UAC - What. How. Why.

Posted By: Charles | Mar 5th, 2007 @ 10:40 AM | 74,106 Views | 60 Comments
There has been a large amount of confusion and concern out there about Vista's new user security model (Everybody runs as Standard User, a new user account security construct, UAC, acts as gatekeeper of process security boundaries - a doorway to process security context elevation).

Users should be in control of what executes on their system under Admin (full trust, highest privilege) context. User Account Control was created to enable users to prevent or allow a process  to run in an elevated way (which simply means that the process can successfully execute code that can do core system operations).

In this interview we tackle UAC from various angles:

1) What problems does UAC attempt to solve?
2) How does UAC actually work?
3) Why did we implement UAC UI to be so aggressive, from a user experience point of view?
4) How will UAC evolve?

Here, Jon Schwartz, UAC Architect, and Chris Corio, UAC Technical Program Manager, discuss, in detail, the history of UAC, the architecture and design of UAC, the new security model of Vista (we are all Standard Users (gone are the days of running as Admin by default on Windows), what happens when a UAC security dialog is invoked, how UAC impacts developers, how UAC will evolve...

Enjoy this latest episode of Going Deep.
Media Downloads:
Rating:
1
0
#Mar 5th, 2007 @ 1:02 PM
dot_tom
dot_tom

I really don't understand why there's been this backlash about UAC. Something had to be done, and UAC is I think a very pragmatic and yet elegant solution. Sure at first its a little shocking - but the truth is, even as a developer, that once you've reached a steady state and your machine is broadly speaking configured with the various tools and packages you need to create code etc then the number of secure-desktop prompts you encounter falls away dramatically. To the point that I definately **feel** more secure under UAC. I get a real sense of comfort knowing that I'm not being to be led into letting some bit of malware run off with the system.

The only thing I have done is to enable the capital 'A' (legacy) administrator account so that I can occasionally launch a PowerShell instance in "XP security backwards compatibility mode". And in almost all cases that's because of some batch tool that does have a manifest to prompt for privilage elevation build in. Nope, UAC is a Good Thing - more of the same please.

#Mar 5th, 2007 @ 1:22 PM
AndyC
AndyC
Ok, you asked, so I'll tell you the one UAC issue that is bugging me right now: File sharing.

On XP members of both Power Users and Administrators can share folders on the network. The same appears to be true on Vista, but only if you create a custom MMC snap-in, as the 'Share...' context menu item insists that you must elevate to a full Administrator account (both with and without the wizard). Is there any workaround for delegating the right to share folders to standard users, or at least to make the experience a little less odd for members of the Power User group?

The other (minor) annoyance is the way Journal bugs you to elevate to add the printer driver every time you start it until you finally let it. Grrr.

Overall though, the UAC implementation is really well done and I'd congratulate everyone who worked on it as you've done a great job of making my job (a sys admin) a whole lot easier!
#Mar 5th, 2007 @ 1:33 PM
fernaus
fernaus
I wanted to express the exact same sentiments as the first poster. I recently upgraded to Vista because of UAC. It works perfectly well, it is not intrusive because after the first couple of days you are hardly ever prompted and in fact whenever I get a UAC prompt, I already was prepared, because I expected to get one. It will all be worth it, the moment I get my first UAC prompt I did not expect.
#Mar 5th, 2007 @ 6:33 PM
zian
zian
Exploding heads since 1988
fernaus wrote:
I wanted to express the exact same sentiments as the first poster. I recently upgraded to Vista because of UAC. It works perfectly well, it is not intrusive because after the first couple of days you are hardly ever prompted and in fact whenever I get a UAC prompt, I already was prepared, because I expected to get one. It will all be worth it, the moment I get my first UAC prompt I did not expect.


Same here.
I've been selling Vista in the following order:
1. Security
2. UAC
3. Reliability and diagnostics

Bear in mind that I'm pushing this at people who are complete non-geeks.

I'd upgrade to Vista right now too but I need all the Vista-equivalents for my Media Center features (Remote Desktop, EFS, Media Center, Movie Maker, etc.). So I have to save up for Ultimate.
#Mar 5th, 2007 @ 7:15 PM
joeyignorant
joeyignorant
i also dont understand why there has been such a backlash this model is very similar to the linux security as far as user interaction and imho less obtrusive in some ways 
#Mar 5th, 2007 @ 7:36 PM
JChung2006
JChung2006
Sorry, UAC stinks.  Yes, running as Admin and making yourself vulnerable to all sorts of nastiness stinks worse, but that doesn't make the stench of UAC any better.

A big part of what makes UAC suck is the modal dialog box.  People filter out modal dialogs eventually and just click through them regardless of the messages.  The more they have to click through, the more they will.

UAC is the boy who cried wolf.
#Mar 5th, 2007 @ 9:30 PM
BlackTiger
BlackTiger
If you stumbled and fell down, it doesn't mean yet, that you're going in the wrong direction.
Disabled. And I'm happy.


There is one "feature" in UAC. What I did:
- disable UAC ("during PC initial setup")
- change location of "default" folders such as "Documents", "Downloads", "Pictures" etc
- enable UAC

My "first 60 seconds" after reboot - one big, no huge, "BLOODY HELL!". Why? Because UAC disabled access to new locations of "default" folders. I've lost access to the "Pictures", Outlook lost access to messages, etc. I had to adjust security for each folder - take ownership and give "full" permissions for.. ME. But even after this UAC prevents access to some places (no prompts, just "you don't have permissions to..."). After 1 hour of the battle I've just disabled this "feature" and misteriuosly I've got access to all folders and files. It was just one of the reasons.

#Mar 5th, 2007 @ 9:42 PM
sosososososososo
sosososososososo
So, why does everyone at Microsoft begin every sentence with so? So, it gets really annoying. So, do all the employees just mimic each other? So, you get the point...
#Mar 5th, 2007 @ 11:59 PM
Sven Groot
Sven Groot
My name has 9 letters. Coincidence? I think not...
AndyC wrote:
Ok, you asked, so I'll tell you the one UAC issue that is bugging me right now: File sharing.

On XP members of both Power Users and Administrators can share folders on the network. The same appears to be true on Vista, but only if you create a custom MMC snap-in, as the 'Share...' context menu item insists that you must elevate to a full Administrator account (both with and without the wizard). Is there any workaround for delegating the right to share folders to standard users, or at least to make the experience a little less odd for members of the Power User group?

The Power Users group is deprecated, the only reasons it's still there is for (wait for it) backwards compatibility (even says so in the group's description). You shouldn't be using it.

BlackTiger: I could move those folders without even needing to elevate, so I don't know what you're talking about.

EDIT: Or perhaps you mean that you could change the location but couldn't access them afterwards? That can happen if your account doesn't have the necessary rights to the new location. But that's not UAC's fault, it can happen on XP too.
Microsoft Communities