A Fresh Look at Vista's User Account Control 332
Art Grimm writes to mention a post at Ed Bott's Microsoft Report on ZDNet. There, he talks about Vista's User Account Control, and the issues he sees with the setup as it exists now. From the article: "The UAC prompts I depicted in the first post are those that appear when you install a program, when you run a program that requires access to sensitive locations, or when you configure a Windows setting that affects all users. But as many beta testers have discovered, UAC prompts can also show up when you perform seemingly innocent file operations on drives formatted using NTFS. In this post, I explain why these prompts appear and why some so-called Windows experts miss the obvious reason (and the obvious fix)."
How annoying (Score:5, Informative)
Either put it all on one or two pages (interspersed with ads if you must), or put it into a slide show if the article is written as a slide show.
Re:How annoying (Score:1, Informative)
Re:I wish they would fix XP's account control (Score:2, Informative)
- You can right-click on any program and select "Run As", type the admin credentials.
- For systems functions, "Run As" IE (as an admin) and change to the Control Panel in the address bar.
- From the command prompt, you can use the "runas" command.
This is not flamebait, someone mod it back up (Score:3, Informative)
Re:This is not a good approach (Score:2, Informative)
If you have XP Home, read up on cacls [microsoft.com]. Alas, in XP Home it is hard to configure access control on folders. /T /E /G Users:F
For example:
C:\> cacls C:\MyFolder\
Re:This is not a good approach (Score:5, Informative)
First time a program is started with 'runas
It is certainly not a perfect solution, but it can solve some problems.
However, you should not use this solution if you don't trust the user. I am almost certain that the program can be replaced with another program with the same name without revoking the priviledges.
Re:This is not a good approach (Score:5, Informative)
C:\WINDOWS\system32\runas.exe
The first time you run the app it'll prompt you for the admin password (in an UGLY ass dos box) after that it'll run with no prompting. Honestly, this isn't rocket science. Not quite as slick as suid, but it works. Until you change the admin password of course.
Re:No one says that you cannot. (Score:2, Informative)
ftp://ftp.microsoft.com/bussys/winnt/winnt-public
Run the executable and extract it to a folder, then open the folder. Right-click on "setup.inf," click Install, and restart once it's done. Works with all service pack levels of Home.
Re:This is not a good approach (Score:2, Informative)
SHGetFolderPath() (Score:3, Informative)
Most games still save their save files into C:\Program Files.
Games certified to run on Windows Vista don't. Instead, they'd use SHGetFolderPath() [microsoft.com] to look up the current user's My Documents folder and end up saving to e.g. C:\Documents and Settings\Pinocchio Poppins\My Documents\GTA Hot Coffee\ or something like that.
Problem/Issue is obvious if you understand Unix (Score:5, Informative)
As I understand the article, EVERYONE in Vista is a normal user. Administrators have the ability though to take administrator actions on a case by case basis after supplying credentials.
To me, this sounds exactly like "sudo" under unix/linux or the "Authenticate: blahblah requires that you type your password" under Mac OS X. This model is more secure and works great, but there are some legacy transition issues.
For you unix people, the problem the article describes is, "what if you mount an old drive, the drive has restrictive permissions, and the file owner UIDs don't match the new system?" (your user account doesn't have permission to do anything on the drive)
NTFS has file permissions, but they rarely came up in practice because everyone in Windows was doing everything as the Unix equivalent of root. In Unix, the obvious fix is to do a sudo chown -R newuser /mnt/olddrive (or an ultraghetto sudo chmod -R o+rwx /mnt/olddrive) . The user/permission concept is totally foreign to your average windows user though, and hence the problem.
Re:Games -vs- firewalls (Score:1, Informative)
Elevation can only happen when a process is created, so you won't be prompted mid-game unless the game starts another executable (or explicitly creates an elevated COM object and host process, which wasn't possible before Vista) to do that work.
Re:I wish they would fix XP's account control (Score:4, Informative)
Re:How annoying (Score:4, Informative)
Re:How annoying (Score:3, Informative)
Re:How annoying (Score:3, Informative)
Right-Click->Eject Media
Welcome to the eject media wizard!
The media eject wizard allow you to....blah blah blah
[Cancel] [Next]
Finished:Eject Media Wizard
Congratualtions, you've completed the eject medi....blah blah blag
[Cancel] [Finish]
Wizards are intuitive, and FUN! (Almost as fun as stabbing whoever is responsible for that in the face.)
Re:This is not a good approach (Score:3, Informative)