Make User Account Control (UAC) Stop Blacking Out the Screen in Windows Vista
In Windows Vista, the screen goes dark when the User Account Control window comes up, which is extremely annoying. They call it the "Secure Desktop", but I think it's obnoxious.
Note that this will make your system less secure before proceeding.
Update: Windows Vista Home users should use the registry patch at the bottom of the article instead.
Windows Vista Business/Ultimate Users
To get to the configuration screen for this, type in security to the start menu search box. You should see the Local Security Policy as the top search item.
In the Local Security Policy window, browse down to Local Policies \ Security Options
Over in the right hand part of the window, scroll down near the bottom and find the item titled "User Account Control: Switch to the secure desktop when prompting for elevation". Double-click on it to open it up, then change it to disabled:
At this point Secure Desktop should be disabled.
Windows Vista Home Users
For Windows Home users, you will need to open up regedit via the start menu search box. Browse down to this registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Right-click in the right-hand pane and create a new 32-bit DWORD value called PromptOnSecureDesktop, setting the value to 0.
Downloadable Registry Tweak
Just download, extract, and double-click on the DisableSecureDesktop.reg file to enter the information into the registry. There's also an included EnableSecureDesktop.reg file to put things back to the way they were.
Download DisableSecureDesktop Registry Hack
Security Concerns
You can see by the large number of comments that this article is controversial. It's true, disabling security features will always make your system less secure, and you should strongly consider the consequences before you make any change like this.
'They call it the “Secure Desktop”, but I think it’s obnoxious.'
It is called that way for a reason. While a window is on the secure desktop, applications cannot interfere with it. With the secure desktop turned off, they can (and for instance a piece of malware could send an event to the window, making it believe the "Continue" button was clicked by you when it really shouldn't have).
I have Outlook 2002 and went over the maximum data storage amount. This closed that .pst file and now I can not run scan.pst to fix or WORSE can not merge it into Outlook 2007 due to error. If anyone could help me unlock all my e-mail, repair the error and then merge it into my new outlook 2007 I'd be so grateful. Plus is there anyway to increase automatically the Outlook box size so this never happens again?
"Note: This does make your system slightly less secure, so be warned."
Be clear to your readers. What this does is make it so the UAC dialog can be interfered with (accepted without your knwoledge) by another application, including a malicious one that triggered UAC by needing Administrator-level rights.
This is not accurate. The blacked-out screen is called a secure desktop. Other applications or processes can't send anything to the UAC prompt when it's in secure desktop mode. If you disable secure desktop, you are vulnerable to anything that wants to send an "invoke continue button" to the UAC dialog.
You might consider revising your post.
They don't call it Secure Desktop for no reason. Using Secure Desktop prevents other applications from spoofing the UAC prompt window.
All you have done here is encourage users to get owned by shatter attacks. The same way that shatter attacks can easily own Linux or Apple su dialogs.
Updating your post with some warnings about your steps, as well as providing some information on what this all about, would be a good idea.
Please do NOT do this! This is not just disabling the cosmetic black screen. Windows allows one program to send messages to another. Secure desktop temporarily prevents these messages from going through. If you disable it, then virus and malware can send a "click" message to the secure prompt dialog, which basically means they can do the honor of clicking OK for you. In other words, this is as good as turning off your security altogether.
Won't this allow malicious programs to send a "continue" signal to the dialog box, thus defeating the purpose of UAC?
Thank you very much. Love it.
I agree, this makes the system less secure.
This article is about giving you the option to change the behavior if you so choose.
Get a Mac.
@Sara - look here http://support.microsoft.com/?kbid=296088
@tib - if people wanted a mac they would have bought one. go back to playing pong or whatever the latest game on the mac is.
Sure it makes it less secure. However, anyone who actually does this probably isnt a novice. Most likely power users will shut this off as it is freaking annoying and I have complete control over what comes into this machine and leaves it. So as the others say dont do this 'patch' unless you know what you are doing already!
