SEARCH

How-To Geek

HTG Explains: Why You Shouldn’t Disable UAC

image

User Account Control is an important security feature in the latest versions of Windows. While we’ve explained how to disable UAC in the past, you shouldn’t disable it – it helps keep your computer secure.

If you reflexively disable UAC when setting up a computer, you should give it another try – UAC and the Windows software ecosystem have come a long way from when UAC was introduced with Windows Vista.

Administrator vs. Standard User Accounts

Historically, Windows users used administrator accounts for day-to-day computer activities. Sure, in Windows XP you could create a standard user account, with less permissions for day-to-day use, but almost no one did. While using a standard user account was possible, many applications wouldn’t run properly in one. Windows applications generally assumed they had administrator privileges.

This was bad – it’s not a good idea to run every single application on your computer as administrator. Malicious applications could change important system settings behind your back. Security holes in applications (even applications built into Windows, such as Internet Explorer) could allow malware to take over the entire computer.

Using a standard user account was also more complex – instead of having a single user account, you’d have two user accounts. To run an application with maximum privileges (for example, to install a new program on your system), you’d have to right-click its EXE file and select Run as Administrator. Once you clicked this, you’d have to type the Administrator account’s password – this would be a completely separate password from your main, Standard user account.

image

What User Account Control Does

User Account Control helps fix the security architecture problems of past Windows versions. Users can use administrator accounts for day-to-day computing, but all applications running under the administrator account don’t run with full administrator access. For example, when using UAC, Internet Explorer and other web browsers don’t run with administrator privileges – this helps protect you from vulnerabilities in your browser and other applications.

The only price you pay for using UAC is seeing an occasional box that you have to click Yes to (or click No if you weren’t expecting a prompt.) This is easier than using a standard user account – you don’t have to manually launch applications as administrator, they’ll just present a UAC prompt when they require administrator access. You don’t have to type a password, either – just click a button. The UAC dialog is presented on a special, secure desktop that programs can’t access, which is why the screen appears grayed out when a UAC prompt appears.

image

UAC Makes Using a Less-Privileged Account More Convenient

UAC also has some tricks up its sleeve that you may not be aware of. For example, some applications could never run under standard user accounts because they wanted to write files to the Program Files folder, which is a protected location. UAC detects this and provides a virtualized folder – when an application wants to write to its Program Files folder, it actually writes to a special VirtualStore folder. UAC fools the application into thinking it’s writing to Program Files, allowing it to run without administrator privileges.

Other tweaks made when UAC was introduced also make it more convenient to use a computer without administrator privileges – for example, standard user accounts are allowed to change power settings, modify the time zone, and perform some other system tasks with no prompts. Previously, only administrator user accounts could make these changes.

image

UAC Isn’t As Annoying As It Seems

In spite of all this, there are many people who now disable UAC as a reflex, without thinking about the implications. However, if you tried UAC when Windows Vista was new and applications weren’t prepared for it, you’ll find that it’s a lot less annoying to use today.

  • UAC Is More Polished In Windows 7 – Windows 7 has a more refined UAC system with less UAC prompts than Windows Vista had.
  • Applications Have Become More Compatible – Application developers no longer assume their applications have full administrator privileges. You won’t see as many UAC prompts in day-to-day use. (In fact, you may not see any UAC prompts in day-to-day computer use if you use well-designed software – only when installing new applications and modifying system settings.)
  • UAC Is Most Annoying When Setting Up a Computer – When you install Windows or get a new computer, UAC seems worse than it actually is. When you’re installing all your favorite applications and tweaking Windows settings, you’re bound to see UAC prompt after UAC prompt. You may be tempted to disable UAC at this stage, but don’t worry – UAC won’t prompt you anywhere near as much when you’re done setting up your computer.

If you use an application that shows you a UAC prompt every time you start it, there are ways to bypass the UAC prompt – it’s better than disabling UAC entirely:

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 09/18/12

Comments (64)

  1. kellanpan

    Interesting outlook on UAC. I think I’ll disable it while setting up new computers, then enable it when I’m done.

  2. Thom

    When I’m setting up a new computer, I create a single Admin account with a blank password and use that to install all my software and set up my settings. Once the machine is fairly complete, I create the other accounts and put a password on the Admin account. (For my Mom’s machine, I also had it auto-login to her account. She doesn’t even know that there’s an Admin account!)

  3. r

    agreed for Users (most desktop PCs) & Local Administrators (mobile PCs with VPN), I just leave it in place. As a Domain Administrator I set UAC on my workstations to “don’t notify me when I make changes…” –cuz, only I make changes & nobody else has access.

  4. NSDCars5

    OK, so now can we have a tutorial on having UAC in Windows XP!

