Security feature in Microsoft"s new Windows (Vista) could drive users nuts

"SEATTLE - An annoying surprise awaits 2 million consumers expected to
enthusiastically step forward in the next few weeks to help Microsoft test
its new Windows Vista PC operating system.

Volunteers will test Vista Beta 2, a near-final version of the much-hyped
upgrade of Windows. The testing is the last step leading up to Vista's
broad consumer release, scheduled for January.

Beta 2 testers can expect to encounter an obtrusive security feature, called
User Account Control (UAC). Designed to prevent intruders from performing
harmful tasks, the feature grays out the computer screen, then prods you to
confirm that you really want to do certain functions.

In early test versions, the queries crop up so often that they interrupt
routine tasks, such as changing the time clock or deleting shortcuts. And
UAC sometimes triggers an endless loop of dialogue boxes that can be
curtailed only by rebooting, says Paul Thurrott, news editor of Windows IT
Pro magazine."

http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34

-- Imhotep

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

I have been using Beta 2 and have not noticed the severity to the point
where I have had to reboot the computer. The feature is a security option
that can be turned off in Local Security Policy if the user wishes to and
would rather accept the risk of doing so though and there will probably be
an adequate explanation for those who want to if they access built in help.

It will be interesting to see where users and what percentage draw the line
between convenience and security as my guess is that Vista will have UAC
enabled in the final version and it should be. I don't know however if there
will be an exception list to run certain tasks without the prompt that could
include MD5 hashes of executable files that a local administrator specifies
[similar to software firewall application rules] and possibly even exempt
users that could only be designated by the built in administrator account.
Typically all or nothing approaches are not received well even with the best
of intentions. --- Steve


"Imhotep" wrote in message
news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
> "SEATTLE - An annoying surprise awaits 2 million consumers expected to
> enthusiastically step forward in the next few weeks to help Microsoft test
> its new Windows Vista PC operating system.
>
> Volunteers will test Vista Beta 2, a near-final version of the much-hyped
> upgrade of Windows. The testing is the last step leading up to Vista's
> broad consumer release, scheduled for January.
>
> Beta 2 testers can expect to encounter an obtrusive security feature,
> called
> User Account Control (UAC). Designed to prevent intruders from performing
> harmful tasks, the feature grays out the computer screen, then prods you
> to
> confirm that you really want to do certain functions.
>
> In early test versions, the queries crop up so often that they interrupt
> routine tasks, such as changing the time clock or deleting shortcuts. And
> UAC sometimes triggers an endless loop of dialogue boxes that can be
> curtailed only by rebooting, says Paul Thurrott, news editor of Windows IT
> Pro magazine."
>
> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>
> -- Imhotep

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

My own feeling is that the jury is (not yet formed but effectively) still
out
on consumer acceptance of the final form of this feature. Once the
behavior is refined for release, AIUI the intent is for people that use an
admin account as their normal login to not imperil their machine by so
doing, and yet when they do activate something that does require use
of their admin privs they will be allowed to do so.
Now, in the current and prior builds many testers do find the feature
to be obnoxious. But then those testers are characteristically doing all
sorts of things that use their admin privs (exploring all the config
settings,
installing components, etc.) so perhaps the current test sample is not
characteristic of the consumer base that will only occassionally be
doing something requiring the elevated privs.

"Imhotep" wrote in message
news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
> "SEATTLE - An annoying surprise awaits 2 million consumers expected to
> enthusiastically step forward in the next few weeks to help Microsoft test
> its new Windows Vista PC operating system.
>
> Volunteers will test Vista Beta 2, a near-final version of the much-hyped
> upgrade of Windows. The testing is the last step leading up to Vista's
> broad consumer release, scheduled for January.
>
> Beta 2 testers can expect to encounter an obtrusive security feature,
> called
> User Account Control (UAC). Designed to prevent intruders from performing
> harmful tasks, the feature grays out the computer screen, then prods you
> to
> confirm that you really want to do certain functions.
>
> In early test versions, the queries crop up so often that they interrupt
> routine tasks, such as changing the time clock or deleting shortcuts. And
> UAC sometimes triggers an endless loop of dialogue boxes that can be
> curtailed only by rebooting, says Paul Thurrott, news editor of Windows IT
> Pro magazine."
>
> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>
> -- Imhotep

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

I am not real hopeful. Consider that a lot if not the majority of drivers
will not wear their seat belts which is an action that can save their life
or prevent great bodily harm. Hence we now have air bags that added cost to
the purchase of a car. Consumers are waiting for MS to implement an air bag
in the operating system. --- Steve


"Roger Abell [MVP]" wrote in message
news:e9REqQbeGHA.3792@TK2MSFTNGP03.phx.gbl...
> My own feeling is that the jury is (not yet formed but effectively) still
> out
> on consumer acceptance of the final form of this feature. Once the
> behavior is refined for release, AIUI the intent is for people that use an
> admin account as their normal login to not imperil their machine by so
> doing, and yet when they do activate something that does require use
> of their admin privs they will be allowed to do so.
> Now, in the current and prior builds many testers do find the feature
> to be obnoxious. But then those testers are characteristically doing all
> sorts of things that use their admin privs (exploring all the config
> settings,
> installing components, etc.) so perhaps the current test sample is not
> characteristic of the consumer base that will only occassionally be
> doing something requiring the elevated privs.
>
> "Imhotep" wrote in message
> news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
>> "SEATTLE - An annoying surprise awaits 2 million consumers expected to
>> enthusiastically step forward in the next few weeks to help Microsoft
>> test
>> its new Windows Vista PC operating system.
>>
>> Volunteers will test Vista Beta 2, a near-final version of the much-hyped
>> upgrade of Windows. The testing is the last step leading up to Vista's
>> broad consumer release, scheduled for January.
>>
>> Beta 2 testers can expect to encounter an obtrusive security feature,
>> called
>> User Account Control (UAC). Designed to prevent intruders from performing
>> harmful tasks, the feature grays out the computer screen, then prods you
>> to
>> confirm that you really want to do certain functions.
>>
>> In early test versions, the queries crop up so often that they interrupt
>> routine tasks, such as changing the time clock or deleting shortcuts. And
>> UAC sometimes triggers an endless loop of dialogue boxes that can be
>> curtailed only by rebooting, says Paul Thurrott, news editor of Windows
>> IT
>> Pro magazine."
>>
>> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>>
>> -- Imhotep
>
>

