Update: Over at ZDNet, I’ve put together a visual representation of UAC as it exists in Windows Vista Build 5365.
One of the most intriguing new features in Windows Vista is a major change in the way user accounts work. Windows XP allows accounts to reside in either the Administrators group (where they have full control over the system, including the ability to install a piece of spyware or a virus) or in the Users group, where their capabilities are so limited as to be practically unusable.
Windows Vista adds a feature called User Account Control (UAC), which until recently was called User Access Protection (UAP) and grows out of research into least-privileged user accounts (LUA), a drum that Microsoft Senior Consultant Aaron Margosis has been banging for some time on his Non-Admin blog.
The theory behind UAC is sound: When you’re about to do something that requires an administrator’s privileges, you need an administrator’s consent. For a regular user, that means typing in a set of credentials (username/password) that belong to a member of the Administrators group; if you’re already an administrator, you just have to click a Permit button. This option allows you to see when a program or process is trying to do something that can have an impact on your system’s stability, and it’s an effective way to block untrained or naive users from accidentally screwing up their system.
(The UAC team has a new blog where they’re sharing some of the technical details behind this feature.)
UAC in the current build of Windows Vista is working, but not well. Some programs fail when they can’t get full system access or when they try to save a file to an area where the current user doesn’t have write privileges. The barrage of dialog boxes is annoying, especially during the initial phases of setting up a system. And those permission boxes can be confusing – at this early stage of the beta, some key Windows Vista components are still unsigned, leading to dialog boxes like this one, which appears when you try to run a Control Panel applet:
The annoyance factor is even higher when you factor in the steady stream of warnings from Windows Defender and Internet Explorer.
It’s possible to disable UAC so that you can run with administrator privileges full-time. But as Josh at Windows Connected argues, doing so means you’re not giving this feature the testing it needs. From a personal point of view, I have no choice but to grit my teeth and figure out how to work with UAC, because I have to document the inner workings of this feature for Windows Vista Inside Out.
I’m hoping that this feature will work much more smoothly in future beta versions. If it doesn’t, the UAC team had better be prepared for some caustic reviews.
Ed Bott 
Do you know Tiger? It has the feature as well, and while I’ve never seen it there, I’ve also not heard any complaints about it. How obtrusive is it there?
Tiger simplifies the install incredibly, Rick. 90% of the software you want to install does not need to get any permission from the OS- it’s a self contained package. Drag-n-drop. When I introduced my girlfriend to the Apple, she couldn’t figure out how to install software because that was too simple.
Some software installs kernel extensions, or new “frameworks”- system libraries, and those packages run an installer. The installer requires an admin password even if you are currently running as an administrator. It’s very smooth and unubtrusive. Because of the OS permissions, even an administrator can’t bone the system too badly- certain things require root access, and that’s disabled by default, and even after enabling, it requires knowing how to use a BASH prompt.
When it comes to UI, Microsoft is always a few steps behind Apple, and with the architecture of OSX, the same now goes for security. Personally, the TCPA initiative is enough to keep me away from Vista.
The problem is backward compatibility. Any application that follows best practices (and there are actually quite a few of them) will install just fine with no additional permissions required from a Protected Admin account. It’s the older apps that assume they’re running as a full Admin that are most likelt to cause problems.
UAC is just one annoyance, wait until the reviews of DRM in Vista. I’m on XP SP2, for example, and got super annoyed yesterday when I could watch the DVD I rent on my PC because of DRM. That’s just the icing, wait until Vista delivers the cake.
What I find perplexing is that you get spammed with these boxes all the time even when running an account in the administrator group…that doesn’t make any sense, privileged account should be exactly that.
The fact is the box pops up so often it totally meaningless, and just becomes a click through much like the annoying is it safe to run me box in XP. For the dialog to mean anything it really needs to be scaled back to critical compoents and then give real details about the risk and problems.
it is a pain having to deal a box every time you run an app. this shouldnt happen and it a major fault of vista…
The su -c feature will be a nice addition to Windows…
Just log as Administrator !
=> When I am logged as “Administrator” (the built in admin account), I don’t get any UAP/LUA popup
If I am logged as a non built-in admin account, I get the UAP popup.
IMO, it’s a good thing. Just as to be get used to it.
Read this website:
http://blogs.msdn.com/uap/
Why User Account Control (UAC)?
[…]
The following section lists Windows Vista user accounts and groups.
Built-in Administrator account: The standard built-in Administrator account, and a member of the Local Administrators group. This account has full access throughout the operating system.