  5. Daniel Struve

    Well, the only problem with this advise is that some games wont work effectively with it enabled like Battlefield 3

  6. Syn

    @NSDCars5 – you can’t have UAC on Windows XP, sorry. It’s Windows Vista and above (up to Windows 8).

    Anyways, @OP – How can you use UAC man? I’ve always disabled it on Windows Vista AND 7; I simply can’t handle pressing “Yes” to allow everything I do. Specifically, because I sit here and when you’re attempting to completely rebuild computers, then finish up with the needed applications; it really gets in the way. Or, I use a lot of programs (such as Putty + Proxocket) and I can hardly get away with doing that.

  7. royalm

    Another problem is that many remote software programs will disconnect from the customer when the UAC prompt appears…that is not good for business. And usually teh end-user is not savy enough to follow directions to temporarily disable UAC.

    So I disable it at build.

  8. royalm

    Sorry…remote programs for maintenance to help the end-user…

  9. r

    @ NSDCars5 :

    Under XP you can’t add all the protections offered by UAC, but you can take various steps to limit possible damage like:

    – fill out the dialog boxs with a new user names & all applicable options.
    - use NTFS & make sure XP security center is on
    - stop or start certain services in “services.msc”

  10. D. L. Sinkler

    I have not disabled UAC but I do have a problem that even the Geek Squad cannot correct. I am looking forward to Windows 8 because I understand the problem with Windows 8 will resolve itself. Here is my problem that NO ONE has been able to solve. When I click on my desktop to open a file I get a very “incompetent” blue box that asks the question “Do you want to open or save this file?” If I click “open” nothing happens. If I click “save” nothing happens. In the meantime the file remains “locked” and I do not have access to it. What was Microsoft thinking when they “invented” this stupid “masterpiece.” I am not the only “victim” to this, others have posted the same problem. I will not disable UAC because the safety of my data is extremely important to me. If there is ANYONE out there who has a solution to this problem, I would deeply appreciate it and if you do, I will give fifty dollars to your favorite charity.

  11. Kryten

    +1 finally a voice of sanity re UAC. It’s nowhere near as bad as most make it out to be.
    It’s essentially equivalent to the gksudo prompt you get on Ubuntu, yet you hear no complaints about it…

  12. Julia G

    The only reason i have the UAC disabled,is because of ERUNT.
    ERUNT won’t work with UAC enabled and since running it,is important,
    i have no choice,but to leave UAC disabled.
    Hope ERUNT fixes this problem soon,it’s become annoying,that despite knowing this,
    they have so far,done nothing to fix it!Not impressed Mr Lars Hederer!

  13. Liq

    @D. L. Sinkler — is it just one single file, or anything on your desktop? Does it matter the extension(.exe, .txt, .docx)?

  14. r

    @ D. L. Sinkler : this might work if you are using shortcuts (backup things before)

    - navigate to /Users/[username]/Favorites/Favorites Bar
    - copy (or cut) all these shortcuts and put them in a new folder anywhere you want.
    - right-click on the Taskbar & OPEN Toolbars >New Toolbar & choose the folder you just made
    (remove any the old ‘links’ )

  15. hfxmike

    For a single user computer, what good is UAC? Why not just turn it off and have decent security/av software?

  16. Ringo

    Disabling UAC is the first thing I do after reinstalling/recovering a system (especially if it’s Vista).
    It does make life easier and speeds up the driver installations.
    I
    f the machine is mine, it stays off. I’m tech savvy enough not to allow any suspect processes.

    If, however, it’s for a client, the last thing I do is to re-enable it. Saves dozens of support calls because something has ‘snuck in’ Lol :)

  17. Ringo

    … but not tech savvy enough to put the cursor in the right place when paragraphing a post it seems! lmao

  18. r

    I assume that many people here are “tech savvy” in their own ways. But I still keep UAC on (even my workstations), cuz the changes I make impact me & other systems that I manage. I really don’t mind being very briefly reminded about that, especially if I’m very busy –for me, it’s just good policy.

  19. Gregg DesElms

    From the article: “While we’ve explained how to disable UAC in the past, you shouldn’t disable it – it helps keep your computer secure.”

    MY RESPONSE: That’s the biggest load o’ hooey I’ve ever read! Yes, UAC keeps your computer secure, but so does shutting it off. UAC so flies in the face of any even HOPE of ease of use — of usability itself — that it would actually be easier (and certainly less maddening) to just turn off the computer.

    UAC is a pest. It pesters and harrasses the user until s/he wants to pick-up his/her computer and hurl it with all his/her might to the concrete. UAC is the frustrated and over-the-top response of a company (Microsoft) beset, by its horrible programming, by so many security problems in its operating system and application software that the only thing it could think of was to use, in effect, nuclear weaponry to guard a gate which should, instead, simply have an armed sentry.