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

"Steven L Umbach" writes:

> I am not real hopeful. Consider that a lot if not the majority of drivers
> will not wear their seat belts which is an action that can save their life
> or prevent great bodily harm. Hence we now have air bags that added cost to
> the purchase of a car. Consumers are waiting for MS to implement an air bag
> in the operating system. --- Steve

What was especially ironic and stupid about the original air bag
mandate is the paradox that
a) in the US, manufacturers were forced to design to a spect
that would restrain an unbelted passenger
but
b) as we learned through decapitations, blindings, and
maimings, first generation airbags especially those in the
US of the full deployment variety were totally unsafe to an
unbelted occupant too close the steering wheel.

Good times, eh?

That paradox has been corrected with low deployment force bags, and
additions of seat occupancy sensors and defeatable deployment for
passenger side bags, etc. But still, dont' think for a minute that
the airbag mandate doesn't have the grubby paws of the airbag
manufacturer's lobby all over it, and don't think for a moment that
for the same incremental increase in cost of an auto, there aren't
design improvements that would yield more overall safety than an
airbag in every steering column.

At least new cars aren't shipping with bombs in the steering columns
that'd snap grandma in half or pop infants' heads off.

Best Regards,
--
Todd H.
http://www.toddh.net/

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

"Steven L Umbach" writes:

>I am not real hopeful. Consider that a lot if not the majority of drivers
>will not wear their seat belts which is an action that can save their life
>or prevent great bodily harm. Hence we now have air bags that added cost to
>the purchase of a car. Consumers are waiting for MS to implement an air bag
>in the operating system. --- Steve

And if those airbags caused you to have to restart your car four or five
times a day....


>"Roger Abell [MVP]" wrote in message
>news:e9REqQbeGHA.3792@TK2MSFTNGP03.phx.gbl...
>> My own feeling is that the jury is (not yet formed but effectively) still
>> out
>> on consumer acceptance of the final form of this feature. Once the
>> behavior is refined for release, AIUI the intent is for people that use an
>> admin account as their normal login to not imperil their machine by so
>> doing, and yet when they do activate something that does require use
>> of their admin privs they will be allowed to do so.
>> Now, in the current and prior builds many testers do find the feature
>> to be obnoxious. But then those testers are characteristically doing all
>> sorts of things that use their admin privs (exploring all the config
>> settings,
>> installing components, etc.) so perhaps the current test sample is not
>> characteristic of the consumer base that will only occassionally be
>> doing something requiring the elevated privs.
>>
>> "Imhotep" wrote in message
>> news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
>>> "SEATTLE - An annoying surprise awaits 2 million consumers expected to
>>> enthusiastically step forward in the next few weeks to help Microsoft
>>> test
>>> its new Windows Vista PC operating system.
>>>
>>> Volunteers will test Vista Beta 2, a near-final version of the much-hyped
>>> upgrade of Windows. The testing is the last step leading up to Vista's
>>> broad consumer release, scheduled for January.
>>>
>>> Beta 2 testers can expect to encounter an obtrusive security feature,
>>> called
>>> User Account Control (UAC). Designed to prevent intruders from performing
>>> harmful tasks, the feature grays out the computer screen, then prods you
>>> to
>>> confirm that you really want to do certain functions.
>>>
>>> In early test versions, the queries crop up so often that they interrupt
>>> routine tasks, such as changing the time clock or deleting shortcuts. And
>>> UAC sometimes triggers an endless loop of dialogue boxes that can be
>>> curtailed only by rebooting, says Paul Thurrott, news editor of Windows
>>> IT
>>> Pro magazine."
>>>
>>> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>>>
>>> -- Imhotep
>>
>>

Re: Security feature in Microsoft"s new Windows (Vista) could driveusers nuts

I agree, it is annoying but the folks using it right now are doing all sorts of
things they may not be doing after they have it running for a month or two and
are "stable". I noticed that the UAC was pissing me right off until all of a
sudden I didn't reload the machine for a week or so and I realized I went a day
or two without seeing it at all because I was just using the machine after I had
stabilized.... Getting through that few days though is going to be trying for
some folks.

