![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
The best Vista tip I can offer and one that is sorely needed
- Thread starter bbz_Ghost
- Start date
Well obviously- it will try doing stuff that you didn't do.
If you are just browsing the internet minding your own business, and all of a sudden a UAC prompt pops up... you know you didn't do anything to cause it- so you look at it and see its something fishy.
If you are just browsing the internet minding your own business, and all of a sudden a UAC prompt pops up... you know you didn't do anything to cause it- so you look at it and see its something fishy.
Nice post.
I'm having a problem with IE7. I can't seem to add anything to favourites. I only have one account for this computer and its an administrative one.
Everytime I try to add site to my favourites, I get a message saying "Access denied, can't write to folder." What tha hell? When I right click on the IE7 icon and choose "Run As administrator" I can write to the favourites.
Seems kind of ridiculous to me...anyone have an idea as to what's up?
One thing I did do was to move my "Documents" folder to another drive. Could this have borked it?
I'm having a problem with IE7. I can't seem to add anything to favourites. I only have one account for this computer and its an administrative one.
Everytime I try to add site to my favourites, I get a message saying "Access denied, can't write to folder." What tha hell? When I right click on the IE7 icon and choose "Run As administrator" I can write to the favourites.
Seems kind of ridiculous to me...anyone have an idea as to what's up?
One thing I did do was to move my "Documents" folder to another drive. Could this have borked it?
Caffeinated
[H]ard|Gawd
- Joined
- Oct 16, 2002
- Messages
- 1,451
Uh..yeah, and then I'll run everything as root and then it will be more secure
I'll get right on that
I'll get right on that
Unknown-One
[H]F Junkie
- Joined
- Mar 5, 2005
- Messages
- 8,909
Another vote for a sticky, this solved my problems with Halo losing settings 
winston856
[H]ard|Gawd
- Joined
- Dec 28, 2004
- Messages
- 1,822
Please sticky this. I was having lots of trouble with foobar before I saw this.
This saved me from throwing my box out the window!
STICKY!
This saved me from throwing my box out the window!
STICKY!
That's stretching it. They're not in the same league. Hell, they're not even playing the same sport.
harsaphes
Supreme [H]ardness
- Joined
- Aug 29, 2005
- Messages
- 5,330
wow, i found this again..i thought it was a sticky?
Doesn't the 1st user account you create when you install vista come with admin privilages?
I've never had a problem with this on any of my software, but then theres only one account for this PC. Most people who are building systems or who are buying systems and are only creating one account for themselves should not run into this problem.
The whole idea of admin privilages is for systems with multiple accounts where one or more accounts have lowered permissions for users who should not be in control of the PC in such a way which might break it.
In these circumstances it's not appropriate for users to be elevating their permission level to admin, they should be speaking with the owner of the PC (the person in control of the admin accounts) to do this for them, to avoid installing dodgy software etc.
If your account does not have admin privilages, then give it to yourself in the account control area. The run as admin is there purely for convenience for the real admins so they dont need to log out of the current user to install stuff (which is just irritating and time consuming)
Anyone who's security consious and likes to run without admin privilages so any hack attempts are feutile unless they hack the admin password, these people are going to be smart enough to know how to use the run as command in the first place and dont need such advice. And for the record I think this is way over the top anyhow, I've run my computer as admin all the time ever since I've been building PC's and as long as you're smart enough to know what you're doing and have good protection, such as a router with a firewall are you're smart enough to only open reliable programs, then its not going to matter.
My advice to people is, if you dont have a user account with admin privilages to install software, it's probably for a good reason, speak to the ower of the PC and get them to check out what you're installing, thats the whole reason we have these different levels of permissions, so the owner of the PC can control what the other users can do. If you are the owner, give yourself admin privilages on your main account so you dont have to "run as" with everything you install, the security risk is minimal and a lot of games/apps require you to run as admin when you use the application anyhow.
I've never had a problem with this on any of my software, but then theres only one account for this PC. Most people who are building systems or who are buying systems and are only creating one account for themselves should not run into this problem.
The whole idea of admin privilages is for systems with multiple accounts where one or more accounts have lowered permissions for users who should not be in control of the PC in such a way which might break it.
In these circumstances it's not appropriate for users to be elevating their permission level to admin, they should be speaking with the owner of the PC (the person in control of the admin accounts) to do this for them, to avoid installing dodgy software etc.