    There are almost literally gazillions of ways to equally protect the computer without whatever is the protection being so “in-your-face” as is UAC. Anyone who willfully tolerates UAC is secretly a sadomasochist; either that, or s/he has so completely drunk Microsoft’s Kool-Aid that his/her opinion my no longer be counted on for objectivity or, worse, rationality.

    I expect more from this website than that it recommends the use of UAC: the hands-down worst and most godawful “security” feature that Microsoft has ever proffered.

    Those making the argument against UAC, here, are pussyfooting around too much. Some awful things just need to be called what they are, and not danced around.

    _____________________________
    Gregg L. DesElms
    Napa, California USA
    gregg at greggdeselms dot com

  20. Deekshith Allamaneni

    But I do not like that irritating dialog bog. Is there any setting to change it to get alternate dialog box sort of thing?

  21. Preta

    The biggest problem I see with UAC is that the non-technical users who should be using it have no idea what programs should be allowed to run. Eventually everyone ends up up just clicking yes to every UAC request, and it becomes nothing more than a pointless annoyance.

  22. KVH

    @ Gregg DesElms I’m sorry, it sounds like you’re frustrated. I don’t, however, believe that it is fair to belittle ‘a company (Microsoft)’ for taking steps in the right direction. Adding a security feature like UAC, in my opinion, is targeted at a user like you, who does not seem to take interest in the fact that there are a multitude of people who use the ‘horrible programming’ and don’t really know, or care to know how to make sure they aren’t being digitally taken advantage of. When you have a enormous hacking community, with many focused on exploiting the users, that work day in and day out to develop malicious code that will exploit the human, and the human cannot or will not protect themselves, then I don’t understand what the issue is with something of the like of UAC. If anything, UAC is a response to sales lost because the Windows Operating system lacked basic security features that many other OS’s had from inception. Any *nix box you touch does not, by default, give you ultimate Administrative privilege, you have to gain ‘root’ access, meaning the equivalent of accepting a UAC prompt. While you can operate as ‘root’, any participating member of the security community would tell you, “It’s not a good idea”. Why? Because you can break things, and others can break them for you without your permission, because you are ‘root’, aka UAC disabled user.

    And really ~ ‘It pesters and harrasses the user until s/he wants to pick-up his/her computer and hurl it with all his/her might to the concrete.’ ~ Are you 5? The hardware industry will love you with this behavior, but I hardly find your response appropriate.

    It’s really unfortunate that you find interest in expressing your computer inadequacies in this forum. There are those who will read this and become safer in their computer habits as a result of it, realizing that by following your mentality, and killing a simple precaution given as an option to the user, they have left themselves unarmed against a community larger than the developer of the proverbial ‘bane of your existence’ to be taken advantage of, and exploited because they turned of UAC.

    For those of you still reading, speaking from a perspective of computer security, it would be VERY unwise to disable the UAC completely. I understand that it can cause complications in software that is not designed to handle this behavior, but there are ways to work around these complications and still maintain the security provided by UAC. At the end of the article are links to help you through that process, but be judicious, if you don’t need to run something as a ‘elevated’ user, DON’T!

    Do you run into a rain storm without a raincoat or umbrella? Do you come to a gunfight with a knife? NO, you bring the appropriate ‘tool’ to help you.

    While not the end all be all, UAC is a good ‘tool’ to help keep you digitally safe. Use it.

  23. Paul

    Elsewhere I posted a comment suggesting that users who, like me, were totally fed up of being denied full use of the computer that we own, initialise the hidden Aministrator in Win7, and use it exclusively. Didn’t go down too well with

    one responder, who responded in similar vein to this. Dire warnings of death and destruction.

    First, let us put this in perspective. We are here talking about an Operating System (OS) for a computer, not a live bomb. Should anyone totally screw up their OS they will not die, nor will the house explode. Worst case – they may lose

    some files that they’d rather not lose. Tough, they should have taken all the other advice about backing up. Their fault. Next worse case is they will have to reinstall the OS. This warrants a tut; not a SCREAM!, just a tut. They will

    have learned something, and they are now going to learn about reinstalling an OS, and reinstalling all the progs they used to have installed. Progress!

    Perhaps it is possible to up the status of a User, but I never succeeded. I tried long and hard to equip my original User with Administrator privileges, but the prodedures were far too complex and stunningly poorly assisted. Microsoft

    was absolutely no help at all. What information I did manage to glean, I got from the internet. Nevertheless I failed because Windows presented me with input boxes with meaningless titles, and absolutely no information about what was

    wanted from me – picture, binary number, path, address, autograph, money, photo of my wife. And required procedures appeared in many places, not just one single place where detailed instructions could be found by clicking a help link.