And honestly, I almost got to the point when reloading a lot where I wasn't even
looking at the prompts anymore and I was just clicking. At that point, it has
completely lost its effectiveness as a security feature.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Roger Abell [MVP] wrote:
> My own feeling is that the jury is (not yet formed but effectively) still
> out
> on consumer acceptance of the final form of this feature. Once the
> behavior is refined for release, AIUI the intent is for people that use an
> admin account as their normal login to not imperil their machine by so
> doing, and yet when they do activate something that does require use
> of their admin privs they will be allowed to do so.
> Now, in the current and prior builds many testers do find the feature
> to be obnoxious. But then those testers are characteristically doing all
> sorts of things that use their admin privs (exploring all the config
> settings,
> installing components, etc.) so perhaps the current test sample is not
> characteristic of the consumer base that will only occassionally be
> doing something requiring the elevated privs.
>
> "Imhotep" wrote in message
> news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
>> "SEATTLE - An annoying surprise awaits 2 million consumers expected to
>> enthusiastically step forward in the next few weeks to help Microsoft test
>> its new Windows Vista PC operating system.
>>
>> Volunteers will test Vista Beta 2, a near-final version of the much-hyped
>> upgrade of Windows. The testing is the last step leading up to Vista's
>> broad consumer release, scheduled for January.
>>
>> Beta 2 testers can expect to encounter an obtrusive security feature,
>> called
>> User Account Control (UAC). Designed to prevent intruders from performing
>> harmful tasks, the feature grays out the computer screen, then prods you
>> to
>> confirm that you really want to do certain functions.
>>
>> In early test versions, the queries crop up so often that they interrupt
>> routine tasks, such as changing the time clock or deleting shortcuts. And
>> UAC sometimes triggers an endless loop of dialogue boxes that can be
>> curtailed only by rebooting, says Paul Thurrott, news editor of Windows IT
>> Pro magazine."
>>
>> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>>
>> -- Imhotep
>
>

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

Wow you know a lot about air bags and that is all very interesting. I chalk
up such to the law of unintended consequences in our government's never
ending pursuit to protect us from ourselves. I don't have all the details
but I understand that the government forced the gasoline produces to include
an additive that is supposed to reduce air pollution a while back but a few
years later they found that it was polluting water and the ground big time
and they wanted the oil companies to spend gazillions of dollars to clean
that up. My favorite is the banning of handguns in the city of Chicago to
make it safer. Well what happened is that Chicago is more violent then ever
since only criminals have handguns now and have no fear of the law abiding
citizen. Will they ever learn?? --- Steve



"Todd H." wrote in message
news:84ves48nth.fsf@ripco.com...
> "Steven L Umbach" writes:
>
>> I am not real hopeful. Consider that a lot if not the majority of drivers
>> will not wear their seat belts which is an action that can save their
>> life
>> or prevent great bodily harm. Hence we now have air bags that added cost
>> to
>> the purchase of a car. Consumers are waiting for MS to implement an air
>> bag
>> in the operating system. --- Steve
>
> What was especially ironic and stupid about the original air bag
> mandate is the paradox that
> a) in the US, manufacturers were forced to design to a spect
> that would restrain an unbelted passenger
> but
> b) as we learned through decapitations, blindings, and
> maimings, first generation airbags especially those in the
> US of the full deployment variety were totally unsafe to an
> unbelted occupant too close the steering wheel.
>
> Good times, eh?
>
> That paradox has been corrected with low deployment force bags, and
> additions of seat occupancy sensors and defeatable deployment for
> passenger side bags, etc. But still, dont' think for a minute that
> the airbag mandate doesn't have the grubby paws of the airbag
> manufacturer's lobby all over it, and don't think for a moment that
> for the same incremental increase in cost of an auto, there aren't
> design improvements that would yield more overall safety than an
> airbag in every steering column.
>
> At least new cars aren't shipping with bombs in the steering columns
> that'd snap grandma in half or pop infants' heads off.
>
> Best Regards,
> --
> Todd H.
> http://www.toddh.net/

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

"Steven L Umbach" wrote in message
news:OOJt6yheGHA.1856@TK2MSFTNGP03.phx.gbl...

> Will they ever learn?? --- Steve
>
not so long as they have self-believe in self-superiority of judgement
and a low opinion of others' sensibilities
--
ra

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

Perhaps we have hit on something to suggest Joe.
A temporary UAC suspend - say for 24 hours at a wack.
People are going to find the trick to shut if off, at least the
more power users are, and then it is off until reenabled.
So, what if during inital config, times of extensive admin use,
etc., there was a suspend UAC for x hours ??

I have noticed that with 5381.1 it is less annoying than when I
first started experiencing it, at 5308 or whatever build that was.
Perhaps it is less invasive, but I tend to believe it is that I am
becoming more accustomed to it and also that I have to do less
hunting to find where things have been hidden (or omitted).

I still believe that if people who do run as an admin just get over
the hump of inital config, then they will not that often see the
prompting. At that point UAC is only a good thing, as they are
running as a limited user.


"Joe Richards [MVP]" wrote in message
news:%23n9gxxheGHA.3484@TK2MSFTNGP04.phx.gbl...
>I agree, it is annoying but the folks using it right now are doing all
>sorts of things they may not be doing after they have it running for a
>month or two and are "stable". I noticed that the UAC was pissing me right
>off until all of a sudden I didn't reload the machine for a week or so and
>I realized I went a day or two without seeing it at all because I was just
>using the machine after I had stabilized.... Getting through that few days
>though is going to be trying for some folks.
>
> And honestly, I almost got to the point when reloading a lot where I
> wasn't even looking at the prompts anymore and I was just clicking. At
> that point, it has completely lost its effectiveness as a security
> feature.
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
>
>
> ---O'Reilly Active Directory Third Edition now available---
>
> http://www.joeware.net/win/ad3e.htm
>
>
>
> Roger Abell [MVP] wrote:
>> My own feeling is that the jury is (not yet formed but effectively) still
>> out
>> on consumer acceptance of the final form of this feature. Once the
>> behavior is refined for release, AIUI the intent is for people that use
>> an
>> admin account as their normal login to not imperil their machine by so
>> doing, and yet when they do activate something that does require use
>> of their admin privs they will be allowed to do so.
>> Now, in the current and prior builds many testers do find the feature
>> to be obnoxious. But then those testers are characteristically doing all
>> sorts of things that use their admin privs (exploring all the config
>> settings,
>> installing components, etc.) so perhaps the current test sample is not
>> characteristic of the consumer base that will only occassionally be
>> doing something requiring the elevated privs.
>>
>> "Imhotep" wrote in message
>> news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
>>> "SEATTLE - An annoying surprise awaits 2 million consumers expected to
>>> enthusiastically step forward in the next few weeks to help Microsoft
>>> test
>>> its new Windows Vista PC operating system.
>>>
>>> Volunteers will test Vista Beta 2, a near-final version of the
>>> much-hyped
>>> upgrade of Windows. The testing is the last step leading up to Vista's
>>> broad consumer release, scheduled for January.
>>>
>>> Beta 2 testers can expect to encounter an obtrusive security feature,
>>> called
>>> User Account Control (UAC). Designed to prevent intruders from
>>> performing
>>> harmful tasks, the feature grays out the computer screen, then prods you
>>> to
>>> confirm that you really want to do certain functions.
>>>
>>> In early test versions, the queries crop up so often that they interrupt
>>> routine tasks, such as changing the time clock or deleting shortcuts.
>>> And
>>> UAC sometimes triggers an endless loop of dialogue boxes that can be
>>> curtailed only by rebooting, says Paul Thurrott, news editor of Windows
>>> IT
>>> Pro magazine."
>>>
>>> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>>>
>>> -- Imhotep
>>