If your account does not have admin privilages, then give it to yourself in the account control area. The run as admin is there purely for convenience for the real admins so they dont need to log out of the current user to install stuff (which is just irritating and time consuming)
Anyone who's security consious and likes to run without admin privilages so any hack attempts are feutile unless they hack the admin password, these people are going to be smart enough to know how to use the run as command in the first place and dont need such advice. And for the record I think this is way over the top anyhow, I've run my computer as admin all the time ever since I've been building PC's and as long as you're smart enough to know what you're doing and have good protection, such as a router with a firewall are you're smart enough to only open reliable programs, then its not going to matter.
My advice to people is, if you dont have a user account with admin privilages to install software, it's probably for a good reason, speak to the ower of the PC and get them to check out what you're installing, thats the whole reason we have these different levels of permissions, so the owner of the PC can control what the other users can do. If you are the owner, give yourself admin privilages on your main account so you dont have to "run as" with everything you install, the security risk is minimal and a lot of games/apps require you to run as admin when you use the application anyhow.
Is it far fetched to think that down the road maybe certain spyware/rootkits/viruses will be able to disable UAC or get around it? If somebody did come up with malware that could disable UAC, sure you would notice UAC was turned off and it would raise a red flag, but the damage would have been already done.
Exactly, the best defence of your PC is not letting anything malicious get on it in the first place, rather than relying on the strength of your admin password and the OS's security code.
A lot of that, unfortunately, is common sense.
Agreed. UAC can be turned off through a simple registry edit from what I have read(msconfig also but that just changes the registry setting), I could be wrong. To me that would be the first thing a programmer would look to do if he was trying to create a piece of malware to take advantage of Vista. I think it's only a matter of time before that type of thing shows up and we see posts like..."UAC was somehow disabled on my Vista machine and now there's some crazy shit going on...any ideas?".
Yes. It is the "Administrator"-level account.
Or the person that knows more than they do. Administrators in an organization, etc.
This is what I LOVE about Vista. Everyone runs at the same level- anyone can, technically, access 100% of the system. It just requires permission/password to get to some of it. No more logging out (as some stuff you actually do have to log in as Admin under XP), and no more "Run As" for simple stuff like Device Manager- it automatically does it for you.
Don't get anything on it in the first place.
See, UAC stops anything from running right away. Thus, it is impossible to get infected with anything (in theory- of course you deal with users running themselves under Admin and not having a clue).
Basically, to get infected, you would have to physically allow the malware. You have to click that box- it is entirely your fault if you get infected.
Unknown-One
[H]F Junkie
- Joined
- Mar 5, 2005
- Messages
- 8,909
The problem with that is, when Joe Sixpack sees "Trojan" he thinks he's getting a pop-up ad for condoms.
Your average user doesn't know what to block and what to allow, they wont want to deal with it and will generally just start clicking "yes" on everything. Considering this demographic makes up the majority of computer users today, 90% of the Windows user base will simply not be able to use this security feature properly.
A registry edit would require a UAC prompt.
True. What if somebody created a piece of malware that crippled UAC entirely so you didn't get a prompt at all..not even the first time it was run? I don't know the inner workings of Vista well enough so I don't know how involved that would be to accomplish that. I just get the feeling eventually a rookit or virus is going to come out that is going to accomplish this. There's always somebody with too much time on their hands somewhere.
No, and this will explain why:
Vista, Admin rights, UAC, and You
I know this thread is getting long in the tooth, somewhat, but it doesn't negate the fact that both threads are so interrelated with each other that perhaps I should redo the content as a single post, who knows.
Even if they do learn to click allow- it is their own faults.
You can't just say "XXX didn't catch it" anymore.
It requires the user to click a box. It is 100% on the user's shoulders...
So I guess what this means, is software is as good as it is going to get... the next best thing is educating users.
The only way around that is for MS to test/certify software it knows is good. Which with all the version changes, etc would be extreemly hard. Plus, you would have people griping about Microsoft monopolizing the software because they won't let their games filled with Malware run.
You can't just say "XXX didn't catch it" anymore.
It requires the user to click a box. It is 100% on the user's shoulders...
So I guess what this means, is software is as good as it is going to get... the next best thing is educating users.
The only way around that is for MS to test/certify software it knows is good. Which with all the version changes, etc would be extreemly hard. Plus, you would have people griping about Microsoft monopolizing the software because they won't let their games filled with Malware run.