    Why? Because there were no help links. Microsoft made me do it. I wasted so much time trying to find answers.

    Further, maybe my anger would not have been so fierce if the messages were less bombastic, condescending, and just plain fascist. YOU DO NOT HAVE SUFFICIENT PRIVILEGEs, PERMISSIONS OR RIGHTS TO DO WHAT YOU WANT TO DO, SO SOD OFF. Never

    any help link giving instructions about how to actually achieve what I was just denied. Just NO! I’m not a Windows knocker, but when it comes to help, Microsoft is useless. Apart from the previous, I have, for instance, never encountered

    a single Windows error message wherein the text could be Copied and subsequently Pasted into a Search Engine or Notepad. Instead we have to laboriously type the entire message into the browser or Notepad. Helpful? Think not! Incredibly

    unhelpful and lazy. Microsoft don’t give a toss about helping, that’s just a PR con. And how about the blatant stupidity that allows Windows, when responding to a query about difficulty accessing the internet, to only offer searching the

    internet for solutions! Come on, everyone must find that laughable. This is everyday Microsoft. But, I digress.

    Imagine if your car refused to start saying that you’d driven a bit too fast yesterday, and so you are denied driving rights today. Or if your television refused to turn on telling you that you had watched too much TV yesterday, and so

    you are denied viewing rights until 3pm Saturday. Don’t know about you, but in my world they would be pounded to bits with a 10 pound sledgehammer. You would not believe the restraint I have had to employ throughout Windows 7 in order to

    not turn my keyboard or monitor into dust.

    Back in DOS and DRDOS, UAC consisted of – “Are you sure Y/N”. That was it. No refusal, just a query. Very useful for accidental clicks, obviously. That’s all the control I am prepared to tolerate. If I press “Y” then it happens, If I

    press “N” then it doesn’t. Of course I do want messages asking me if I want to allow a certain thing to happen/continue, but I still want Yes or NO to be my choice, and to be immediately obeyed by this piece of machinery. I don’t mind

    information about what might happen if I do this or that, prior to the “Are you sure”, that’s just helpful, and up to me to read or ignore, or read and absorb or continue thinking about chocolate and girls.

    There is far too much dumbing down everywhere nowadays which compromises the progress of we who can and do read the manual, follow the instructions, understand the possible complications, maybe research a bit before we jump in.

    Everything is geared for the lazy and incompetent and stupid. There comes a time when each must achieve a reasonable level of competence or be left behind. We must not deny the competent control just because others cannot be bothered,

    and nor should we worry about posting advice that the incompetent might suffer from following. Maybe people should be required to pass a test before being able to buy a computer…

    If you are totally fed up with Windows 7 telling you you cannot do this or that, then invoke the hidden Administarator, and use it exclusively to logon to. I’m having a good time – almost a year. No nagging or denying. I do what I want –

    which is not only what I want, but also only what I will accept.

    And remember, I had all these privileges in previous Operating Systems (95, 98, 98SE, XP), and so I am in no more danger than I was then. And then nothing bad happened.

  24. r

    That’s fine for you but I just want to simply avoid some worst-case scenario as much as possible.
    Are you going to help me every time something goes wrong because I didn’t use UAC?

  25. Doh

    Fact: you cannot fully disable UAC in windows 8. If you disable it, applications that need administrative access just silently fail.

  26. Crat

    Naivete is a wondrous thing, ain’t it?? Makes for a geat living for anyone savvy enough to exploit it.

    Those of you who seem to think that occasionally having to make one more mouse click is such a terrible inconvenience—
    Just how inconvenient will it be when you have to rebuild (your system, your credit rating, your life) AFTER your choice to disable such simple and available security features has allowed some hacker to access—and do whatever they choose with—the contents of your system?
    GTFU.

  27. MJ

    The screenshot in the title reminds me of the Windows 7 Beta, where changing UAC settings would not display the UAC prompt, effectively turning it useless.

    Back to topic. All this UAC haters just shut up. If you don’t like it you CAN DISABLE it. You have been given the option. if you don’t know how to do it, it has been explained already in this webpage.

    Extended post:

    “Everything is geared for the lazy and incompetent and stupid” because once you make something idiot-proof, the universe creates a better idiot. “They may lose some files that they’d rather not lose”, then let’s make it harder they loosing their important files. You speak of “Their fault” but then complain about Windows Help not being helpful enough for you.

    My belief is that users that have a better knowledge on how computers work should provide an education and a safe environment to those “incompetents” (I call them illiterates) they have around. I provide education to those around me, UAC is a safe environment for them.

