Vista UAC Broken?

[senorcarne]

I have turned on and off Vista's User Account Control many times.
When I installed AIM, and had the issue where you need to have UAC on during install or else you lose your network connectivity status, the only cure I found was to enter a command line entree: basically, it added local users to the Administrators group. This was cited as a security hole by many sites, so I removed Local users from this group. I then turned UAC on, uninstalled and reinstaleld AIM, and everything was fine.

But now, I have User Account Control turned on. However, I never get the pop up dialog whenever I do something administrator-like. For example, I can open command prompt, type something in, and it won't work. When I right click the icon, click Run As Administrator, I don't get a prompt, command line just opens.

How do I fix this?

 

[Finn]

Why would you want to fix it? It's an annoyance so you're better off without it.

UAC is the lamest thing I've ever seen in an OS. Not only it brings nag screens for the most trivial of tasks, it moves or deletes files with no consent from the end user. A very very dangerous feature, worse than any virus I've seen to date.

 

[milkweg]

I don't know the answer but I am noticing that UAC isn't all it's cracked up to be too. Sometimes when I try to delete files UAC prompts me twice before I can delete them and other times I can just delete them with no prompt at all. Also, I can run portable eraser and wipe any HDD I want with no complaint or prompt from UAC. I'm beginning to think UAC is mostly smoke and mirrors to make people think they are secure.

 

[jasonlitka]

I don't know the answer but I am noticing that UAC isn't all it's cracked up to be too. Sometimes when I try to delete files UAC prompts me twice before I can delete them and other times I can just delete them with no prompt at all. Also, I can run portable eraser and wipe any HDD I want with no complaint or prompt from UAC. I'm beginning to think UAC is mostly smoke and mirrors to make people think they are secure.

I believe you only get prompted for file system changes in "system" areas like your Windows folder or Program Files.

 

[milkweg]

Nope, when I delete files from a folder that is not even on the OS partition I get prompted *twice* by UAC if I want to continue to delete them.

 

[devman]

Nope, when I delete files from a folder that is not even on the OS partition I get prompted *twice* by UAC if I want to continue to delete them.

Was that partition created by this instance of Vista you installed? You may just need to assume ownership of all the files on it, if you already own those files then go to properties in the root, security tab, advanced set yourself to full control and propagate those settings to all child nodes, then apply.

 

[Grentz]

A lot of the so called "issues" are more just lack of the user knowing what permissions and such are on the files/folders.

I have not seen any issues with UAC in the sense of prompting at the wrong time, it is pretty easy to know when it is going to prompt and when it is not after using it for awhile and if you know how file/folder ownership and permissions work and note that sometimes programs will modify them without you necessarily knowing.

 

[milkweg]

Permissions already says I have full control.

 

[pxc]

A lot of the so called "issues" are more just lack of the user knowing what permissions and such are on the files/folders.

Yep.

I got tired of pointing people towards learning how to use ACLs. It's pretty simple and lets the user control security in a very fine grained way. People just like to complain instead of learning anything "new" (ACLs are really nothing new).

 

[TechieSooner]

Permissions already says I have full control.

Just because you have full control doesn't mean you have ownership.

A lot of the so called "issues" are more just lack of the user knowing what permissions and such are on the files/folders.

QFT.

 

[JustLong]

UAC also "protects" files and folders in the root of any drive, not just the system drive.

 

[milkweg]

Nice to see people blaming the innocent user instead of Microsoft's flawed UAC. Typical fanbois. If I want I can wipe any Vista HDD from a thumbdrive using portable Eraser and UAC will never kick in. Yea, real great that UAC and how it protects the user from unauthorized activity. <smirk>

 

[gtg465x]

Nice to see people blaming the innocent user instead of Microsoft's flawed UAC. Typical fanbois. If I want I can wipe any Vista HDD from a thumbdrive using portable Eraser and UAC will never kick in. Yea, real great that UAC and how it protects the user from unauthorized activity. <smirk>

UAC is not flawed, and I'm able to prevent your little program from wiping my drive. I use a little tool called my fist. No one sticks anything in my computer without my permission.

