Update: Over at ZDNet, I’ve put together a visual representation of UAC as it exists in Windows Vista Build 5365.
One of the most intriguing new features in Windows Vista is a major change in the way user accounts work. Windows XP allows accounts to reside in either the Administrators group (where they have full control over the system, including the ability to install a piece of spyware or a virus) or in the Users group, where their capabilities are so limited as to be practically unusable.
Windows Vista adds a feature called User Account Control (UAC), which until recently was called User Access Protection (UAP) and grows out of research into least-privileged user accounts (LUA), a drum that Microsoft Senior Consultant Aaron Margosis has been banging for some time on his Non-Admin blog.
The theory behind UAC is sound: When you’re about to do something that requires an administrator’s privileges, you need an administrator’s consent. For a regular user, that means typing in a set of credentials (username/password) that belong to a member of the Administrators group; if you’re already an administrator, you just have to click a Permit button. This option allows you to see when a program or process is trying to do something that can have an impact on your system’s stability, and it’s an effective way to block untrained or naive users from accidentally screwing up their system.
(The UAC team has a new blog where they’re sharing some of the technical details behind this feature.)
UAC in the current build of Windows Vista is working, but not well. Some programs fail when they can’t get full system access or when they try to save a file to an area where the current user doesn’t have write privileges. The barrage of dialog boxes is annoying, especially during the initial phases of setting up a system. And those permission boxes can be confusing – at this early stage of the beta, some key Windows Vista components are still unsigned, leading to dialog boxes like this one, which appears when you try to run a Control Panel applet:
The annoyance factor is even higher when you factor in the steady stream of warnings from Windows Defender and Internet Explorer.
It’s possible to disable UAC so that you can run with administrator privileges full-time. But as Josh at Windows Connected argues, doing so means you’re not giving this feature the testing it needs. From a personal point of view, I have no choice but to grit my teeth and figure out how to work with UAC, because I have to document the inner workings of this feature for Windows Vista Inside Out.
I’m hoping that this feature will work much more smoothly in future beta versions. If it doesn’t, the UAC team had better be prepared for some caustic reviews.