    “Imagine if your car refused to start saying that you’d driven a bit too fast yesterday, and so you are denied driving rights today. Or if your television refused to turn on telling you that you had watched too much TV yesterday” This has NOTHING to do with UAC, it does not prevent you from hacking other’s computers or using yours 24/7.

  28. Hotfortech

    All i have to say is checkout the Quotable…
    http://tweakhound.com/windows7/nouac.html

    Mark Russinovich is THE “windows architect” in MS…
    and checkout what he says (1:30):
    http://tweakhound.com/windows7/nouac.html

  29. Besli

    @MJ > I keep UAC always on but you lost me by telling anyone to “shut up” and “Everything is geared for the lazy and incompetent and stupid” You also completely confused me after “Imagine if your car refused to start saying…”

  30. hfxmike

    The only experience I’ve had with UAC is when it popped up a few times because of something I initiated. Installing an application or something. I turned it off 5+ years ago and haven’t had any problems.

    Can someone give me an example of when UAC saved the day? As in “Thank god that UAC window popped up or else I would have been screwed” Will it question you if you start to nuke your sys32 directory?

    What does it do that a resident malware/av/etc program doesn’t? Just a simple example or two would be great.

  31. selvx

    @hfxmike

    Just ask yourself what triggers a USC prompt:

    Running an Application as an Administrator
    Changes to system-wide settings or to files in %SystemRoot% or %ProgramFiles%
    Installing and uninstalling applications
    Installing device drivers
    Installing ActiveX controls
    Changing settings for Windows Firewall
    Changing UAC settings
    Configuring Windows Update
    Adding or removing user accounts
    Changing a user’s account type
    Configuring Parental Controls
    Running Task Scheduler
    Restoring backed-up system files
    Viewing or changing another user’s folders and files
    Running Disk Defragmenter

    then you might see how things can go bad for certain users

  32. john3347

    UAC is totally false “security”. UAC sees (1) a website or (2) a combination of keystrokes or (3) an incoming “command” that is POTENTIALLY harmful and throws a window at the operator and asks if you want to do what you just said you want to do. UAC does not send a scout out to the website that you are requesting or to the website that is attempting to contact you and makes any kind of determination whether the site is safe or is not safe, but just determines that there are characteristics present that COULD be harmful. Yes! I want to go to the website I just said, through whatever series of keystrokes, that I want to go to. It is for this reason that UAC is worthless and one of the very first things I disable right after Libraries and Favorites in Windows 7 when I set up a new OS installation.

    Now if the UAC could determine that a website is known to deliver bad stuff or some such, UAC would be a completely different animal. Just because a potential exists is nothing but a headache. There is always a potential of getting run over by a runaway car while crossing the street. Maybe we need a UAC device on the walk and wait lights to warn us of that possibility. We could make two or three additional mouse clicks on the lamp post to finally turn the walk light on. This equal to the value of UAC.

    That’s my story, and I’m stickin’ to it!

  33. Tom

    That’s because UAC is there to improve upon existing security by limiting application software to standard user privileges until an administrator can authorize an increase or elevation. It’s not a anti-virus, malware or firewall program & it doesn’t intended to replace one either.

  34. LeeTo7

    @Tom

    Ya, I get the impression that many who challenge the need for UAC just don’t get why it’s there & what it’s meant to do.

  35. freud read

    UAC is stupid. It strikes way too much fear in old folks hearts and bugs the rest of us endlessly. WORTHESS

  36. robynsveil

    UAC does bugger-all for security… it merely lulls the installer and OS developer into a false sense of having “done the right thing”. Perhaps MS should sit with actual users who have UAC enabled: what do they do when they encounter it? Click OK. No one reads these dialogues that*should* read them, which defeats the purpose. Chalk up another fail for Microsoft.
    They wouldn’t consider redesigning their OS to be more like a real OS should be, like Unix or Linux.

  37. DePariah

    I have to agree with preta (above). The people for whom UAC would actually be useful for don’t know what programs should be allowed to run. Someone mentioned that it is like gksudo on Ubuntu, but I have to disagree. On Ubuntu it is nowhere near as intrusive, mainly because it is implemented much smoother. On Ubuntu it takes no time at all to pop up and then disappears in a blink of an eye once you put in your password. Windows UAC on the other hand is a much slower process (in my experience anyway). So I have to disagree, when setting up a windows computer the first thing I do is disable it and then install decent up to date freeware from my usb (avast, superantispyware, ccleaner etc).

  38. Chemical

    UAC is completely useless. It merely provides a mindless exercise by clicking “Yes” repeatedly.

  39. Sel

    What are you babbling about? Check for yourself if you like (just Google it if you’re lazy) Linux has used a UAC-type user security prompt interface for years. The functionality actually debuted on UNIX-based systems.