This thread should get a sticky. But it won't.
It's funny how little things like this make many columnists who get paid to pretend they are "knowledgable" seem like the hacks they really are. I belileve that it isn't just critics any more, that all columnists who are writing something that isn't going to have partisan bloggers frothing at the mouth prefer to write something critical. And then when some readers bitch at them, they can pull the "well get your own column" bit. Ironically, most of those columnists couldn't even write a widget for all the software they bash, but behave as if their word should be gospel.
But take that opinion for what it's worth. I'm speaking in general terms instead of naming names like an earlier post did, because I feel that the problem is fairly prevalent throughout the columnist community, and not just for technology (but definitely more consistant in tech than some others).
There are some big name software versions out there that have issues solved by the first post here. Office was named, but more specifically the Office add-on software (mappoint is a good example, in my experience) has this problem with older versions of the software (last generation). I have noticed fewer problems with things ranging from AutoCAD to GAIM by doing this quick little trick.
It's funny how little things like this make many columnists who get paid to pretend they are "knowledgable" seem like the hacks they really are. I belileve that it isn't just critics any more, that all columnists who are writing something that isn't going to have partisan bloggers frothing at the mouth prefer to write something critical. And then when some readers bitch at them, they can pull the "well get your own column" bit. Ironically, most of those columnists couldn't even write a widget for all the software they bash, but behave as if their word should be gospel.
But take that opinion for what it's worth. I'm speaking in general terms instead of naming names like an earlier post did, because I feel that the problem is fairly prevalent throughout the columnist community, and not just for technology (but definitely more consistant in tech than some others).
There are some big name software versions out there that have issues solved by the first post here. Office was named, but more specifically the Office add-on software (mappoint is a good example, in my experience) has this problem with older versions of the software (last generation). I have noticed fewer problems with things ranging from AutoCAD to GAIM by doing this quick little trick.
Or, as soon as MS starts doing it, Apple begins frothing at the mouth again with the "we've done that for years, copiers" raving.
Ah right well I've always disabled UAC, which essentially elevates my account to constantly have admin privilages.
On the note of UAC, I think that it's a great idea in practice, however users are users and at the end of the day if they see this prompt for EVERYTHING then they're going to get used to clicking "yes" or "accept" or whatever the button is called. It will become second nature before long and will become worthless as users are simply going to click yes for basically everything.
If you're going through that much effort and difficulty, your best OS is XP. Seriously. As one old saying goes...
"Don't come cryin' 'round here when the shit hits the fan..."
LOL, so true.
Like others have mentioned, it is amazing how many people complain that Microsoft is a monopoly, yet Apple isn't.
Microsoft sells software. The hardware market is wide open to everyone.
Apple dictates every single aspect of their systems- and they aren't a monopoly?
Anyways, thats why I don't think it would ever happen...
Yep, and like bzz's post... The best OS for you is XP.
Disabling UAC will cause more problems than not. Why use Vista when you are using it the same way XP already is?
Well, its obvious you have really never used Vista the way it was intended. If you had actually used it long enough to base your choice of keeping UAC or not, you would already have known that it rarely prompts you at all in your daily activites.
Like I said... You have really never given UAC a shot...
I just posted essentially the same thing in the other thread that's a companion to this one, so I'll repeat it more or less:
Please keep it civil in this thread, don't go personal, don't cross that line. "To each his own..." is a fantastic way to look at things. If someone doesn't want to run AV software, so be it, that's their choice and no one really has the right to say they should. Offer the advice, if they accept it great, if they blow it off, move on, don't keep dredging shit up.
I DO NOT want to see this thread locked; the information inside is too valuable, and if it does get locked it'll fall down, down, down and eventually out of the minds and eyes of new members that join the forum.
So please, a bump on occasion is great, but using personal stuff and personally tainted opinions is going a bit far.
Thank you for your cooperation... sorta.
Please keep it civil in this thread, don't go personal, don't cross that line. "To each his own..." is a fantastic way to look at things. If someone doesn't want to run AV software, so be it, that's their choice and no one really has the right to say they should. Offer the advice, if they accept it great, if they blow it off, move on, don't keep dredging shit up.
I DO NOT want to see this thread locked; the information inside is too valuable, and if it does get locked it'll fall down, down, down and eventually out of the minds and eyes of new members that join the forum.
So please, a bump on occasion is great, but using personal stuff and personally tainted opinions is going a bit far.