I ended up returning Vista and had the computer shop reinstall Windows Vista. It just doesn't work right for me. Thank you for these articles, though!
I really hope Microsoft takes care of this on their own in a future service pack or update.
Slightly less secure?
By doing this, you may as well just switch UAC off!
I was looking for a way of doing just that. Thanks a bunch.
Adam:
Ah, but turning UAC of is not the same, as it prevents you from doing some things (try installing the latest acrobat reader without UAC).
The black screen is horrible, distracting and uncomfortable, MS should find a better way to do this. In the mean while the likes of me that don't get malware installed (usually) are just plain irritated by this screen, so,
GEEK: thank you.
You've GOT to be kidding. You want to make your computer less secure because you don't like the visual effects associated with it? And not only that, you're telling OTHER people to compromise their own security just for the visual effect.
When windows displays a security dialog, it places the dialog on a separate desktop so that programs can't take control of your computer away from you. When a new desktop shows up, the old desktop is greyed out to show you that it's inactive. THAT's why the screen goes dark.
What you're suggesting is putting security-related windows on the standard desktop, which means that any program running on your computer can assume administrative rights without your intervention.
Really, that's just plain stupid. You're just asking to get hacked.
@Tyler:
You call this screen blanking event a "visual effect?!" Surely you are joking. If the way you describe it is accurate, why don't they use the Aero interface to smoothly grey out the screen? THEN I might consider it a "visual effect." If they want to get _really_ slick, they should blur the current background and present the Secure Desktop on top of the blurred general desktop. I don't think that is what is happening though.
It seems to me more as though they are changing the mode of the graphics driver. Sometimes when I have the Secure Desktop switch, I get a notification bubble suggesting that the graphics driver has stopped working, but has recovered.
I actually am pretty annoyed by this whole Secure Desktop blank screen issue, and hope the MS team can find a more elegant solution soon.
What's annoying about the secure desktop is not that it blacks out the rest of the desktop, but that it temporarily disables aero. The flicker is annoying and takes an extra two seconds.
"The “UAC” mode in linux is much simpler, especially in Ubuntu. You are only prompted for your password the first time you try to make a system change, and then it doesn’t ask you again for a few minutes, as opposed to every single administrative function you click in Windows Vista."
This is incorrect. Vista does carry _root sessions. I've witnessed this many times were I was able to make an administrative action (which triggered UAC), then make subsequent actions 9which otherwise would trigger UAC) without re-triggering UAC.
George,
The UAC mode does not "save" in Vista. What is happening is that the application that you first ran in admin mode is launching the other applications, which will then run in admin mode as well, because they are being opened by that process.
If you were to go to a completely different screen, you would still be prompted.
I noticed that when you log in to Vista remotely (with RDP), the UAC prompts open in the secure desktop as normal, but WITHOUT taking a screenshot of your desktop.
Obviously this helps speed things up over the network connection, but it also effectively removes the “flashing black screen”, since the whole snapshot piece is removed from the equation.
So my question is… how do we turn of the “snapshot” “feature” and just make it use regular secure desktop (with no background)? This would keep security tight, but help to remove the infuriating flickering…
Any ideas anyone?
What Richiepoo said is spot on. If they did what he said below I would be so much happier
"why don’t they use the Aero interface to smoothly grey out the screen? THEN I might consider it a “visual effect.” If they want to get _really_ slick, they should blur the current background and present the Secure Desktop on top of the blurred general desktop."
Linux implementation is unsafe because it leave open the entire session during elevation
Linux implementation is unsafe because it leaves opened the entire session during elevation
What makes this useful is the fact that Secure Windows has a tendency to cause programs that use DirectX and other like assistants to error and shut down.
It's a great safety feature, but if every time someone tries to run a program, and then have to quit said program to simply open up a new one, then it's doing more harm than help for most.
And then if you're stuck in a situation where you wish to use 2 programs that require DX, then you're really in a pickle. One at a time only, I'm afraid. Or at least, if you don't tweak it yourself.