  40. florL

    Don’t complain about it, you all sound like bitter old women. Just don’t use it.
    Makes absolutely no difference to me or probably anyone else that does use UAC.

  41. florL

    Exactly, if you don’t want it just don’t use it. Who really cares what you do anyway

  42. Dan

    I never quite got the point of UAC. Then again, I don’t understand the point of having ‘accounts’ on my home computer anyway. Why would I want multiple accounts on my computer? It’s my computer! I’m the only one who uses it, I only need one account: me! Every time I do an OS reinstall, first thing I do is spend an hour fighting with the OS’s insistence that I ‘set up user accounts’. It’s frustrating and a pain in the neck.

    I can’t believe I’m saying this, but I miss how easy it was to do an OS install and network share setup for Windows 2000. It assumed that you only needed one user by default. Heck, you could just right click on a folder and hit ‘share’ to share it to my LAN, instead of fighting with user accounts on there too. I’m only 28, but sometimes I feel like a grumpy old man dealing with this stuff.

  43. TutNut.co.cc

    Are you telling me that Windows has an IMPORTANT SECURITY FEATURE?

  44. Robynsveil

    I fully agree with Gregg DesElms for the simple reason that Microsoft developers of software – whatever you wish to call it – have never actually spent much time with users using UAC. It should have been a trial-version thing which was a clear fail because of the way people work.
    BUT
    Because Microsoft developers are Redmond-myopic (can’t see much beyond the campus) they really didn’t foresee the… no-read-clickers. Yep, those people – I’m sure you all know at least 20 – who click ‘yes’ or ‘OK’ or whatever to get whatever they want doing to happen.

    That’s one problem – the no-read-clickers.

    And then, there’s the cry-wolf/warning-saturation filter. You see this thing keep popping up with every legitimate thing you want to do, and after about the umpteen-gazzilionth time, you just get sick of it. You’re in the middle of a process and a fair-dinkum warning comes up and you’re so intent on finishing that you’ve missed the fact that some other, illegitimate process is trying to bork your system.

    And you’re toast.

    I know that the Unix/Linux way seems so *wrong* to those fine folk at Redmond that see Linux as a cancer, but I don’t have those issues. Ever. In Ubuntu/Mint Linux. And no dramas, either. Ever. And I’m very productive. Always.

    Very clean, neat, slick software design. No wonder Pixar likes it. And why the really serious stuff – like web servers – run in Linux/Unix. None of this “this program is trying to do something to your system” rubbish. It doesn’t have rights in the *first* place. You have to *give* it rights. And then run it.

    Now, how hard is this to understand, M$?

  45. Robynsveil

    So, just to be clear, HTC: if you’re going to recommend something, recommend users understand that Windows is an *inherently* insecure OS for which UAC is a band-aid. A band-aid can prevent infection, but it is NOT a cure.

    The cure has to come from the OS developers. Do not rely on a band-aid to resolve all your security challenges.

    That message was not clear… because people really still believe M$ marketing rubbish that *now* Windows *is* secure. No, an educated person running well-designed software in a solid operating system can expect to be able to continue unabated by nuisances such as malware and viruses and the like. UAC cannot provide that for the novice, or even for the somewhat savvy who find their vigilance diluted by bogus ‘cry-wolf’ messages.

  46. Wolf

    “The only price you pay for using UAC is seeing an occasional box that you have to click Yes to”

    All of my clients are former, and if they were smart: current, XP users. UAC is more than just an annoying popup, unless you disable it, every time you open, install, update or upgrade a non-Micro$oft program it pops up. The writer of this article certanly has never built a computer for someone who is either a newb on computers or has finally had to replace the 95, 98, ME, 2K, NT, or XP computer that finally died on them. And before anyone says it: you still can connect to the internet with a windows 95, but you had better do nothing but check emails cause nothing else will load before the user gets pissed.

    I had to spend 25 hours, all day and all night on just one client who was having trouble with their UAC popping up every ten seconds. No, their system was not even on the internet, it was a stand-alone typing computer. I finally disabled UAC on all builds I did and lo and behold, the complaint calls stopped as well! UAC may be fine for people who did not begin on computers that when you went to install a program it just was: click the installer, agree to EULA, and wait and then use the program. Personally, I got tired of Windows nearly calling me an idiot anytime I dared to install a non-Micro$uck$ program on my computer.

    I now use WolfLinux, my personal build of Linux, even though my ISP refuses to add Linux to the supported OS’s, Apple and Microsoft, I can still do everything I need to do online with it and there are no UAC/gksudo pop-ups/prompts. I run 95 in a VM, and yes it can be done but it is not simple to do, so that I have internet connection. And I am building a XP server that will stay connected to the net and I will access that via a homenetwork. That will bypass the OS support issue with my ISP.