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

"Steven L Umbach" wrote in message
news:%236AMnAdeGHA.3348@TK2MSFTNGP03.phx.gbl...
>I am not real hopeful. Consider that a lot if not the majority of drivers
>will not wear their seat belts which is an action that can save their life
>or prevent great bodily harm. Hence we now have air bags that added cost to
>the purchase of a car. Consumers are waiting for MS to implement an air bag
>in the operating system. --- Steve

Because people are idiots and will not wear a seat belt is not the reason
there are also air bags in cars these days. Air bags provide additional
driver and passenger protection. They require the use of the seat belt as
an integrated safety system. An air bag will not provide the required
protection if the driver and/or passenger is flying around the cabin of the
vehicle because they did not wear their seat belt.

Yes, the addition of air bags does incur added cost to the vehicle. So does
the inclusion of a heater, air conditioner, radio and storage compartments.

As to the level of annoyance that consumers will feel if they purchase
Windows Vista, if and when it is made available, it will be no greater than
the level of annoyance felt when Windows 98 was released. The problem will
be that the operating system in its full-featured form will be so taxing on
a middle tier system that people will feel ripped off. It will be, of
course, their own fault for not reading the system specifications that will
ship with each version of Vista.

If you want to run the top version of the Vista OS, get the biggest,
baddest, fastest computer your money can buy. Personally, I'm happy with XP
the way it is. I don't need to be able to see through desktop icons or
windows.
>
>
> "Roger Abell [MVP]" wrote in message
> news:e9REqQbeGHA.3792@TK2MSFTNGP03.phx.gbl...
>> My own feeling is that the jury is (not yet formed but effectively) still
>> out
>> on consumer acceptance of the final form of this feature. Once the
>> behavior is refined for release, AIUI the intent is for people that use
>> an
>> admin account as their normal login to not imperil their machine by so
>> doing, and yet when they do activate something that does require use
>> of their admin privs they will be allowed to do so.
>> Now, in the current and prior builds many testers do find the feature
>> to be obnoxious. But then those testers are characteristically doing all
>> sorts of things that use their admin privs (exploring all the config
>> settings,
>> installing components, etc.) so perhaps the current test sample is not
>> characteristic of the consumer base that will only occassionally be
>> doing something requiring the elevated privs.
>>
>> "Imhotep" wrote in message
>> news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
>>> "SEATTLE - An annoying surprise awaits 2 million consumers expected to
>>> enthusiastically step forward in the next few weeks to help Microsoft
>>> test
>>> its new Windows Vista PC operating system.
>>>
>>> Volunteers will test Vista Beta 2, a near-final version of the
>>> much-hyped
>>> upgrade of Windows. The testing is the last step leading up to Vista's
>>> broad consumer release, scheduled for January.
>>>
>>> Beta 2 testers can expect to encounter an obtrusive security feature,
>>> called
>>> User Account Control (UAC). Designed to prevent intruders from
>>> performing
>>> harmful tasks, the feature grays out the computer screen, then prods you
>>> to
>>> confirm that you really want to do certain functions.
>>>
>>> In early test versions, the queries crop up so often that they interrupt
>>> routine tasks, such as changing the time clock or deleting shortcuts.
>>> And
>>> UAC sometimes triggers an endless loop of dialogue boxes that can be
>>> curtailed only by rebooting, says Paul Thurrott, news editor of Windows
>>> IT
>>> Pro magazine."
>>>
>>> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>>>
>>> -- Imhotep
>>
>>
>
>

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

Could y'all do us a favor and please eliminate the excessive/needless
crossposting, especially to IE.Security? Thank you.
--
~PA Bear

Re: Security feature in Microsoft"s new Windows (Vista) could driveusers nuts

Yeah that sounds like a good suggestion, maybe when it first pops up after an
install it asks if you want to suspend for a day or two for the initial build
up. Course bad things could still get through, but that is the same as if they
turned it off permanently and maybe doing it this way the benefit comes back
instead of being always off.

I haven't tried it (note to self for the weekend testing), if I use runas or my
cpau if the newly spawned window is also impacted by UAC. If it wasn't, that
would be handy because then I just spawn a new command prompt with those rights
and the UAC doesn't pop up for anything I do from there...