Local Administrators group: This group’s members have the highest potential level of administrative access to the local computer but are always logon restricted.
Standard Users group: This group’s members are unable to make system-wide changes, like installing applications and changing system settings, without an administrator providing his/her credentials during an Over the Shoulder (OTS) credential prompt. An OTS credential prompt occurs when a standard user attempts to perform a task that requires administrative privileges.
The Power Users group was deprecated from Vista since many tasks that formerly required privileges granted to this group are now available to the Standard Users group. For instance, Standard Users can now install printers and respond to Windows Firewall notifications.
Microsoft changed it to “Control” instead of “Protection” because they don’t have confidence in their products.
I can’t wait until Apple ships Intel iBooks. So long Billy G.
What does Apple on Intel have to do with anything here? Anyhow, I am interested to see how this goes. Security and usability are 2 things that don’t go hand in hand. I am hoping they come up with something that is usable while still being more secure, but from past experience, I am doubting it….
Security and usability are not nearly as often in opposition as Microsoft (or Apple!) would like you to believe. In fact, a more secure design is often more convenient as well. For example, as it turns out, NOT having programs auto-run or auto-install from web browsers and removable media, and letting the user open the installer or whatever on their own, is a LOT more convenient than answering gobs of extra dialogs just in case someone’s trying to abuse the excessive “convenience”.
um.. WE DONT WANT A FRIGGIN APPLE/WINDOWS OS! stop trying to copy Apple’s OS’s! wtf is this dialog box pop up crap? if u install something bad, its your fault! dont hinder the rest of us just cause theres dumb idiots who download pr0n 24/7 off google and end up with a comp full of virus’s.. at least make it so we can turn that idiot dialog n00b box off!
uh hello: unfortunately a vast amount of windows users are just that type of idiot.
Well I`m impressed by m$ofts attempt at security. Hey, Linux runs that type of security system as standard and has done for ages…. Apple does too ( although its a BDSM / Linux system these days anyway….. )
The problem is backward compatibility.
That’s the key. Unfortunately, there’s so many old programs (including MSFT apps) that still think they can touch the iron, so this won’t go away for a while.
If only MSFT had realized in 1981 that passwords and file protections are useful (Mom and Dad want to keep their files private from the kids), we wouldn’t be having these problems now.
Unix has been multi-user almost since it’s beginning, and was developed by people who understood the need for security. Thus, Linux was born with a security mindset.
i think that windows vista is taking slowely on startup
i tried the englisg version but its very slow
Let’s not forget this is BETA code! MSFT is still working out the bugs. For an enterprise implementation (10,000+ computers) this feature will be extremely helpful to stabilize the desktop environment. Let’s work along side the developers to provide constructive feedback so they get it right.
I too have my concerns about how this feature will work in a corporate environment where very few users are given Administrator level privilege on the PC. But it is certainly a step in the right direction.
I hope micro$oft fails miserably with this garbage nobody wants it.
I can see where this could be implemented on a lan with the administrator in charge of the computers on that lan, but M$ wants to control the world and try to kill off the competition (LINUX) and lock everyone to M$ products and keep them there by locking the files they created to M$ products.
I really can’t wait for joe sixpack to go to the walmart or bestbuy get his shiny new M$ vista- intel tcpa computer take it home and discover all the restrictions and return it to the store ASAP.
We can now see M$ may have had this type of thing in mind all along, all windows computers make you root or admin by default,
good ole joe sixpack takes his walmart hp box home plugs it in and is owned by hackers spyware and viruses in hours or days (probably minutes). That is both microsofts fault and joe sixpacks fault and were suppose to buy tcpa because M$ does things the wrong way.
Linux User – Oh how very eloquent. If Microsoft came out with an operating system which blew away everything on the market and offered it at the same price point as a packet of chips the Linux fraternity would still complain. Whenever I see someone posting on a discussion board and they start off with something like “I hope Microsoft fails miserably…” I know that I’m reading the words of a bigot who will NOT see the other side’s opinion. Guess what? I then ignore the rest of their rant because it will be so blinkered and mindless that it contributes nothing to the debate and just lets the world know the closed mind of the contributor.
I say – “Wait and see.” No one knows exactly how this will pan out and it surely makes sense to wait until Vista ships and then we can all give it a damned good kicking if it is garbage.
“I hope micro$oft fails miserably with this garbage nobody wants it.”
Wow, now that’s just pathetic.