I want the UAC Secure Desktop prompt, but without the screen darkening! The prompt "Windows requires your permission to continue" is OK. I can live with that. But I can't stand the dark background. It is intolerable. Why?
When I dismiss the prompt quickly, what I have to endure is a violent flash from the screen as its brightness plunges briefly and then brightens up again. It messes with my eyes because the sudden brightness change it makes my pupils dilate and then shrink again. It is like a strobe light in reverse and it is horrible. It gives me a headache. Even if I close my eyes the brightness change is still bothersome. Please, there must be a way to keep the UAC prompt and its functionality but stop it from messing with the screen.
Phil,
I could not agree with you more… it's so irritating. There's also a delay of about 3-5 seconds on my machine for some reason while the screen flickers in and out.
This is the only way to keep the prompt but turn off the flashing… unless MS decides to fix this problem.
I think what I'm reading is that the blacking out of the screen isn't the issue, and even the UAC dialog being in Aero Basic isn't the issue, but the "flashing" or "3-5 second delay" or "flickering" is the issue.
I think the issue then is that you need a newer graphics card or newer drivers.
I don't have any of those issues on my laptop, it's pretty much instant.
Get a MAC!!!
Yes Kearns, this damn flickering is the issue. But what I don't understand is why this happen only in secure desktop or (in my case) windows logon. I have the Mobile Intel® 945GM Express Chipset with the lastest drivers (ver 15.4.3, date 6/6/07).
I just thought I would add my two penneth worth, I agree that if it is not able to be hacked, we wish, it is a good idea but I dislike the way that vista does the UAC, it is slow and annoying. It is a good security measure destroyed by a corporate idea that you need to have more security and lets make it obvious, I wonder how many MS engineers leave it on.
Why can't I run some of my programs bypassing the check using the user id I choose (sudo). If I don’t want security in some programs then that is my choice. Thanks for this hack it is less annoying than disabling the UAC and getting the security warning.
I'm not an expert and I don't really understand computers. All I can say is that the rubbish that Vista is doing will result in LESS security because it is SO annoying that the average person will probably not want it. Vista takes AGES to do anything and the black screen is ridiculous. If I want to delete a bloody shortcut on the start up menu it comes up. I have to turn off my firewall because it wont let me download music LEGALLY through itunes. The protected internet won't let me watch BBC Question Time online!! It is STUPID!! And (worst) if any web pages run slightly slow (which some do because of stupid vista) it closes them ALL - HOW DO I STOP THIS HAPPENING??? Serious question - everything on my comp is backed up (and most is on email) so who cares if my computer is hacked? How can it possibly be more hassle than dealing with well meaning security features?
If people want to change the way Vista works, they should be able too. This is what makes open source software so great if you want to remove,modify something you should be able too. Not go with what the author of the program thinks is what the user needs/wants. Nothing is 100% secure and never will be. Having a program prompt you 3-4 times is not my idea of secure, if i open up group policy, then open up another program which requires admin privs UAC should remember it, also Linux allows one to bypass the password prompt when using sudo, which many could say is a security issue why, if someone hacks my user account gets auto root access. It's the same with UAC it's the admin's issue to disable it or not.
The problem I had with this is that when it comes up OUT of the secure desktop mode it does not restore the graphics display driver settings correctly. Thus if you are in extended screen mode it forgets about the second screen. Or if you have a the screen rotated 90 degrees from the default (I have a convertible tablet) it forgets that. The blinking of the screen is annoying, but not worth turning off the security. The fact that it doesn't restore to the previous state is a bug, and should be fixed.
Oh dear oh dear….
All i hear is a bunch of cry babies..
"oohhh it makes your systems vulnerable to attacks!"
"Applications can force a 'continue' on the 'secure desktop'"
"Your wrong!..your wrong! It's not a visual effect!"
