Re: Run As Adminstrator - why hasn't it saved us?


"riix" <guest@xxxxxxxxxxxxxxxxx> wrote in message news:e100bf9a5d61a24164a35762cccd0b06@xxxxxxxxxxxxxxxxxxx

To all that replied - thanks for your comments and no disrespect
intended please, but seems we missed the issues:

1) when attempting to run as a Power User, the "RunAs Administrator"
seems to be completely wrong in concept, yet has been around since ..
NT3? Can this really be? Or am I totally not understanding how its
supposed to work?


There is no more Power User on Vista, as stated in the article.

<http://technet.microsoft.com/en-us/magazine/cc160882.aspx>


2) Why does disabling UAC also disable "RunAs.." - again: these are
totally different concepts, why are they coupled?

UAC and Run As Administrator are tied together on Vista and are the new security profile for the Admin and Standard user accounts. Even Admin on Vista is locked down to Standard User and must have its rights escalated, as stated in the link.

<http://technet.microsoft.com/en-us/library/cc709691.aspx>



3) UAC is _not_ a minor inconvenience, it is a *major* hassle for
members of a development shop. Its not just a click. Its the constant
jarring effect of the screen going dim (or even black) for a second or
two, the box, the click, the blink back to reality, then a few seconds
later .. Event Viewer, IIS Admin, SQL studio, etc.

Doing this, maybe 30-40 times a day? When XP just worked?

And all this because the Vista product, and Microsoft narrow-mindness,
won't allow me to work in a more intelligent fashion - which is: as a
Power User and *not* as an Administrator?

1) You disable UAC.
2) You use something like TweakUac.
3) You set your account to be Super Admin so that you still have UAC enabled because some applications will not work correctly with UAC off, those applications using the Vista UAC manifest as an example, and by being Super Admin, UAC will not prompt you as Super Admin, as stated in the link.

<http://www.computerperformance.co.uk/vista/vista_administrator_activate.htm#Summary_of_Vista_Administrator_-_Super_User_(Hidden_Account)>


4) and maybe that's a bottom line - why does Vista install and create
its users as Administrators? A while ago my son bought a new Acer
computer with Vista Home Exceptional (or whatever its called). First
thing I did was create an Adminstrator id, write the password on his
monitor, then downgraded his ID to Normal User. He's now been using it
for over a month and HAS NOT EVEN NOTICED he's not an Administrator,
that is, it hasn't affected him at all.

That's because Standard user on Vista has more rights than Limited user on XP as an example, which was preventing a Limited user on XP from doing things. This as been corrected on Vista. However, if the user your son was running a solution as Standard user or as Admin, because Admin on Vista is locked down to a Standard user, and UAC is enabled, the user is going to be prompted for credentials for privilege escalation.

Why doesn't Vista do this by default ?

Ask MS.

5) I've just found references to "UAC Manifest" files - does anyone
have real, honest, practical experience with this as a way of calming
UAC?


A programs running on Vista with UAC enabled, the developer can present the UAC credentials to Vista for privilege escalation by using the manifest. That UAC challenge box is still going to pop in the user's face, to allow or disallow as Admin or if Standard user give user-id and psw for an Admin account.

<http://community.bartdesmet.net/blogs/bart/archive/2006/10/28/Windows-Vista-_2D00_-Demand-UAC-elevation-for-an-application-by-adding-a-manifest-using-mt.exe.aspx>

.

Relevant Pages

  • Vista "complaints"
    ... Recent misconceptions about Vista and UAC posted to the Focus-Apple group, ... administrator, and combined with the many configuration options Vista ... that Win XP gave her the ability to add permissions to her normal ...
    (Focus-Microsoft)
  • Re: I turned off UAC
    ... Vista users about virus or malware issues, not like you see on XP. ... I would rather have it enabled so that I am not on the Internet with full admin rights, like the previous versions of the NT based O/Swhich are open by default O/Sand wide-open to attack/compromise by default. ... The out of the box admin account on Vista that is given to a user or any subsequent admin account that is created on Vista with UAC enabled is NOT a full-rights-admin account. ...
    (microsoft.public.windows.vista.general)
  • Re: I turned off UAC
    ... Vista users about virus or malware issues, not like you see on XP. ... I would rather have it enabled so that I am not on the Internet with full admin rights, like the previous versions of the NT based O/Swhich are open by default O/Sand wide-open to attack/compromise by default. ... The out of the box admin account on Vista that is given to a user or any subsequent admin account that is created on Vista with UAC enabled is NOT a full-rights-admin account. ...
    (microsoft.public.windows.vista.general)
  • Re: Compiling DLL & Vista: Follow up
    ... running as an Admin or setting a program to run as Admin will ... The biggest problem I've found in my cool little registry hack to register ... Try reading the Vista newsgroups....lots of complaining about the UAC. ...
    (microsoft.public.vb.general.discussion)
  • Re: I turned off UAC
    ... Five Misunderstood Features in Windows Vista ... The User Access Control (UAC) can detect rootkits before they ... full-rights admin like on XP. ... The admin-user is only a user with Standard user rights, ...
    (microsoft.public.windows.vista.general)