    UAC is just one way Micro$uck$ tried to be more like Apple and force us not to use third-party, open-source, or older programs over brand new, sleek designed, refuse-to-do-what-the-old-program-did programs.

    On my computers that I build, I offer 24/7/365 tech support, a replacement computer if I have to take the one in for repairs, and a lifetime warranty on all work done by me.

    No, UAC dies as soon as the OS is installed, and a real firewall, not the crap Windows built in, is up and running. I use Zone-Alarm Pro, AvastPro, Spybot, SAS, MBAM, Spyware-Blaster, Firefox or any Gecko based browser, and run everything inside Sandboxy Sandbox. If Windows was not so full of holes and open unused ports, I would not need to put a 1tb hdd in every single computer so I can protect it and bypass the crap Windows installs once a month, most of which disable older programs and printer/scanner/fax/copier drivers.

  47. Henry

    The only thing I ever do to UAC is turn it down one notch so that it doesn’t dim the desktop whenever things come up. I’ve found it can cause issues when running a video game or any other fullscreen application for that matter, where the game appears to jam up for a minute, cut to the desktop, then wait a second before the UAC box comes up.
    Tell it to not dim the screen and it’ll just sit there waiting on the desktop until you exit the full screen application, never had a problem with it since… Still requires a prompt on the same things as the default as well, so you’re not missing any cases that would normally flag up.

  48. Rener

    So don’t use UAC if you don’t want to. You think that all your complaining makes any difference to anyone who uses it? It makes absolutely no difference. Most criticisms here point to the fact that you have to always deal with a UAC prompt. Big deal, who cares. You’ve all convinced me of nothing.

  49. spike

    I normally turn it down one notch on my own station, but not others, since it doesn’t use the secure desktop then.
    Didn’t bother to read all the long rants; seemed pretty useless. I assume they are rants because they are long. Read through a couple and the long rant comments seem misinformed.
    Great article, HTG.

  50. Heoli

    All these opinions about bad UAC experiences sound so intense & frustrating. Well, grow up and get a life. Most of you sound like people who are easily-agitated or insane. I skipped all the long rants after the first few lines, writing more doesn’t get your point across any better. If you don’t like it then turn it off but don’t give us your overly-dramatic UAC stories. Don’t hear you and not interested.

  51. royalm

    Again, there is no use for this UAC thing when it interferes with support…like @Gregg says, most people click on ‘ok’ without even knowing what it is asking. You get tired of supporting it which is why I’m an expert at disabling it. And in at least 50% of my cases, my customers had not used their computers for days and even weeks sometimes, out of fear, not knowing what the question meant or how to answer it.

    The few of us – yes few – who are experienced enough to comment about this evidently have not been in the simple endusers shoes for quite some time, and as such shouldn’t speak for them or assume their level of understanding. Most of you work in the professional area, not with simple end-users like me. Some of us seem to forget that many are still on dialup or don’t even have computers…still today. There is nothing user-friendly about any o/s or UAC to them.

    Also @Gregg is correct about MSoft (and I like MS Koolaid!) and their inability to do it right the first time. If everything else we use daily was programmed anything like Windows, we’d be going backwards technologically instead of forward…think seriously about your car. We all just ‘deal’ with Windows or any o/s becasue we can’t do otherwise…except complain. We also can’t do without MS.

    So if you don’t like UAC, disable it and arrange for easier protection. Those that do like UAC, use it to your hearts delight.

  52. BAW30s

    I for one felt that they were all quite right to express their frustrations, and Microsoft should take heed for the future. It was cathartic for me to hear others to describe what I have often felt in language which was forceful but free of expletives. They have indeed grown up and got a life, and that’s why they resent wasting it wandering in a maze of neurotic controls. Yes, perhaps we can turn it off on our own computers, but often we “geeks” are called upon to help others who have no access to administrative accounts, let alone the hidden administrator’s.

    The incessant warnings are annoying for what normally seems to be no good purpose. Experienced users don’t need them and inexperienced people may be deterred from using their machine optimally while being little protected from real dangers. I often find that UAC actually traps the user in crippled system states by preventing curative measures from being taken. The joke about a dialogue box opening asking you “Did you really want to move your mouse one inch?” sometimes seems too close to reality for comfort…

  53. r

    what many here seem to miss is that Win OS isn’t designed exclusively just for you. It’s developed to be sold to the largest group of potential consumers as possible. It’s a question of market positioning & mass sales. If there are elements of the OS that you personally find useless then they weren’t intended for you anyway, but I guarantee that they were for other consumers who are also a significant segment of the market. In the end, the vast majority of people who get so pissed off over things like UAC still continue to use the OS.