"makes your system vulnerable to attacks"
Of course it does…
So does not installing anti-virus software…so does not turning on your firewall…so does not using some malware protection software…
Whats the big deal about UAC then? If it's such a 'necessity' then why does it even give you the option of switching it off in control panel? The same reason it's optional to install and use anti-virus/malware/firewall software….OPTIONAL
Heres a scenario for you, you want to drive to the shop…how:
Put key in car door, unlock the car, switch on ignition…perform usual tasks to drive
Now heres the same scenarion with UAC
Put key in car door, answer the car back by saying i am the boss let me put the key in now, car hesitates asks you one more time while the lights go out, tell it your the boss again, car hesitates lights go on key goes in the door.
Unlock door, answer the car back by saying you are the boss open the god damn door, car hesitates asks you one more time while the lights go out, (damn those lights gotta change the bulb, i'll get one at the shop whenever the hell i get there), tell it one more time you are the boss, car hesitates lights go on door unlocks.
Switch on ignition…
you get the picture…it adds further steps to the simplest tasks.
"Applications can force a 'continue' on the 'secure desktop'"
That is also very true…but again, whats the problem? Any application that requires confirmation from the 'secure desktop' is obviously already on the machine, or wants on your machine…Any application that is already on my machine has been put there by windows or myself, i know this because i am an experienced windows user who takes a lot of care with my system. I am also at peace of mind that my anti-virus/malware/firewall software will pick up any unwanted .dll, or the like, registering on my computer.So any application that needs my confirmation for something will be one that i have installed for a reason…
Reply back with…yeah but anti-virus/malware software etc etc doesn't always work you might still get a virus that does something and because UAC is off your not protected…blah blah…No..i have never once had a virus that i did not put on my computer voluntarily, meaning i downloaded a bad zip etc and got infected…those were the days when i didn't bother with antivirus software…i do now and i have never had a virus on my machine since. They have always been stoppedbefore they were put on.
"Your wrong!..your wrong! It's not a visual effect!"
I dont care…it flashes the screen black then transparent black, then flashes black when it returns to normal…it almost feels like a gunshot going off…BOOOOM!! CONTINUE!! BOOOOM!! Thats enough a visual effect as it needs to be…
My last comments…
I just want to finally say that it really is a pain in the ass…People who have been using computers for years…(i would hope) know how to keep their computer neat and tidy…and secure. They know that when they go into 'Program Files' and Create a new folder…they really do just want to create a folder, no hassle…with UAC…everytime you create a folder it's an episode, Yes i do want to create the folder….'you sure?' god damn…yes…'okay theres your folder'…fine but whats the folder called? 'New Folder' well thats bullshit, i need to change the name…popup…'you sure? God damn! Thats the point when it should stop…but no…one more, just for fun.
So how many popups to create a folder you want? 4………what an ass
"You call this screen blanking event a "visual effect?!" Surely you are joking. If the way you describe it is accurate, why don't they use the Aero interface to smoothly grey out the screen? THEN I might consider it a "visual effect." If they want to get _really_ slick, they should blur the current background and present the Secure Desktop on top of the blurred general desktop. I don't think that is what is happening though.
It seems to me more as though they are changing the mode of the graphics driver. Sometimes when I have the Secure Desktop switch, I get a notification bubble suggesting that the graphics driver has stopped working, but has recovered.
I actually am pretty annoyed by this whole Secure Desktop blank screen issue, and hope the MS team can find a more elegant solution soon. "
Graphics driver errors popping up too?….and your not going to disable UAC??
man your way more patient that i am…UAC is clearly a bigger ass to you that it is to me.
Wow that was easy and sure stopped something that really bugged me.
Thank You "Muchly"
Cuggie
It has been said earlier on in the comments that the Gksu and Kdesu dialogs in Linux can be "smashed" by malicious programs. This is completely false. One, the gksu and kdesu dialogs require your password. Secondly, I know for a fact that gksu will warn you if another program seems to have control over the keyboard or mouse (on a slow enough computer, if you launch a program with gksu and then focus a terminal window at exactly the right moment, you can generate a false alarm).