The elitest “Linux User” just proves that people whom know Linux believe they know everything. It’s really amusing when I see that.
The bottom line is, Microsoft and Apple both streamlined the GUIs on PCs, and Microsoft is used more often than anything else. It really pisses me off that people have that much disregard for the world of End-Users in general. It’s immature and stupid.
I honestly think this Security is good, quite frankly. Definitely for large-scale corporations trying to avoid end-users installing things they shouldn’t be, or from randomly downloading and installing things. Sometimes, scare-tactics are the best tactics, and that’s what this security really impacts. For power users, or individuals that know what they’re doing in general, running as an Administrator will be easy enough, and they won’t need to worry about this. It will, however, take some stress off of Network Admins and IT Departments, which makes me happy. 🙂
Although there is no love lost between me and M, the practice of working as a “normal” user under normal circumstances is a sound practice. A large portion of the problems M-Win has boils down to that.
If you’re just doing your job, like browsing or producing content, you should be able to work happily without admin privileges. Under Linux, I work as a “normal” user 99% of the time. I only switch to admin to install software, change system settings (not GUI settings, which are user configurable) or access privileged hardware (like DSL connections or making a system wide backup). It works fine to me.
If you’re flooded by popup boxes, that means that the architecture is not completely sound yet. E.g. if you need to access system areas just to run a “normal” program, that particular program is not particularly well designed. It may be, because a) there is still a lot of “legacy” software that still assumes admin privileges b) there are no good developer guidelines (yet) c) the architecture is not sound enough.
Still, without having ANY intention to switch (I still got all that you are waiting for, including DRM-less DVD watching) I still think this is the way to go with M-Win.
Well M$ users, the idea is good, and will hopefully keep the generic idiot masses from mulching up their M$ systems. Linux has run this idea for years with hardly a problem ( and now apple too, since its now related to Linux with its latest OS X. ) The big crunch is of course is how M$ applies the concept. I
m sure theres a lot more to their plans then just keeping a system secure.All you technocrat types, worried about the pop up screens, hey – why not – your driving the worlds most generic operating system, made for all, including the dummies.
I agree. That box comes up waaay too much. I disabled it because I found that I wasn’t even looking at what it was saying anymore even though I tried really hard too. I’m sure they will iron it out….or at least I hope they will.
Windows Firewall seems to do this alright, without annoying me. Why can’t Vista?
I think a “Remember this choice” option is needed.
“The elitest “Linux User” just proves that people whom know Linux believe they know everything. It’s really amusing when I see that.”
Actually thats pathetic.
As a Linux User, I’m happy to read that Microsoft are doing something about security and following a tried and well tested method is best practice. Yes Linux/Unix have had this for years. There is nothing ‘elitest’ about being right. But the problems of being wrong have been well document over the last 20 years.
The problem is MS is playing catch up. They produced a product and crammed it down everyone’s throats, and people still couldn’t get enough of it. Unfortunately, Windows was born and provided, at a basic level, an easier way for people to interact with pc’s. Do you remember when being computer literate was a requirement to get a job and you had to actually know the commands to do things? People today do NOT know how to use a pc, nor are they properly trained half the time (mind you some of the “tech” people are just as brainless). This is why pc’s are on corporate networks and the Domain Users group is added to the Local Administrator’s Group. Nice and Secure…. but it’s sure easier for the helpdesk to remote control a pc and remove/reinstall software.
The new security features may be annoying, but it’s alot better than logging off a normal user to install a piece of software then logging them back on to personalize all their settings. But this is the best practise for security.
This feature was “kind of” available in Win2k with the Run AS, but in a limited function. Finally, IT depts can try, (depending on their laziness or intellect) to lock down their pc’s to prevent users from installing crap, and drive by installs. Which yes I realize doesn’t happen on Linux/Unix. But when did mom and dad go to Walmart and pick up a Linux pc? I won’t argue that Linux is a great operating system, and personally i prefer using windows to the MAC OS, but that’s just a preference. I’m used to it. And I know how to fix it when it messes up. So, yes windows needs an overhaul, but at least this is a step in the right direction.
UAC is a necessary evil if you’re an administrator of a large it network, where a culture of restriction is not respected. If you’re on an isolated PC or workstation, then all of your arguments are germain. Remember, Vista in its present form is supposed to be a corporate version for evaluation use. The end product is to be an all-user encompassing software, where your purchase will determine it’s accessed privileges and options (corporate, home-use, etc. — that was already explained). Your comments will hopefully be reflected in the final product delineations?