  54. Bruce (PMToolsThatWork.com)

    I’ve never seen nor heard anyone say that UAC prevented a malware attack (e.g., report of virus X running around — users who had UAC enabled are protected … if they don’t say “yes” …). I turn off UAC on most PCs I work on, unless it is someone who pretty much sticks to browser/e-mail activities. If I leave it on I either get a call every time it goes off or the customer simply allows the action every time without question. There appears to be no reasonable basis to make a judgement by the customer on UAC alerts. At least with an antivirus, the program has a suspicion based upon the signature or activity. The UAC simply alerts a customer that an action is being taken (see @selvx’s list above) but without intelligent feedback on if this appears appropriate or not.

    I had a customer insist that I leave her antivirus turned off. It had become too annoying (What!?, Why?). Annoying “security” can be detrimental to security and reduce ones security sensitivity and alertness. I was a “thankless” computer security officer in the Air Force and I saw first hand how poorly designed and implemented security features undermined rather than enhanced security. Based upon my experience, UAC appears to fall into this category of counterproductive security features.

  55. SoL

    That’s because UAC is not there to warn of attacks. It’s there to limit users to certain privileges until a administrator decides to authorize elevation. If you don’t need to, or want to have your user privileges determined by an admin other than yourself, then simply turn it off. That’s why the option is there.

  56. Evel3

    Yes, if your user activity doesn’t need to be managed by another admin or if it annoys you every time someone calls when they get a UAC prompt then turn it off. Just be prepared to fix any problems that happen because you turned it off.

  57. fallout330

    UAC on Windows 7 is much less annoying than on Windows Vista. I just had to disable it on Vista.

  58. Brandon

    Anyone who hates UAC should absolutely HATE linux, since you have the same thing, but instead of just clicking yes, you have to retype your password.

  59. Jeff

    @D. L. Sinkler

    Maybe try to re associate the desktop files in the registry. If you are unsure of how to do that this link should help http://www.sevenforums.com/tutorials/19449-default-file-type-associations-restore.html It will allow you to download the corresponding registry files to load. If they are just the desktop links I would start out with the LNK file association to see if that works.

  60. RICK

    UAC is not so easy as you suggest i am afraid. Recently, an installed software package on one of our group members pc’s, destroyed and continually crashed software, due to an upgrade being applied. Simply put, the application suddenly began to crash, with no indications other than an “APP CRASH” being reported every time he tried to launch the software. After a great many hours trying to sort the issue, including numerous reinstallation of the complete package, and removal of anti virus and various other suspected packages, it was found that UAC was blocking only a part of the update, without a single report about this action. It was only when UAC was disabled that this package was able to successfully update, and it was again usable.
    For windows itself to crash an application, without any form of explanation as to why, is a very frustrating and hard situation to resolve.
    The package is known not malicious, and never has been. the update is not malicious nor does it pose any risks to the pc, being that it was only graphics/map based additions, nothing to do with system settings or program file changes.
    This package is, once again, an example of a poorly written, and poorly tested, windows subroutine.
    If it were as good as stated, it would have
    A: reported its actions to the administrator using his pc.
    B: Would not have falsely triggered a block to a package NOT making any changes to system nor program files essential packages.
    C: would have been far more easily diagnosed as the cause of the issues it created.
    This member was unable to use software for over a week after paying good money, for good software.
    Yet another example of a release not properly tested nor documented welll enough for other software developers to avoid this sort of issue!

  61. Sevl

    @ RICK : Nest time, just check Event Viewer, understand error codes and save yourself from wasting time.

  62. Ellen Camner

    UAC = Nightmare.

  63. Xan

    UAC enabled means you cannot easily operate on directories under C:\ which means the computer gets totally useless. 7-zip context menus won’t work, problems when developing under directories like “c:\prg” or “c:\tfs”, can’t easily edit files in root directory, all kind of small issues which add up to being a total nightmare.

    And NO you cannot put those file under the home directory because:

    1) It’s less easily accessible (long path or envvar to type)
    2) There is the 260 chars limit on paths which is easily crossed when going under the home dir

    This, plus the fact that disabling UAC kills metro applications, makes Windows 8 totally useless.

  64. MunKy

    “The only price you pay for using UAC is seeing an occasional box that you have to click Yes to (or click No if you weren’t expecting a prompt.) ”

    You obviously never encountered one of many problems written in vast amounts scattered throughout internet forums everywhere.

    UAC can get directly in the way of programs and permissions and sometimes its pot luck as to the solution. I have programs that run badly with admin access and I have programs that literally wont install while UAC is active.

    The popup box doesnt annoy me now. The way it feks with access privileges does especially when its a one person computer i.e.

    I AM GOD ON MY COMPUTER
    *oh wait, uac popped up… clickity click*
    NOW IM GOD ON MY COMPUTER!!!!

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!