Mark Russinovich on Windows 7 UAC

User Account Control is one of those Windows features that evokes a number of different responses from folks. Most people appreciate the enhanced security UAC offers, but we did hear complaints about the high number of UAC prompts in Windows Vista. This led some customers to turn off UAC, which concerns us from a security perspective. So in Windows 7, we've given a great deal of thought to how we marry enhanced security with ease-of-use. We have written extensively about the changes in UAC for Windows 7 on the Engineering Windows 7 blog (Post 1, Post 2, Post 3, Post 4).

Now, Technical Fellow Mark Russinovich weighs in on UAC with some great insight on the technology and some of our motivations around the decisions we have made. Check out Inside User Account Control now available online from TechNet Magazine.

Tags: , , ,

Comments

  1. 7flavor
    Posted on: June 09, 2009 at 2:03PM  

    What about the task scheduler loophole described here (www.howtogeek.com/.../create-administrator-mode-shortcuts-without-uac-prompts-in-windows-vista)? Won't malware be able to create any basic task and then use schtasks /run /tn "TASKNAMEINQUOTES" to bypass UAC?

  2. Mike Blane
    Posted on: June 10, 2009 at 10:46AM  

    I'm wondering if Windows Vista's UAC will be altered to be more in line with Windows 7's UAC.  

  3. michellelondon88
    Posted on: June 18, 2009 at 5:03AM  

    Most people appreciate the enhanced security UAC offers, but we did hear complaints about the high number of UAC prompts in Windows Vista. This led some customers to turn off UAC, which concerns us from a security perspective.

  4. Pudnik
    Posted on: June 19, 2009 at 1:52AM  

    ...Windows used to be real insecure. But it has always been relatively easy to install and use. The Unix flavors are reeeally secure. But even with GUI components such as Gnome, only usable by 'Geeks'.

    I suggest that user accounts on both OSs could use a key property I call the User Technical Ability Index. Instead of assuming that all users that logon to computer accounts are the same, the system looks at the UTAI of the user account, and either 'dumbs down', or leaves the user alone, accordingly.

    For example, if the account is a standard account, but the UTAI is very high (the person who logs on to this account most of the time is a network administrator capable of maintaining a huge SQL Server database for a 150,000-person enterprise), the system shouldn't bug the user all the time and assume that the user is a complete newbie even though the account is a standard account.

    However, if the UTAI of the standard account is very low (the person who logs on to this account most of the time is a ballet dancer whos primary interest is not computers and only uses a computer to read his email), then by all means the system should dumb down and baby and coddle the user most of the time...

    Just my 2 cents...

  5. newscientist2000
    Posted on: July 29, 2009 at 7:13AM  

    I actually like UAC as it increases security, its nice to know that it provides some extra protection.  However I did recently get this problem after reinstalling WinTV v6 from Hauppage

    www.hauppauge.co.uk/.../showthread.php

    So right now the prompts are kinda annoying me, so a system restore may be in order.  Maybe that will fix it because currently UAC is prompted for WinTV to run which makes it pretty useless for recording scheduled TV programs.

    Actually I prefer Media Center to WinTV, but the conversion from a wtv file to the more common mpeg file format would not be needed if I can use WinTV6 instead of MediaCenter.

    If there was some way to add some specifice program exclusions to UAC that would be cool, even if those exclusions could only be set on a Admin account or in Safe Mode  or by through some other method that would help make it easier on the end user.

  6. newscientist2000
    Posted on: July 29, 2009 at 7:26AM  

    Well I got rid of the IE prompts using the link above, unfortunately I got a security update last night that wiped out my System Restore Points.  

    The only solution for getting WinTV6 to work is to turn off UAC, a shame really.  Same problem as here

    ...

    forums.anandtech.com/messageview.aspx

    I may just end up doing that, it would be nice to have a program exclusion list though.

  7. Bill Volz
    Posted on: July 30, 2009 at 3:01PM  

    I will be happy as long as they fix the UAC box that pops up every time I open Visual Studio, which is at least 20 times a day.  :)

  8. spikegotti
    Posted on: August 20, 2009 at 9:50AM  

    what would be the reward for giving the team the genuine crack for windows 7?

    email me

    here is my screenie  spikegotti.deviantart.com/.../windows-7-rtm-134078654

  9. spikegotti
    Posted on: August 20, 2009 at 9:53AM  
  10. aybiss
    Posted on: September 07, 2009 at 1:47AM  

    If you keep working hard enough you will eventually convince most people that clicking one button is definitely secure (because it has an icon on it LOL) but clicking the original button couldn't possibly have been made secure in the first place.

    It's unfortunate that most people these days don't have enough basic logic skills to figure out when they are being fooled.

    So what, Microsoft drains the lifeforce of people clicking on UAC prompts or is it just so embarassing you can't go back on your original idea?

  • Page:
  • 1
  • 2

Trackbacks

  1. Posted by: Alex... 's blog on June 09, 2009 at 12:54PM

      Conturile de utilizatori standard permit o securitate mai buna si un cost total de proprietate

  2. Posted by: 4sysops - 100,000 sites hacked - Mark Russinovich on Windows 7 UAC - Windows 7: The New NT? - RemoteApp and Desktop Connections - Windows 7’s System Tray on June 09, 2009 at 3:21PM

    Pingback from  4sysops -   100,000 sites hacked - Mark Russinovich on Windows 7 UAC - Windows 7: The New NT? - RemoteApp and Desktop Connections - Windows 7’s System Tray

  3. Posted by: Windows 7 User Account Control (UAC) « Agave Anejo's Blog on June 10, 2009 at 3:04AM

    Pingback from  Windows 7 User Account Control (UAC) « Agave Anejo's Blog

  4. Posted by: Mark Russinovich on Windows 7 UAC | Windows 2008 Security on June 10, 2009 at 7:29AM

    Pingback from  Mark Russinovich on Windows 7 UAC | Windows 2008 Security

  5. Posted by: Windows 2007 UAC | Jason Likert dot com on June 10, 2009 at 1:36PM

    Pingback from  Windows 2007 UAC | Jason Likert dot com

  6. Posted by: Mark Russinovich on Windows 7 UAC|Join Our Story!|AngNetwork Blog on June 11, 2009 at 10:07AM

    Pingback from  Mark Russinovich on Windows 7 UAC|Join Our Story!|AngNetwork Blog

  7. Posted by: Mark Russinovich on Windows 7 UAC – Windows Security Blog – The … on June 14, 2009 at 5:56AM

    Pingback from  Mark Russinovich on Windows 7 UAC – Windows Security Blog – The …

  8. Posted by: BlogMS - Official Microsoft Team Blogs on June 15, 2009 at 7:57AM

    244 Microsoft Team blogs searched, 110 blogs have new articles. 271 new articles found searching from

  9. Posted by: 71-686 Resources - TechExams.net IT Certification Forums on September 15, 2009 at 7:28PM

    Pingback from  71-686 Resources - TechExams.net IT Certification Forums

Syndication

Recent Posts

Tags

View more

Archives

© Copyright 2009 Microsoft Corporation. All Rights Reserved.   |   Privacy Statement