--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Roger Abell [MVP] wrote:
> Perhaps we have hit on something to suggest Joe.
> A temporary UAC suspend - say for 24 hours at a wack.
> People are going to find the trick to shut if off, at least the
> more power users are, and then it is off until reenabled.
> So, what if during inital config, times of extensive admin use,
> etc., there was a suspend UAC for x hours ??
>
> I have noticed that with 5381.1 it is less annoying than when I
> first started experiencing it, at 5308 or whatever build that was.
> Perhaps it is less invasive, but I tend to believe it is that I am
> becoming more accustomed to it and also that I have to do less
> hunting to find where things have been hidden (or omitted).
>
> I still believe that if people who do run as an admin just get over
> the hump of inital config, then they will not that often see the
> prompting. At that point UAC is only a good thing, as they are
> running as a limited user.
>
>
> "Joe Richards [MVP]" wrote in message
> news:%23n9gxxheGHA.3484@TK2MSFTNGP04.phx.gbl...
>> I agree, it is annoying but the folks using it right now are doing all
>> sorts of things they may not be doing after they have it running for a
>> month or two and are "stable". I noticed that the UAC was pissing me right
>> off until all of a sudden I didn't reload the machine for a week or so and
>> I realized I went a day or two without seeing it at all because I was just
>> using the machine after I had stabilized.... Getting through that few days
>> though is going to be trying for some folks.
>>
>> And honestly, I almost got to the point when reloading a lot where I
>> wasn't even looking at the prompts anymore and I was just clicking. At
>> that point, it has completely lost its effectiveness as a security
>> feature.
>>
>>
>> --
>> Joe Richards Microsoft MVP Windows Server Directory Services
>> Author of O'Reilly Active Directory Third Edition
>> www.joeware.net
>>
>>
>> ---O'Reilly Active Directory Third Edition now available---
>>
>> http://www.joeware.net/win/ad3e.htm
>>
>>
>>
>> Roger Abell [MVP] wrote:
>>> My own feeling is that the jury is (not yet formed but effectively) still
>>> out
>>> on consumer acceptance of the final form of this feature. Once the
>>> behavior is refined for release, AIUI the intent is for people that use
>>> an
>>> admin account as their normal login to not imperil their machine by so
>>> doing, and yet when they do activate something that does require use
>>> of their admin privs they will be allowed to do so.
>>> Now, in the current and prior builds many testers do find the feature
>>> to be obnoxious. But then those testers are characteristically doing all
>>> sorts of things that use their admin privs (exploring all the config
>>> settings,
>>> installing components, etc.) so perhaps the current test sample is not
>>> characteristic of the consumer base that will only occassionally be
>>> doing something requiring the elevated privs.
>>>
>>> "Imhotep" wrote in message
>>> news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
>>>> "SEATTLE - An annoying surprise awaits 2 million consumers expected to
>>>> enthusiastically step forward in the next few weeks to help Microsoft
>>>> test
>>>> its new Windows Vista PC operating system.
>>>>
>>>> Volunteers will test Vista Beta 2, a near-final version of the
>>>> much-hyped
>>>> upgrade of Windows. The testing is the last step leading up to Vista's
>>>> broad consumer release, scheduled for January.
>>>>
>>>> Beta 2 testers can expect to encounter an obtrusive security feature,
>>>> called
>>>> User Account Control (UAC). Designed to prevent intruders from
>>>> performing
>>>> harmful tasks, the feature grays out the computer screen, then prods you
>>>> to
>>>> confirm that you really want to do certain functions.
>>>>
>>>> In early test versions, the queries crop up so often that they interrupt
>>>> routine tasks, such as changing the time clock or deleting shortcuts.
>>>> And
>>>> UAC sometimes triggers an endless loop of dialogue boxes that can be
>>>> curtailed only by rebooting, says Paul Thurrott, news editor of Windows
>>>> IT
>>>> Pro magazine."
>>>>
>>>> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>>>>
>>>> -- Imhotep
>

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

It would be interesting if you could control in your cpau so that the
token did not get restricted, and I find it dumb if it does restrict when
someone has conciously used runas to get an admin session . . .

After thinking some I believe the suggestion should be to provide a
"suspend for remainder of this login" button and have a time limiter
of say a day for those like myself that customarily hibernate a client.