See the manual page for gksu for more information on how to temporarily disable the keyboard and mouse locking warning.
my main problem is on vistas control panel it says your systems administrater has disabled the launching of the display control panel so I cant have a desktop Help. anne
No offense but, turning off the secure desktop prompt isn't turning off UAC. All the user permissions and virtualization still take place, so it's still hard to mess things up or, God forbid, get "h@cked".
Anyways it doesnt' matter how many "security" measures you put into place, how secure your computer is depends 100% on the end-user. The end users that really f*ck their computers up doing things that no one with common sense would do will still manage to mess a system up. MS is trying to babysit for regular users(which is really hard but you can't blame them for trying), but lets power users control their environment, such as turning off secure desktop prompting, amongst other things.
You want proof? I've run my home systems with just my basic firewall on my lynksys home router, no windows firewall, no antivirus on my main windows account(AVG Home run for some of my accounts) and I've used this comptuer for regular web browsing, gaming, email etc. It's runs amazing because it's not being killed by 100 processes that get installed everytime i download stuff. Don't go to p0rn warez sites, don't use peer to peer software and gambling sites. I never have had a problem, and I've had this setup for over 3 years.
Just scan what you don't trust, don't install what you don't know, clean up your startup(regiustry included) once in a while, spyware scan once in a while… companies make money on publishing fear and hack stories, which result is your computer run at half performance, but your no safer.
.
The easiest thing would have been to to be able to put a checkmark on the program the first time you run/install it to either giving it permission or NOT. It ticks me off that certain programs (because they are non-MSFT) have to get permission EVERY time you run it due to UAC
hehe, looks like 70% of the first posts were MS employees
They blank screen reminds me of the old Timex Sinclair.
I'm amazed that people consider this silly screen blanking to be a good thing.
I turn this off, and if I accidentally install a program that contains a virus, my avast antivirus goes off the deep end anyway.
I cannot believe the people on here who are apologizing for Microsoft for this one. I just got my first Vista computer yesterday and I am already at the breaking point… there are SIX (count 'em, SIX) confirmations required to create & rename a new folder in Program Files and copy a program into the new folder.
Dear Microsoft: If you make your security measures annoying and hard to live with, people will just turn them off. It's like an automatically locking door that keeps locking people out. Pretty soon somebody is going to stick a piece of wood in the door and prop it open… and there goes your security! If you want people to adopt a security measure, it can't be annoying!!
…and don't even get me STARTED on the Office 2007 UI… hfkaw;lgbnaws.xbnas.nasf… Why am I still dealing with Microsoft stupidity in 2008?!?!
Thank you for this page!
The thing about this is the simple fact that MS chose the black screen effect (an effect of my hardware to handle this malware protection) instead of just addressing the malware protection otherwise and quit being hard on my eyes and hardware. I like Vista but MS needs to learn from Sysinternals about how they could make the UAC worth using for their clients. The UAC is a very complex system to understand for the regular user, but completely user unfriendly. It is all or nothing and no choices for the user or administrator to set things specifically for their chosen applications. No one needs prompted 2 to 3 times from an icon they clicked on their desktop multiple times a day. Basic freshman or High School Psychology knows repetition is something humans hate, let alone repeating themselves. We built PC's to handle these repetitive tasks for us, not to feed them back to ourselves!
Thank you very, very much for posting this article, it helped a lot of people, including my brother. He sends his regards.
And in response to the people who wet themselves at the thought of disabling the UAC, well, it shouldn't be the only protection you've got on your computer in the first place. But, you know, God forbid you don't have ten confirmation requests every time you want to open a folder! Turn UAC back on this very instant~*~*~!
