Mark Russinovich on Windows 7 UAC

Mark Russinovich on Windows 7 UAC

  • Comments 16
  • Likes

User Account Control is one of those Windows features that evokes a number of different responses from folks. Most people appreciate the enhanced security UAC offers, but we did hear complaints about the high number of UAC prompts in Windows Vista. This led some customers to turn off UAC, which concerns us from a security perspective. So in Windows 7, we've given a great deal of thought to how we marry enhanced security with ease-of-use. We have written extensively about the changes in UAC for Windows 7 on the Engineering Windows 7 blog (Post 1, Post 2, Post 3, Post 4).

Now, Technical Fellow Mark Russinovich weighs in on UAC with some great insight on the technology and some of our motivations around the decisions we have made. Check out Inside User Account Control now available online from TechNet Magazine.

16 Comments
You must be logged in to comment. Sign in or Join Now
  • Amazing..you really made my day & after reading this Surely..i ll twit this to my all friends to know more about this blog :)

  • This is one of the best post that I have ever read. You have provided a great piece of information. I will definitely share it with my other friends. Keep up the good work, I would to stay in contact with your posts.

  • The new Windows 7 has make it so much easier to deal with UAC, so much better than Windows Vista.

    In fact you don’t need to completely disable UAC if you don’t want to. Simply type UAC into the start menu or Control Panel search box.

  • Such interesting read and information, thanks for sharing this post. I will check back to read your other new posts.

  • I have the same problem. Different users and I "administrator" can't change much. I am no profesional but can somebody help me check this out? Perhaps there is no problem?

    Please help from you experts

  • aybiss
    2 Posts

    If you keep working hard enough you will eventually convince most people that clicking one button is definitely secure (because it has an icon on it LOL) but clicking the original button couldn't possibly have been made secure in the first place.

    It's unfortunate that most people these days don't have enough basic logic skills to figure out when they are being fooled.

    So what, Microsoft drains the lifeforce of people clicking on UAC prompts or is it just so embarassing you can't go back on your original idea?

  • aybiss
    2 Posts

    If you keep working hard enough you will eventually convince most people that clicking one button is definitely secure (because it has an icon on it LOL) but clicking the original button couldn't possibly have been made secure in the first place.

    It's unfortunate that most people these days don't have enough basic logic skills to figure out when they are being fooled.

    So what, Microsoft drains the lifeforce of people clicking on UAC prompts or is it just so embarassing you can't go back on your original idea?

  • what would be the reward for giving the team the genuine crack for windows 7?

    email me

    here is my screenie  spikegotti.deviantart.com/.../windows-7-rtm-134078654

  • I will be happy as long as they fix the UAC box that pops up every time I open Visual Studio, which is at least 20 times a day.  :)

  • Well I got rid of the IE prompts using the link above, unfortunately I got a security update last night that wiped out my System Restore Points.  

    The only solution for getting WinTV6 to work is to turn off UAC, a shame really.  Same problem as here

    ...

    forums.anandtech.com/messageview.aspx

    I may just end up doing that, it would be nice to have a program exclusion list though.

  • I actually like UAC as it increases security, its nice to know that it provides some extra protection.  However I did recently get this problem after reinstalling WinTV v6 from Hauppage

    www.hauppauge.co.uk/.../showthread.php

    So right now the prompts are kinda annoying me, so a system restore may be in order.  Maybe that will fix it because currently UAC is prompted for WinTV to run which makes it pretty useless for recording scheduled TV programs.

    Actually I prefer Media Center to WinTV, but the conversion from a wtv file to the more common mpeg file format would not be needed if I can use WinTV6 instead of MediaCenter.

    If there was some way to add some specifice program exclusions to UAC that would be cool, even if those exclusions could only be set on a Admin account or in Safe Mode  or by through some other method that would help make it easier on the end user.

  • Pudnik
    1 Posts

    ...Windows used to be real insecure. But it has always been relatively easy to install and use. The Unix flavors are reeeally secure. But even with GUI components such as Gnome, only usable by 'Geeks'.

    I suggest that user accounts on both OSs could use a key property I call the User Technical Ability Index. Instead of assuming that all users that logon to computer accounts are the same, the system looks at the UTAI of the user account, and either 'dumbs down', or leaves the user alone, accordingly.

    For example, if the account is a standard account, but the UTAI is very high (the person who logs on to this account most of the time is a network administrator capable of maintaining a huge SQL Server database for a 150,000-person enterprise), the system shouldn't bug the user all the time and assume that the user is a complete newbie even though the account is a standard account.

    However, if the UTAI of the standard account is very low (the person who logs on to this account most of the time is a ballet dancer whos primary interest is not computers and only uses a computer to read his email), then by all means the system should dumb down and baby and coddle the user most of the time...

    Just my 2 cents...

  • Most people appreciate the enhanced security UAC offers, but we did hear complaints about the high number of UAC prompts in Windows Vista. This led some customers to turn off UAC, which concerns us from a security perspective.

  • I'm wondering if Windows Vista's UAC will be altered to be more in line with Windows 7's UAC.  

  • 7flavor
    352 Posts

    What about the task scheduler loophole described here (www.howtogeek.com/.../create-administrator-mode-shortcuts-without-uac-prompts-in-windows-vista)? Won't malware be able to create any basic task and then use schtasks /run /tn "TASKNAMEINQUOTES" to bypass UAC?