Roger

"Joe Richards [MVP]" wrote in message
news:OfoUJZ1eGHA.4948@TK2MSFTNGP04.phx.gbl...
> Yeah that sounds like a good suggestion, maybe when it first pops up after
> an install it asks if you want to suspend for a day or two for the initial
> build up. Course bad things could still get through, but that is the same
> as if they turned it off permanently and maybe doing it this way the
> benefit comes back instead of being always off.
>
> I haven't tried it (note to self for the weekend testing), if I use runas
> or my cpau if the newly spawned window is also impacted by UAC. If it
> wasn't, that would be handy because then I just spawn a new command prompt
> with those rights and the UAC doesn't pop up for anything I do from
> there...
>
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> Author of O'Reilly Active Directory Third Edition
> www.joeware.net
>
>
> ---O'Reilly Active Directory Third Edition now available---
>
> http://www.joeware.net/win/ad3e.htm
>
>
>
> Roger Abell [MVP] wrote:
>> Perhaps we have hit on something to suggest Joe.
>> A temporary UAC suspend - say for 24 hours at a wack.
>> People are going to find the trick to shut if off, at least the
>> more power users are, and then it is off until reenabled.
>> So, what if during inital config, times of extensive admin use,
>> etc., there was a suspend UAC for x hours ??
>>
>> I have noticed that with 5381.1 it is less annoying than when I
>> first started experiencing it, at 5308 or whatever build that was.
>> Perhaps it is less invasive, but I tend to believe it is that I am
>> becoming more accustomed to it and also that I have to do less
>> hunting to find where things have been hidden (or omitted).
>>
>> I still believe that if people who do run as an admin just get over
>> the hump of inital config, then they will not that often see the
>> prompting. At that point UAC is only a good thing, as they are
>> running as a limited user.
>>
>>
>> "Joe Richards [MVP]" wrote in message
>> news:%23n9gxxheGHA.3484@TK2MSFTNGP04.phx.gbl...
>>> I agree, it is annoying but the folks using it right now are doing all
>>> sorts of things they may not be doing after they have it running for a
>>> month or two and are "stable". I noticed that the UAC was pissing me
>>> right off until all of a sudden I didn't reload the machine for a week
>>> or so and I realized I went a day or two without seeing it at all
>>> because I was just using the machine after I had stabilized.... Getting
>>> through that few days though is going to be trying for some folks.
>>>
>>> And honestly, I almost got to the point when reloading a lot where I
>>> wasn't even looking at the prompts anymore and I was just clicking. At
>>> that point, it has completely lost its effectiveness as a security
>>> feature.
>>>
>>>
>>> --
>>> Joe Richards Microsoft MVP Windows Server Directory Services
>>> Author of O'Reilly Active Directory Third Edition
>>> www.joeware.net
>>>
>>>
>>> ---O'Reilly Active Directory Third Edition now available---
>>>
>>> http://www.joeware.net/win/ad3e.htm
>>>
>>>
>>>
>>> Roger Abell [MVP] wrote:
>>>> My own feeling is that the jury is (not yet formed but effectively)
>>>> still out
>>>> on consumer acceptance of the final form of this feature. Once the
>>>> behavior is refined for release, AIUI the intent is for people that use
>>>> an
>>>> admin account as their normal login to not imperil their machine by so
>>>> doing, and yet when they do activate something that does require use
>>>> of their admin privs they will be allowed to do so.
>>>> Now, in the current and prior builds many testers do find the feature
>>>> to be obnoxious. But then those testers are characteristically doing
>>>> all
>>>> sorts of things that use their admin privs (exploring all the config
>>>> settings,
>>>> installing components, etc.) so perhaps the current test sample is not
>>>> characteristic of the consumer base that will only occassionally be
>>>> doing something requiring the elevated privs.
>>>>
>>>> "Imhotep" wrote in message
>>>> news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
>>>>> "SEATTLE - An annoying surprise awaits 2 million consumers expected to
>>>>> enthusiastically step forward in the next few weeks to help Microsoft
>>>>> test
>>>>> its new Windows Vista PC operating system.
>>>>>
>>>>> Volunteers will test Vista Beta 2, a near-final version of the
>>>>> much-hyped
>>>>> upgrade of Windows. The testing is the last step leading up to Vista's
>>>>> broad consumer release, scheduled for January.
>>>>>
>>>>> Beta 2 testers can expect to encounter an obtrusive security feature,
>>>>> called
>>>>> User Account Control (UAC). Designed to prevent intruders from
>>>>> performing
>>>>> harmful tasks, the feature grays out the computer screen, then prods
>>>>> you to
>>>>> confirm that you really want to do certain functions.
>>>>>
>>>>> In early test versions, the queries crop up so often that they
>>>>> interrupt
>>>>> routine tasks, such as changing the time clock or deleting shortcuts.
>>>>> And
>>>>> UAC sometimes triggers an endless loop of dialogue boxes that can be
>>>>> curtailed only by rebooting, says Paul Thurrott, news editor of
>>>>> Windows IT
>>>>> Pro magazine."
>>>>>
>>>>> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>>>>>
>>>>> -- Imhotep
>>

Re: Security feature in Microsoft"s new Windows (Vista) could driveusers nuts

Or even once it starts to hibernate it shuts off on the spot, same with suspend,
come back from locked session, etc. That way when you fire back up, you are at
a known "safe" spot.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm



Roger Abell [MVP] wrote:
> It would be interesting if you could control in your cpau so that the
> token did not get restricted, and I find it dumb if it does restrict when
> someone has conciously used runas to get an admin session . . .
>
> After thinking some I believe the suggestion should be to provide a
> "suspend for remainder of this login" button and have a time limiter
> of say a day for those like myself that customarily hibernate a client.
>
> Roger
>
> "Joe Richards [MVP]" wrote in message
> news:OfoUJZ1eGHA.4948@TK2MSFTNGP04.phx.gbl...
>> Yeah that sounds like a good suggestion, maybe when it first pops up after
>> an install it asks if you want to suspend for a day or two for the initial
>> build up. Course bad things could still get through, but that is the same
>> as if they turned it off permanently and maybe doing it this way the
>> benefit comes back instead of being always off.
>>
>> I haven't tried it (note to self for the weekend testing), if I use runas
>> or my cpau if the newly spawned window is also impacted by UAC. If it
>> wasn't, that would be handy because then I just spawn a new command prompt
>> with those rights and the UAC doesn't pop up for anything I do from
>> there...
>>
>>
>>
>> --
>> Joe Richards Microsoft MVP Windows Server Directory Services
>> Author of O'Reilly Active Directory Third Edition
>> www.joeware.net
>>
>>
>> ---O'Reilly Active Directory Third Edition now available---
>>
>> http://www.joeware.net/win/ad3e.htm
>>
>>
>>
>> Roger Abell [MVP] wrote:
>>> Perhaps we have hit on something to suggest Joe.
>>> A temporary UAC suspend - say for 24 hours at a wack.
>>> People are going to find the trick to shut if off, at least the
>>> more power users are, and then it is off until reenabled.
>>> So, what if during inital config, times of extensive admin use,
>>> etc., there was a suspend UAC for x hours ??
>>>
>>> I have noticed that with 5381.1 it is less annoying than when I
>>> first started experiencing it, at 5308 or whatever build that was.
>>> Perhaps it is less invasive, but I tend to believe it is that I am
>>> becoming more accustomed to it and also that I have to do less
>>> hunting to find where things have been hidden (or omitted).
>>>
>>> I still believe that if people who do run as an admin just get over
>>> the hump of inital config, then they will not that often see the
>>> prompting. At that point UAC is only a good thing, as they are
>>> running as a limited user.
>>>
>>>
>>> "Joe Richards [MVP]" wrote in message
>>> news:%23n9gxxheGHA.3484@TK2MSFTNGP04.phx.gbl...
>>>> I agree, it is annoying but the folks using it right now are doing all
>>>> sorts of things they may not be doing after they have it running for a
>>>> month or two and are "stable". I noticed that the UAC was pissing me
>>>> right off until all of a sudden I didn't reload the machine for a week
>>>> or so and I realized I went a day or two without seeing it at all
>>>> because I was just using the machine after I had stabilized.... Getting
>>>> through that few days though is going to be trying for some folks.
>>>>
>>>> And honestly, I almost got to the point when reloading a lot where I
>>>> wasn't even looking at the prompts anymore and I was just clicking. At
>>>> that point, it has completely lost its effectiveness as a security
>>>> feature.
>>>>
>>>>
>>>> --
>>>> Joe Richards Microsoft MVP Windows Server Directory Services
>>>> Author of O'Reilly Active Directory Third Edition
>>>> www.joeware.net
>>>>
>>>>
>>>> ---O'Reilly Active Directory Third Edition now available---
>>>>
>>>> http://www.joeware.net/win/ad3e.htm
>>>>
>>>>
>>>>
>>>> Roger Abell [MVP] wrote:
>>>>> My own feeling is that the jury is (not yet formed but effectively)
>>>>> still out
>>>>> on consumer acceptance of the final form of this feature. Once the
>>>>> behavior is refined for release, AIUI the intent is for people that use
>>>>> an
>>>>> admin account as their normal login to not imperil their machine by so
>>>>> doing, and yet when they do activate something that does require use
>>>>> of their admin privs they will be allowed to do so.
>>>>> Now, in the current and prior builds many testers do find the feature
>>>>> to be obnoxious. But then those testers are characteristically doing
>>>>> all
>>>>> sorts of things that use their admin privs (exploring all the config
>>>>> settings,
>>>>> installing components, etc.) so perhaps the current test sample is not
>>>>> characteristic of the consumer base that will only occassionally be
>>>>> doing something requiring the elevated privs.
>>>>>
>>>>> "Imhotep" wrote in message
>>>>> news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
>>>>>> "SEATTLE - An annoying surprise awaits 2 million consumers expected to
>>>>>> enthusiastically step forward in the next few weeks to help Microsoft
>>>>>> test
>>>>>> its new Windows Vista PC operating system.
>>>>>>
>>>>>> Volunteers will test Vista Beta 2, a near-final version of the
>>>>>> much-hyped
>>>>>> upgrade of Windows. The testing is the last step leading up to Vista's
>>>>>> broad consumer release, scheduled for January.
>>>>>>
>>>>>> Beta 2 testers can expect to encounter an obtrusive security feature,
>>>>>> called
>>>>>> User Account Control (UAC). Designed to prevent intruders from
>>>>>> performing
>>>>>> harmful tasks, the feature grays out the computer screen, then prods
>>>>>> you to
>>>>>> confirm that you really want to do certain functions.
>>>>>>
>>>>>> In early test versions, the queries crop up so often that they
>>>>>> interrupt
>>>>>> routine tasks, such as changing the time clock or deleting shortcuts.
>>>>>> And
>>>>>> UAC sometimes triggers an endless loop of dialogue boxes that can be
>>>>>> curtailed only by rebooting, says Paul Thurrott, news editor of
>>>>>> Windows IT
>>>>>> Pro magazine."
>>>>>>
>>>>>> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>>>>>>
>>>>>> -- Imhotep
>
>

Re: Security feature in Microsoft"s new Windows (Vista) could drive users nuts

"Joe Richards [MVP]" wrote in message
news:%23cDRsHOfGHA.1264@TK2MSFTNGP05.phx.gbl...
> Or even once it starts to hibernate it shuts off on the spot, same with
> suspend, come back from locked session, etc. That way when you fire back
> up, you are at a known "safe" spot.
>

Yep, I agree. That is better.

