The User Account Control feature in Windows Vista has been known to drive normally level-headed people over the edge with frustration. If you find it annoying, you might be tempted to turn it off. According to Microsoft research, somewhere between 12 and 16 percent of all Windows Vista users do exactly that. But before you take such a radical step, it helps to understand what UAC is actually doing on your behalf and how you can tone down its hard edges without sacrificing its protection.
The biggest misconception I hear about UAC is that it’s just another silly “Are you sure?” dialog box that users will quickly learn to ignore. That’s only one small part of the overall UAC system. The point of UAC is to allow you to run as a standard user, something that is nearly impossible in Windows XP and earlier Windows versions. In fact, with UAC enabled (the default setting) every user account in Windows Vista runs as a standard user. When you try to do something that requires administrative privileges, you see a UAC consent dialog box. If you’re an administrator, you simply have to click Continue when prompted. If you’re running as a standard user, you have to provide the user name and password of a member of the Administrators group.
|
|
||||||
| Image Gallery: I’ve created a walkthrough gallery that shows how to tone down the hard edges of UAC without sacrificing its protection. |  |
 |
||||
|
|
||||||
UAC has four major benefits:
- On a shared computer, you can set up standard user accounts for users who don’t have the experience or training to make smart decisions about installing software or making system changes. As a result, they won’t be able to do any damage if a malicious website fools them into trying to install a piece of spyware or a Trojan.
- As an administrator, you get a warning before a piece of software attempts to make a change that can adversely affect the system. In Windows XP, clicking OK to a single malicious installer program could install a dozen programs in the background, with no warning to you. In Vista with UAC, you’ll have to give consent to each installation (and presumably will say No, early and often.)
- Badly written programs sometimes try to write user data to system areas, such as the Windows or Program Files folder or a registry key that affects all users. In Windows XP, running this type of program as a standard user would probably cause the program to fail. With Vista, those operations are intercepted and written to a virtualized location in your user profile. The program thinks it wrote a file to the Windows folder, but the actual file appears in your profile.
- Internet Explorer 7 runs in Protected Mode when UAC is on. That causes processes in a browser window to run at a low integrity level, where they’re blocked from interacting with processes that have a higher integrity level. The net effect is to stop entire classes of web-based attacks in their tracks.
Microsoft product unit manager David Cross made some remarks several weeks ago that have been widely misinterpreted. He was quoted as saying that the reason Microsoft added UAC to Windows Vista was “to annoy users.” The reality is that UAC shouldn’t be annoying, and consent dialog boxes shouldn’t be common. If you’re being pestered with UAC prompts all day long, you should be annoyed at the software developer that wrote the crappy program that’s responsible for those prompts, and you should in turn annoy them until they fix it.
But if you do find UAC annoying in day-to-day use, I recommend that you try one or more of the alternatives described in this post before resorting to the “nuclear alternative” of completely disabling it. The three techniques I outline here (with illustrations in the accompanying screenshot gallery) can help cut the annoyance factor dramatically
Page 2: Stop annoying UAC “fade to black” slowdowns
Page 3: Create an Administrator account that’s free of UAC prompts
Page 4: Use shortcuts to start programs in admin mode without UAC prompts
Next –>
