Windows Vista’s most prominent – and most hated and misunderstood – feature was most likely User Account Control, designed specifically to not only make the system more secure, but also to annoy users and developers, forcing them into making applications that do not require administrator privileges. In Windows 7, Microsoft has done a lot to alleviate the annoyances.
In Windows 7, you can now use a slider widget to set UAC to four different modes. The first mode is the full-blown Vista behaviour; all actions initiated by any user requires you to pass a UAC prompt, including the screen blanking feature. This is the way UAC behaves in Vista SP1, and I’m probably one of the few out there, but it’s the one I prefer. I like to know when something I’m about to do apparently messes around with important stuff.
The second setting is the default in the build handed out at PDC: administrators will not see a UAC prompt with user-initiated actions (elevations happens automatically), such as messing in the Control Panel. Programs initiated by the admin user still require a UAC prompt, but there’s no screen blanking. Non-admin users will get UAC prompts for both types of actions, but there’s no screen blanking.
The third setting means no confirmations will ever appear (admin users automatically elevate, even for program-initiated actions). The fourth and final setting disables the automatic elevation feature, so this is essentially Vista behaviour, sans the screen blanking.
I’m personally a proponent of the full-blown Vista SP1 behaviour, because it gives me the insight of what’s going on, and it informs me of the possible consequences my actions could possibly have. However, this is a very personal issue, and I am sure that users will rejoice massively over this easy way of manipulating UAC behaviour in Windows 7.
It’s still a nightmare trying to develop software as a standard user on Vista. I’m constantly dropping stuff into the GAC and messing with IIS settings and so on, but almost everything I do requires me to enter an admin password in their screen-blanking UAC thing.
I can’t (or at least I’m not aware of how to) just set it up like sudo and let it remember me for 20 minutes and do certain commands without having to enter password/credentials whatsoever. In a number of cases, Microsoft tools don’t even work correctly, and the workaround on their KB is to run as an administrator. Even explorer’s elevation seems nightmarishly buggy for me and everyone else at work.
Microsoft: Please do us a favour and fix elevation/UAC so we can run as a restricted user but still elevate easily when we need it. Fair enough our needs are different to those of normal users, but the operating system’s continued usage depends on developers to write software for it, so don’t piss them off.
Like you alluded to in your comment, you don’t have the standard user needs. So why are you trying to shoehorn yourself into a standard user account?
There are plenty of other options default user account templates that windows provides (like Poweruser). Even if none of these quite fit your particular needs, you can use the group policy manager to create a developer group with exactly the kind of specific system access you need.
This could allow you to have an account that doesnt annoy you without having to resort to a full blown administrator account. However, if you are doing system related things that require admin rights all the time. Then maybe you shouldn’t be doing non-safe activities at the same time on that account and fast user switching with multiple accounts would be a better solution for you.
When writing software for Windows, it is highly recommended you do so using a regular user account since this is the least common denominator…most of the users of your software will be running as non-admin. There are tons of software packages that were written by developers with full admin rights to their machine as the software was authored, only to have a ton of things go wrong when the finished package was run by an end user under a non-admin account.
Edited 2008-10-31 04:32 UTC
So now you can just turn the whole thing off easily?
And that protects people… how?
UAC is like having more than one bolt in your door.
Except the keys are always in the lock.
You just walk up and turn a few keys, and you’re in.
Security wise – hey you’ve got three bolts! It’s got to be secure! The reality is that you’re turning more keys, but since the keys are already in the locks, it makes no difference how many there are.
Useless, absolutely useless.
Win7 UAC is less safer than Vista UAC.
I prefer the Vista UAC.
Edited 2008-10-31 07:48 UTC
UAC in its current form is an annoying band-aid. The problem is located in Windows’ userland. MS needs to separate its stuff more.
When I’m in a restricted user account, I shouldn’t be seeing files from other users or the system. I should be in my own sandbox. If I try to install software, the system should ask if it needs to be global with a password prompt. If not, just install under \Documents&Settings\User\Program Files\
*Nix got that stuff already sorted long ago. MS really needs to hasten their catch up. It is one of IT’s great tragedies that one of the most secure OS kernels is suffering from the most insecure userland.