Even Bill turned off his UAC. Thanks for the tip. The pros/cons chit-chat was enlightening. Just let the reader decide based on what they can risk or not. For me, I just made my Vista less annoying
The problem with the UAC black screen is worse when watching videos or something within Windows media centre - it stops the playback during and for a few second after the UAC prompt - very annoying if you miss something important! Great article for people who use applications that trigger then UAC!
Thank you for this . Heres why I had to do it .
I use a Wacom tablet and also run ZoneAlarm .
Anything that prompted this from ZoneAlarm or whatever meant
my tablet would not work on my laptop. I would then have to go to
my mousepad on the laptop which I hate using and click continue.
The last time I had to deal with this was after running regedit and then not being
able to use my tablet to say OK to get to the registry. Now after adding the 0 for the
value and closing I quickly went back to check out going to regedit and voila , I could say
yes to it with the tablet . Thanks. what a headache that was becoming.
Interesting debate over this, but I'm with the 'power user' approach to this.
I too have had a home desktop for about 3 years now. I've never reformatted (i know I prolly should), never had a firewall on it, had it through Uni - so it's been on some dodgy networks and leeched connections in it's time. I do run Spybot and AdAware every couple of months or so and it always manages to find something (I'm thinking it's thanks to facebook personally) - but nothing really bad. I have NEVER had a virus play havok on any machine I've owned (had one or two thanks to bad downloads but AVG vaulted them before I knew the download had finished), and I've always operated under the same general system setup.
If you're the type of person that when your computer plays up grabs the phone and calls your child/colleague/parent/neighbour then please god leave this thing switched on! If on the other hand you can generally fix your machine whatever comes accross - be that with prior knowledge or an understanding of the power of google, then switch this off if you want to reduce your daily click count and save your mouse from dying earlier than it should.
Those who have the power and the confidence: Save a mouse, turn off UAC
Load SUPERAntiSpyware and check for updates then scan PC. I have used this software to correct other problems.
The problem with the UAC black screen can be turned off separately without turning UAC off.
Now it does not disturb my DVB Tuner (TV) - Big releif! The blackening out really bugged me.
It is done under "adminstrative tools" (Ultimate)
- "Local security policies"
- "security options"
- "User Account Control: Switch to the secure desktop when prompting for elevation" set 'disable'
(it is near the bottom)
This can be done in registry for Vista home
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
Right-click in the right-hand pane and create a new 32-bit DWORD value called PromptOnSecureDesktop, setting the value to 0.
To those who complains that UAC appears when creating a folder in Program Files, I want to ask, WHAT ARE YOU DOING? UAC prompts when doing just that is common. Program Files is not where you put your files, that where your Documents is for. If you have your own executables, put them on the Application Data folder under your Users directory (the way utorrent correctly did). You have no reason to manually put files of any kind in Program Files. Misusing that folder and then blame UAC for doing its job is moronic and show how n00b you can be.
Geek,
I was using Vista for a while and got so very pissed off at this UAC thing that I was about to throw Vista out untill I encountered your post.
Thanks a bunch for this tip, it makes my Vista experience so much better.
I just got a new laptop with Vista on it–I've been fortunate that my older desktop has XP Pro on it instead–and in one week, the UAC has driven me completely insane.
I've worked on computers for over 20 years, a couple of years as a techie, and this feature in Vista has filled me with rage! I wanted to go in and examine some files in documents and settings–I never use that directory for downloads, as it's simpler to create a top level directory for that, and it denied me access. That's when I realized that more and more PCs are being dumbed down in an effort to take some of the market away from Mac, where techno ability is not mandatory, nor even encouraged.
After 20+ years of working with PCs, downloading plenty of shareware, freeware, demos and other things, installing hard drives, mobos, sound cards, and everything else under the sun, I have never had a serious contagion, nor lost the contents of a hard drive. Indeed, I am frankly surprised at how cowed some people are when it comes to learning a thing or two about a machine which has become so necessary in their lives, and for which they should have at the very least, a working knowledge in case of an emergency of some sort.