>
> ---O'Reilly Active Directory Third Edition now available---
>
> http://www.joeware.net/win/ad3e.htm
>
>
>
> Roger Abell [MVP] wrote:
>> It would be interesting if you could control in your cpau so that the
>> token did not get restricted, and I find it dumb if it does restrict when
>> someone has conciously used runas to get an admin session . . .
>>
>> After thinking some I believe the suggestion should be to provide a
>> "suspend for remainder of this login" button and have a time limiter
>> of say a day for those like myself that customarily hibernate a client.
>>
>> Roger
>>
>> "Joe Richards [MVP]" wrote in message
>> news:OfoUJZ1eGHA.4948@TK2MSFTNGP04.phx.gbl...
>>> Yeah that sounds like a good suggestion, maybe when it first pops up
>>> after an install it asks if you want to suspend for a day or two for the
>>> initial build up. Course bad things could still get through, but that is
>>> the same as if they turned it off permanently and maybe doing it this
>>> way the benefit comes back instead of being always off.
>>>
>>> I haven't tried it (note to self for the weekend testing), if I use
>>> runas or my cpau if the newly spawned window is also impacted by UAC. If
>>> it wasn't, that would be handy because then I just spawn a new command
>>> prompt with those rights and the UAC doesn't pop up for anything I do
>>> from there...
>>>
>>>
>>>
>>> --
>>> Joe Richards Microsoft MVP Windows Server Directory Services
>>> Author of O'Reilly Active Directory Third Edition
>>> www.joeware.net
>>>
>>>
>>> ---O'Reilly Active Directory Third Edition now available---
>>>
>>> http://www.joeware.net/win/ad3e.htm
>>>
>>>
>>>
>>> Roger Abell [MVP] wrote:
>>>> Perhaps we have hit on something to suggest Joe.
>>>> A temporary UAC suspend - say for 24 hours at a wack.
>>>> People are going to find the trick to shut if off, at least the
>>>> more power users are, and then it is off until reenabled.
>>>> So, what if during inital config, times of extensive admin use,
>>>> etc., there was a suspend UAC for x hours ??
>>>>
>>>> I have noticed that with 5381.1 it is less annoying than when I
>>>> first started experiencing it, at 5308 or whatever build that was.
>>>> Perhaps it is less invasive, but I tend to believe it is that I am
>>>> becoming more accustomed to it and also that I have to do less
>>>> hunting to find where things have been hidden (or omitted).
>>>>
>>>> I still believe that if people who do run as an admin just get over
>>>> the hump of inital config, then they will not that often see the
>>>> prompting. At that point UAC is only a good thing, as they are
>>>> running as a limited user.
>>>>
>>>>
>>>> "Joe Richards [MVP]" wrote in message
>>>> news:%23n9gxxheGHA.3484@TK2MSFTNGP04.phx.gbl...
>>>>> I agree, it is annoying but the folks using it right now are doing all
>>>>> sorts of things they may not be doing after they have it running for a
>>>>> month or two and are "stable". I noticed that the UAC was pissing me
>>>>> right off until all of a sudden I didn't reload the machine for a week
>>>>> or so and I realized I went a day or two without seeing it at all
>>>>> because I was just using the machine after I had stabilized....
>>>>> Getting through that few days though is going to be trying for some
>>>>> folks.
>>>>>
>>>>> And honestly, I almost got to the point when reloading a lot where I
>>>>> wasn't even looking at the prompts anymore and I was just clicking. At
>>>>> that point, it has completely lost its effectiveness as a security
>>>>> feature.
>>>>>
>>>>>
>>>>> --
>>>>> Joe Richards Microsoft MVP Windows Server Directory Services
>>>>> Author of O'Reilly Active Directory Third Edition
>>>>> www.joeware.net
>>>>>
>>>>>
>>>>> ---O'Reilly Active Directory Third Edition now available---
>>>>>
>>>>> http://www.joeware.net/win/ad3e.htm
>>>>>
>>>>>
>>>>>
>>>>> Roger Abell [MVP] wrote:
>>>>>> My own feeling is that the jury is (not yet formed but effectively)
>>>>>> still out
>>>>>> on consumer acceptance of the final form of this feature. Once the
>>>>>> behavior is refined for release, AIUI the intent is for people that
>>>>>> use an
>>>>>> admin account as their normal login to not imperil their machine by
>>>>>> so
>>>>>> doing, and yet when they do activate something that does require use
>>>>>> of their admin privs they will be allowed to do so.
>>>>>> Now, in the current and prior builds many testers do find the feature
>>>>>> to be obnoxious. But then those testers are characteristically doing
>>>>>> all
>>>>>> sorts of things that use their admin privs (exploring all the config
>>>>>> settings,
>>>>>> installing components, etc.) so perhaps the current test sample is
>>>>>> not
>>>>>> characteristic of the consumer base that will only occassionally be
>>>>>> doing something requiring the elevated privs.
>>>>>>
>>>>>> "Imhotep" wrote in message
>>>>>> news:cdqdnZDPy9JX_ffZnZ2dnUVZ_tidnZ2d@adelphia.com...
>>>>>>> "SEATTLE - An annoying surprise awaits 2 million consumers expected
>>>>>>> to
>>>>>>> enthusiastically step forward in the next few weeks to help
>>>>>>> Microsoft test
>>>>>>> its new Windows Vista PC operating system.
>>>>>>>
>>>>>>> Volunteers will test Vista Beta 2, a near-final version of the
>>>>>>> much-hyped
>>>>>>> upgrade of Windows. The testing is the last step leading up to
>>>>>>> Vista's
>>>>>>> broad consumer release, scheduled for January.
>>>>>>>
>>>>>>> Beta 2 testers can expect to encounter an obtrusive security
>>>>>>> feature, called
>>>>>>> User Account Control (UAC). Designed to prevent intruders from
>>>>>>> performing
>>>>>>> harmful tasks, the feature grays out the computer screen, then prods
>>>>>>> you to
>>>>>>> confirm that you really want to do certain functions.
>>>>>>>
>>>>>>> In early test versions, the queries crop up so often that they
>>>>>>> interrupt
>>>>>>> routine tasks, such as changing the time clock or deleting
>>>>>>> shortcuts. And
>>>>>>> UAC sometimes triggers an endless loop of dialogue boxes that can be
>>>>>>> curtailed only by rebooting, says Paul Thurrott, news editor of
>>>>>>> Windows IT
>>>>>>> Pro magazine."
>>>>>>>
>>>>>>> http://www.usatoday.com/tech/products/2006-05-15-vista-secur ity_x.htm?csp=34
>>>>>>>
>>>>>>> -- Imhotep
>>