it! So they dug up their Linux guy from the basement, chained him to the steering wheel, drove him through the mobile car wash a few times and then sat him at the table to explain su and sudo.
Long story short, they stole sudo (superuser do) technology that allows a regular user to escalate to the superuser priviledge to execute a single command as the Administrator. They wrote a wrapper so that every time a process requested a restricted object (install a driver, manage users, etc) the little window will pop up with Windows needs your permission to continue. And as they were stuffing their Linux guy back into the box of manure he said something about su but they were already well on their way to kicking him down the stairs back into the basement.
The ONLY thing thats wrong with UAC
Microsoft half-assed this big time. UAC does not, and likely will not, piss off home users during their regular computer use. However, during provisioning and system troubleshooting UAC becomes a total nightmare.
All the Microsoft OEM partners know this – which is why they ship boxes with UAC disabled. No why, oh why, do they do this? Because they know that the first thing you’ll do with your shiny new system is to make it your own – add users, add hardware, install software, etc. Be prepared to approve the UAC half a dozen times. OEM’s know this, and they don’t want the support overhead. Thats why they ship boxes without UAC.
The troubleshooters and computer techs? They have no choice but to shut the annoying thing off? Why? Because Microsoft half-assed it. There has to be a way to permanently escalate priviledges to the superuser status while troubleshooting the system; The unix su equivalent – For example – I am installing a video card, yes, I know I am going to be escalating the priviledges over and over and over again until I tweak it completely so STFU and let me work. But no, you have to click over and over and over again. Was it so hard to allow a checkmark to not ask for permission during the next 5 minutes, or never to ask for permission when performing this kind of task or to just accept all access during the entire session? Apparently, it was.
Disabling UAC
I’ve held onto publishing this for a while but since everyone wants to point at the users as the problem here and not a Microsoft shortsightedness, let’s give this a spin shall we? If you need superuser priviledges during a session to perform a hardware maintenance, software installation or troubleshooting you should not be subject to Vista’s inability to cope with this. To disable UAC follow these steps:
Start> msconfig > Tools > Disable UAC > Launch
Reboot and you can actually perform a maintenance task without being nagged to death. Once you’re done go back and Enable UAC the exact same way, reboot and you’re back to normal.
Microsoft: Get your head out your ass and recognize the ITPRO should not sit around the box and approve escalation more than two times to perform a hardware or system maintenance task. By the same token, don’t think that just because someone is an ITPRO they need permanent priviledge escallation. Just provide a way to put the system into the maintenance mode – more than two prompts are too many, the second permission ought to be smart enough to ask whether this escalation should be assumed for a few minutes or remainder of the session.
Both comments and pings are currently closed.
2 Comments
|
|
|
Whats on Vlad's Mind?
|
|
|
|
|
Sponsors:
This blog is made possible by
Own Web Now Corp and ExchangeDefender.
If you like this blog and are in the need of products we offer I hope you give us some
consideration.
|
|
|
|
|
|
Get The Newsletter
|
Looking for a more focused, exclusive insight into the world of SMB tech & business? Sign up for my newsletter:
Click here to sign up
|
|
|
|
|
Vladfire Vlog
|
Vladfire is my video blog showcasing successful people and technology in small to medium business.
Below are a few recent episodes, check out the archive for all other films.
|
See more episodes...
|
|
|
SBS Show Podcast
|
SBS Show is a free weekly podcast (Internet for recorded radio show) focusing on small business and technology. More at sbsshow.com but check out our latest episode:
SBS Show #26
Erick Simpson
Managed Services Part 2
Listen to older shows..
|
|
|
|
| |
|
|
Categories
|
|
Archives
|
|
About
|
| Apple, Awesome, Beta, Blogroll, Boss, Cloud, Deals, E12, Events, Exchange, ExchangeDefender, Friends, Gadgets, Gators, Gaypile, Google, GTD, iPhone, IT Business, IT Culture, Legal, Linux, Microsoft, Misc, Mobility, Open Source, OS, OwnWebNow, Pimpin, Podcast, Programming, Rant, SBS Show, Security, Shockey Monkey, SMB, System Admin, Thieving Weasel, Uncategorized, Vista, Vladcast, Vladfire, Vladville, Web 2.0, Windows Home Server, WordPress, Work Ethic, Wrong |
 |
February 2012,
January 2012,
December 2011,
November 2011,
October 2011,
September 2011,
August 2011,
July 2011,
June 2011,
May 2011,
April 2011,
March 2011,
February 2011,
January 2011,
December 2010,
November 2010,
October 2010,
September 2010,
August 2010,
July 2010,
June 2010,
May 2010,
April 2010,
March 2010,
February 2010,
January 2010,
December 2009,
November 2009,
October 2009,
September 2009,
August 2009,
July 2009,
June 2009,
May 2009,
April 2009,
March 2009,
February 2009,
January 2009,
December 2008,
November 2008,
October 2008,
September 2008,
August 2008,
July 2008,
June 2008,
May 2008,
April 2008,
March 2008,
February 2008,
January 2008,
December 2007,
November 2007,
October 2007,
September 2007,
August 2007,
July 2007,
June 2007,
May 2007,
April 2007,
March 2007,
February 2007,
January 2007,
December 2006,
November 2006,
October 2006,
September 2006,
August 2006,
July 2006,
June 2006,
May 2006,
April 2006,
March 2006,
February 2006,
January 2006,
December 2005,
November 2005,
October 2005,
September 2005,
August 2005,
July 2005,
|
|
Vlad says:
Thanks for checking out my blog. You've officially reached the end of the Internet so take in what you've read and don't look at it as gospel but an invitation to start thinking for yourself.
|
|
|
|
| |
Copyright © 2005-2010 Vlad Media, Inc. All Rights Reserved.
Content is provided AS-IS without warranty of any kind.
Syndicate this blog: 
|
|