This will be a new (and necessary) ‘thing’ for Windows users. Hopefully Microsoft is clever enough to prevent it from being a major user annoyance.
One thing needs to be said here. Is there such thing as too protective? Sure dialog boxes can be irratating but there is a neccesity behind it. Todays world is a clever and ever changing environment when it comes to the security of your data. So it only seems relevant that Microsoft along with a range of other IT related businesses have to adapt to this ever evolving threat.
Just think about if all your personal data and the data of your corporation was somehow infiltrated by a person who instead of hacking their way over the internet, just came and retrieved it off your PC locally? And it can happen.
I’m just wondering if Vista has the same multitasking limitation as WinXP–that you can only open about 54 IE or Explorer windows on a freshly booted system, and much less if you have some other major programs running. I don’t think Win2K had this limitation but I’m not sure. This is not related to how much RAM you have. I don’t know what causes it. It gets worse as you use it for a while–“resource leak” and then eventually you can’t hardly run anything and have to log out and back in.
On OSX I understand you can open hundreds or thousands of windows simultaneously.
Another huge windows problem is the complex and cumbersome registry which develops bugs over time which prevent some programs from working properly. This is in contrast to OSX which doesn’t have a registry–it’s like the good old days–programs run in their own folders, and can be added and removed by simply putting them there or deleting them.
I don’t know why Microsoft doesn’t simply do what Apple did–get rid of the old code, use FreeBSD as the kernel and write a new interface. I guess because many programs would not work? But they could have an emulation mode for those programs.
I believe Windows is already too complicated and too buggy and I suspect Vista makes it all even worse. If anyone can comment on this please do.
All I can say is that I’m so sick and tired of not being able to run all the windows I want without problems, just so I can get my work done and have access to all the information I want–isn’t that the objective of an OS? Not to be cool and have a lot of needless features–just to let you run you apps. At this point I’m seriously considering moving to OSX as my daily computer and just having windows around to run stuff that’s not available for OSX.
Linux sounds interesting but unfortunatly major software won’t run on it…
As one of those techs that do know what they are talking about, I agree at this time UAC is something that I have turned off in the beta 2. But I fall into that seemingly larger faction that agrees that M$ is making strides in the right direction with UAC.
Yes, to us advanced users, it is a hinderance, but to the clueless starfish out there that will be buying new systems with it pre-loaded, who havent a clue on how to use what they have bought, who have a TS phone number on speed dial to learn to open the start menu … it’s sorely needed.
On that subject, I let one of my older friends look at the beta, what impressed him (and annoys us) is the added information to just about everything. someone who might take time to explore (when finished) the final help sections might actually learn a bit about their OS, and computers for once! thing is, how many actually look at help? 🙂
In the end, I think it will run great, people will buy it because they are trained to get hte latest, newest … and they dont know any better. what will make or break it is how we respond to the OS (if we clamor about UAC long and hard enough, vista might get pushed back more, and UAC removed, and whether or not it will run on the millions who will uupgrade their existing systems to install it. (Side note, I was suprised that it installed on one of my test systems, a Dell Dim 3000, installed all device drivers with nary a hitch, but have no vid card and more ram to see aero at this time …)
Ive been using sudo and apt-get via ubuntu for six months now, and i realise this is one of the reasons why windows users raise stress levels of tech heads.
lack of awareness, due to a lack of basic ideological tools (aptitude and sudo)
I believe Vista will benefit hugely from the user dropoff rate that will come from people who cant even tie their own shoelaces.
how many people are aware that MS provides school text-books to seattle schools now? you wanna talk about how getting job-ready meant computer-literacy? well what the hell did that term mean as far as the then active apple and microsoft business model?
Did it mean having a world that resembles the movie Brazil?
Advertisement Salesman
“Hello, I want to talk to you about Pipes.”
AS : “Yes you see you can do anything with pipes”
I’m not a fanboy of any OS manufacturer, I use Unix, Linux and MS at work and I use MS as home. I do feel sorry for MS though, and here’s why:
Did you know that according to US goverment statistics, in 2005 there were 5x more security exploits in Unix/Linux platforms that in MS? Bet you didn’t! Did you also know that over 80% of the loopholes in MS OSes were found by MS themselves, where as the equivalent percentage were found by hackers on the Unix/Linux platforms? I certainly didn’t.
But if there’s an exploit on MS the whole community starts raving about buggy software, how Bill Gates is the anti-christ and starts burning copies of XP Pro. Not exactly a balanced view.