Perhaps I'm just old school in this respect, but a feature that makes it nigh impossible for me to be in charge of my own PC needs to be either eliminated or made irrelevant.
mark,
your advice did save my nerves and in consequence also my laptop; it did not have to land on the yard underneath my window. It wasn't so much the blackout screen. When the machine was new darkness was over in a second. But now when many files and programs have been installed the screen first blackens for 20 seconds, then I get the prompter to permit the task, and then the second half of the night commences. After I put that 0 into the registry I still get the said permission prompter, but it takes only fractions of a second to land on the workshop floor.
What was the system doing in the dark? Did it have to do whatever it did time and time again?
Machines never seem to learn.
HG
Works for me.. Perfect tip!!
I used the downloadable tweak for my Home Premium version and it worked swimmingly! Just a note to say I love you, 'cause now my computer doesn't twitch and freak out anytime it asks me for permission to do basically anything under the sun. (:
Thanks!
~Marie
This worked wonderfully for me, thanks!
To all who bring up security issues I ask, why would anyone write malware to target this small vulnerability enabled by probably less than 1 percent of vista users? I'm thinking security through obscurity here…
Hello. I have a related problem. lately, my UAC has been taking its sweet time to load for certain apps. I think it gets stuck because the only way I can force it to appear is to start up another program which requires UAC (in a crude Push/Pop sort of manner). Can you explain what is going on?
I have UAC enabled, and still got a virus. Someone gave me a patch for a program, to update it. And guess what, a patch altering files in program files, requires elevation. So i hit allow, and then it infected my pc. Great protection… really… Thats so great i almost pizzed myself laughing when i saw a virus tare up my pc.
UAC doesn't really protect the majority of people because the majority of people dont have a clue if they should hit continue or cancel. I've seen this over and over again, most will just click Continue.. One of the comments of web development is it takes three clicks before user will think and most users dont want to think.
I want to turn off UAC but I cant because I need the protection. Even with virus protection, spyware protection, etc on my computers its amazing I still need UAC. I probably have half a gig of ram and 10% of my processing power used up by the security programs currently loaded. What a joke. Why not just build a more secure operating system platform that doesnt have so many loose ends in the code and has more use of digital certificates that a user can grant or deny.
Yeah! Thanks….
Finally I got out of that annoying black screen!
For anyone using this tweak, I would suggest requiring a password on the elevation prompt so that it would not be possible for an external program to click through on it. There are a couple of ways to do this.
The easiest method is to simply use a standard user regularly instead of an administrative user and have the administrative user passworded.
The other method also requires having your administrative user passworded, but will make it prompt for a password even when you are directly logged into that user, rather than just giving the continue or cancel buttons. To enable this on Vista Business or higher, it is one of the UAC-related settings in the Local Security Policy snapin for MMC. For the others, there is a registry setting somewhere that can be changed for the same effect.
One side effect of this is that Vista no longer has to do any randomization of the layout to help prevent the button from being clicked, as a password is needed and not just a simple click. This means that the elevation prompt's layout is now completely consistent whenever it is shown. It also means no more reaching for the mouse to click continue; just password, enter.
some of these arguments are moronic
1: What microsoft is symply doing is allowing the user to get more envolved in their own security. With out any prompts you are less likly to be active in preventing potential threats; UAC also gives some info so the user can research the cause for such activites. UAC stops automatic inffection but cannot protect from some moron manually enffecting their PC. Responsabliy is now in the user's hands.
2: If you dont want to be alerted to something trying to take control of your PC and think that microsoft should do something to better protect the os then the solution is to stop all 3rd party developement.
I stand by my previous comment on this subject by re-iterating:
"I just want to finally say that it really is a pain in the ass…People who have been using computers for years…(i would hope) know how to keep their computer neat and tidy…and secure. They know that when they go into 'Program Files' and Create a new folder…they really do just want to create a folder, no hassle…with UAC…everytime you create a folder it's an episode, Yes i do want to create the folder….'you sure?' god damn…yes…'okay theres your folder'…fine but whats the folder called? 'New Folder' well thats bullshit, i need to change the name…popup…'you sure? God damn! Thats the point when it should stop…but no…one more, just for fun.