Thank you for your cooperation... sorta.
If you're going through that much effort and difficulty, your best OS is XP. Seriously. As one old saying goes...
"Don't come cryin' 'round here when the shit hits the fan..."
I wont be crying, I'll be busy putting into effect my recovery plan
I have various reasons for using Vista, being an early adopter to me is important because I work in the IT industry and when it comes to using Vista professionally I want to know it better than the back of my hand. Secondly I have 4Gb of RAM, I need a 64bit OS to address all of it correctly, and XP64 is quite bad. Thirdly DX10 is in vista only and I shall be swapping to DX10 hardware in the upcomming months. Besides Vista is a better OS in a number of other different ways.
Not sure about this comment, I think if Vista was intended for everyone to run UAC it wouldn't be an option to disable it, I think the intention is to give the user a choice.
Probably true, I didn't need to use it for very long to know I don't want it. Much the same way I didn't need to eat many sprouts to know they taste like crap and never to eat them again
hehe
harsaphes
Supreme [H]ardness
- Joined
- Aug 29, 2005
- Messages
- 5,330
non personal bump
There are some UAC options in the Local Policy if you don't want to turn UAC off completely. I found out about them from the Vista Guide at http://www.tweakguides.com/TGTC.html.
Start, Run, secpol.msc
Local Policies, Security Options
User Account Control: Admin Approval Mode for the Built-in Administrator account Disabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent
User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials
User Account Control: Detect application installations and prompt for elevation Enabled
User Account Control: Only elevate executables that are signed and validated Disabled
User Account Control: Only elevate UIAccess applications that are installed in secure locations Enabled
User Account Control: Run all administrators in Admin Approval Mode Enabled
User Account Control: Switch to the secure desktop when prompting for elevation Enabled
User Account Control: Virtualize file and registry write failures to per-user locations Enabled
Start, Run, secpol.msc
Local Policies, Security Options
User Account Control: Admin Approval Mode for the Built-in Administrator account Disabled
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode Prompt for consent
User Account Control: Behavior of the elevation prompt for standard users Prompt for credentials
User Account Control: Detect application installations and prompt for elevation Enabled
User Account Control: Only elevate executables that are signed and validated Disabled
User Account Control: Only elevate UIAccess applications that are installed in secure locations Enabled
User Account Control: Run all administrators in Admin Approval Mode Enabled
User Account Control: Switch to the secure desktop when prompting for elevation Enabled
User Account Control: Virtualize file and registry write failures to per-user locations Enabled
0ptional
Don't Trust Your Friends with Your Decanter
- Joined
- Feb 22, 2003
- Messages
- 5,593
oh-oh... now I get the part about the double post thing... anyway... useful.
Either way; disabling UAC basically renders the new security in Vista useless...
OS X and Unix/Linux have had security like this for a long time now (not as annoying, but still); and it's proven itself effective; it's about time windows got with the program here.
jstenuf
2[H]4U
- Joined
- Jun 10, 2002
- Messages
- 3,631
Bump
It's really weak that user has to go through all the hoopla to get the apps working properly. Even weaker is the fact that the user _needs to know_ the special steps to get things going right. It's fully possible to do the installation the wrong way and then get stuck with mysterious problems. Virtualization etc. abominations can occur.
lol, that's the worst argument against Vista that I've heard.
With every single OS out there- you have to know how to work the darn thing properly to sail smooth. OS X, Ubuntu- take your pick.
It's just like driving the car. I imagine you would like the car to change oil, so you don't have to go through the "hoopla" of doing it yourself?
Umm yes if the oil change required turning a special knob in the car prior to change in order to work properly - yes. Then after the change I'd have to start the car with special key in order to get the service done properly - yes. Surprisingly neither one of the steps is required for a normal and fully functional oil change.
Gorankar
[H]F Junkie
- Joined
- Jul 19, 2000
- Messages
- 11,107
Interesting analogy, but how does it apply here?? I mean, is it that much different or more difficult, than trying to get older software not written for that Os version to install and run in OsX and some Nix distros as compared to Vista?? Having used Vista, OsX, and several different Nix distros, my opinion is, not much or no, but your welcome to your own opinion..
The point is that Vista let's you 'kinda' install the software without even asking for administrative permissions even if one is required. This means that 8 out of 10 regular users will deliver a porked installation for themselves and then harass the customer service about it for nothing.