MS have to protect themselves from US litigators, because in the US there seems to be little emphasis placed on personal responsibility. The fact that MS could potentially get sued because someone installs bad software and the OS didn’t warn them is probably behind the design of UAC. MS are having to protect themselves against the lowest common denominator, and most people who use computers couldn’t tell a dll from their elbow.
Vista looks to be good for large corporations (like mine), and the less we let user’s get away with the more stable the environment and the less problems we see.
Here’s my last thought – why compare Unix/Linux/MS/Mac – they all have their uses and limitations. I wouldn’t run my company’s EPOS system on my Win XP PC at home, but until the multi processor unix platform can run World Of Warcraft it’s not that much use to me in my owntime 🙂
The creative thinking at Microsoft leaves alot to be desired. Why would they develop User Account Control to constantly prompt admin privliges by clicking on a window which slows production down. Why not have a USB drive that activates the admin privliges so Vista can check the security instead of a prompt. Maybe Bill Gates could hire me to do user testing of his products.
I Install the copy microsoft send me man is great but
so much secutity with your user account ec=very time you what to install app it ask for permetion from admisnistration rights if are log as admistrator why you permition . And on top off all when you are installing sofware some of it incompatible with os sys id vista.
So i say stay windows xp for now is the best so far i have no ploblem with it.
I dont see what the big deal is, i wouldnt complain about the way vista works until its released, your lucky ms even releases betas to be tested. And youll be incredibly lucky if you can even see the system files when its all polished and ready to run on your not-so-owner-friendly” pc.
Windows isnt insecure because of the number of exploits available for it, thats totally irrelevant, the kid who said that up there is a moron. Windows is insecure because its vulnerable by default, because it has to be easy to use by default, because the average user is “less than average” in intelligence.
There are tons of exploits for linux, and they all get fixed within hours of being discovered, if you dont update your software more than once a year thats your fault, and your computer will end up serving spam mail all day long while you wonder why its so slow, then you can go pay microsoft to clean your PC for you.
The exploits for windows never get fixed correctly because the fix would involve disabling or rewriting huge portions of the code, things like windows file sharing (server message block), and DCOM with its totally open ports, there are more exploits for DCOM that WORK on an average windows users machine than all the unfixed exploits in linux.
And yes, i do hope microsoft fails, not because of this, because you dont give a huge company with a large stake in the entire computer world, 8000 chances to get something wrong repeatedly, microsoft has screwed up, over and over, on about everything they squeeze their way in to, they get no more chances, and i dont mean vulnerabilities, i mean outright incompetence, neglecting to fix things.
I wouldnt be suprised if they intentionally leave things open just to create a market for their business partners to sell products, but thats moot point now because they seem to be steamrolling all the 3rd party companies they allowed to sell products, windows defender is a direct competition for things like symantec antivirus, and by the way offering it for free is illegal as its intended to undercut the competition, ask a laywer.
I cant think of too many companies who value the end user LESS than microsoft does, you dont like DRM? So what, universal studios is our business partner. Dont like being told what you can and cant do with your PC? So what, you dont own it, we’re allowing you to use it as long as you pay your monthly subscription fee (just wait, MS has had that in mind a long time, theyre proud of it too).
And you have to see the conflict of interest when the companys who distribute content like music and movies, are business partners with the companies who make your software and operating system, that in itself is reason enough for me to hope MS fails, a company who bows to commercial interests when they should be focusing on making their own software fast and secure, should and will eventually be edged out.
Like someone said, wait till johnny brings his pc home on christmas day and finds out it will only play songs from the windows media store, how quick do you think it will get taken back? at the least little johnny will wipe the pc and install linux or osx if hes smart enough.
MS won’t put the admin password on a removable device because that would be a huge security problem. The password could be cracked if the key was obtained. From a user standpoint if they lose the key and can’t remember the password (because they haven’t used it in 6 months) how are they going to do anything on their system. The reason MS windows is considered insecure is because they have traditionally put ease of use before security. You will get pi$$ed at the prompts to enter your password all the time but tough, a more secure windows is better for everyone who connects to the web. Besides what choice do you have, all the other OSs work this way too.
I’m using Synergy on two vista boxes, everytime that UAC box comes up on my Client box that gets its Mouse and Keyboard signals from the host on the network, I lose control of the mouse and keyboard.
My only wish is that MS had only 2 operating systems:
Experienced & Noob.
I dont need these stupid protections, if it messes up my computer, I’ll fix it!