So how many popups to create a folder you want? 4………what an ass"
kingjubba, i'm thinking you are the clearest thinking person here.
if i clicked create new folder i'm pretty sure i wanted to do that and that i wanted to give it a name other than 'new folder' and if i'm installing new software as i did when i first installed vista, holy crap that UAC must've popped up like 30 times an hour. needless to say i disabled it.
funny, i haven't gotten hacked or scammed or spammed or ANYthing in the last 6 months i've had it off. wierd, cuz, like, before, i was getting hacked, like, all the time.
whatever.
if it's on my computer it's because i put it there, and i'm fairly certain my computer isn't trying to hack itself.
You've got it all wrong. It is not asking if you really want to do that action; it is asking if you want to allow the program to have full access rights to be able to do it. Also, having an option to remember that you have given the program permission to have full access would be a serious security risk, in my opinion. Ever heard of an Explorer shell extension? They run inside Windows Explorer and would have access to anything Explorer can access, even if it was a malicious shell extension.
As far as elevation prompts when creating new folders, that is because you are creating a folder in a place where only administrators are allowed to write. If you create a folder in a place where you already have access, there is no prompt. Also, as of SP1, there is only one elevation prompt for creating a new folder in one of those locations and giving it a name, provided you have not clicked away from the renaming box before giving it the name you want.
If you often work with the locations where only administrators have write access, there is a way to use "Run as administrator" for an explorer window. First you have to enable "Launch folder windows in a separate process" under the View tab in Folder Options. Then with no folder windows open, right-click a Windows Explorer shortcut (one is available under All Programs -> Accessories). Not having any explorer windows open is important, because it will only run one additional explorer.exe process and no more.
By the way, if you go to any other popular operating system (GNU/Linux and Mac OSX, for example), you will see basically the same kinds of systems in place like Windows Vista's elevation prompt and needing to run a program as an administrator (or root) to change anything that affects other users, like locations where programs are installed and changing various system settings, etc. This is not going away any time soon.
Trojans still find a way around it without an "Elevated" prompt. Browser hijacking still occurs. Nothing should ever be able to write to the system32 directory. They need a better solution to handle developers needs. While more difficult, it is still just as vulnerable. Computers were designed to handle repetitive tasks, not feed them back to the user, which is still what is happening for programs that have ran for months without any malicious activity.
I can't even believe that there are proponents to the "Secure Desktop" at all!
When I first got my tablet, UAC was fine, and a small flash was no bother, but then what? I updated my graphics card driver, and now it takes almost TEN SECONDS to pop up the UAC dialog, another ten to re-render the normal desktop when I'm done. It's ridiculous. MS could have stopped inter-window communications between UAC and other programs without effecting the display.
I would rather not roll back my driver, since general graphics performance has improved. Don't even say it's because you're running a lot of processes; it's not, it's because of the new driver. And seeing that it's a tablet, I won't be replacing the graphics card anytime soon. So, for someone in my position, disabling "secure desktop" would be feasible.
I can deal with the dialog, but adding 20 seconds to the launch time for a program is ridiculous! Count me out.
Bryan, you say that there is no reason to make a new folder inside of "Program Files", but this is not true. There are plenty of good programs (mplayer, for example) that don't come with an installer, and I would rather have them in "Program Files" than "Application Data".
The black/blank screen (a most ANNOYING feature) is probably unnecessary. A quick flash or flicker is tolerable, but not this many seconds of black/blank screen.
They probably can EASILY do away with the black/blank screen and still have the secure feature. But then you would not be reminded that they provide a special feature to "secure" you, and they want you to remember at all times that they "created the universe" - lol. Despite all their wealth and power, they still have the basic human need - i.e. a craving to be recognized and to be fully credited for work done (even if it means annoying you a bit).