 

[Martyr]

Nice to see people blaming the innocent user instead of Microsoft's flawed UAC. Typical fanbois. If I want I can wipe any Vista HDD from a thumbdrive using portable Eraser and UAC will never kick in. Yea, real great that UAC and how it protects the user from unauthorized activity. <smirk>

your attitude is not welcome on this forum, others with it were deal with over a year ago. this is not slashdot, gtfo.

 

[Finn]

your attitude is not welcome on this forum, others with it were deal with over a year ago. this is not slashdot, gtfo.

ROFL oh so you're against truth and want to only have fanbois patting eachothers on their backs? Right..

 

[TechieSooner]

Nice to see people blaming the innocent user instead of Microsoft's flawed UAC. Typical fanbois. If I want I can wipe any Vista HDD from a thumbdrive using portable Eraser and UAC will never kick in. Yea, real great that UAC and how it protects the user from unauthorized activity. <smirk>

That is the most idiotic thing I've heard. I thought I detected this early on, but I thought "surely he isn't suggesting what I think he's suggesting"...

Give me an example of ANY OS, that can protect against an eraser program wiping the drive???? You'll come up dry. Fact of the matter is, once the system is shut down, you can do whatever the heck you want to with the contents of that drive (requires local access though, and like already said: physical security is just as important at that point).

There is no active protection of any kind running when it is shut down- therefore you can wipe it out. You can do this with Mac OS, you can do this with Linux, and you can do this with Windows.

 

[JustLong]

He could be referring to how XP would execute a program on thumb drive when inserted. So all he would need to do is plug it into a running PC and nuke it.

Thankfully Vista fixes that security hole and asks if you want to execute the program.

Is he is suggesting boot from a thumb drive he is an idiot.

 

[TechieSooner]

He could be referring to how XP would execute a program on thumb drive when inserted. So all he would need to do is plug it into a running PC and nuke it.

Yes but... what does UAC run on? Vista.
What's the title of this thread? Vista.
What are we talking about? Vista.
What are we talking about? UAC.
What does UAC run on? Vista.
Repeat.

So, by relationship:

Is he is suggesting boot from a thumb drive he is an idiot.

 

[JustLong]

Yes but... what does UAC run on? Vista.
What's the title of this thread? Vista.
What are we talking about? Vista.
What are we talking about? UAC.
What does UAC run on? Vista.
Repeat.

So, by relationship:

My thought was he probably has never used Vista and assumed the same exploit would work.

 

[senorcarne]

Well, for me, I know UAC is definitely broken. (Thread starter btw)

I have Vista on two computers. One prompts me every time I move my mouse, so I know UAC is working. The other one has it enabled but I can delete my entire C:\Windows folder without any notice. So I know that one is not working. And I want it to work.

 

[JustLong]

Well, for me, I know UAC is definitely broken. (Thread starter btw)

I have Vista on two computers. One prompts me every time I move my mouse, so I know UAC is working. The other one has it enabled but I can delete my entire C:\Windows folder without any notice. So I know that one is not working. And I want it to work.

Compare the keys under [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] on the two machines. Are there any not set the same?

Here are the default Settings from a Clean install of Vista Ultimate SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"EnableUIADesktopToggle"=dword:00000000

 

[TechieSooner]

I have Vista on two computers. One prompts me every time I move my mouse, so I know UAC is working. The other one has it enabled but I can delete my entire C:\Windows folder without any notice. So I know that one is not working. And I want it to work.

If that is true, you have a crapped system, that's for sure...

Have you enabled/tweaked UAC in any way? Interesting that it is doing that...

Only thing I can think of is you took ownership (or shut UAC off) C:\Windows.

 

[xxEIEIOxx]

Well, for me, I know UAC is definitely broken. (Thread starter btw)

I have Vista on two computers. One prompts me every time I move my mouse, so I know UAC is working. The other one has it enabled but I can delete my entire C:\Windows folder without any notice. So I know that one is not working. And I want it to work.

You're not running as THE Administrator are you? That would allow it to be on, and not prompt you.

 

[senorcarne]

well first of all, i never actually tried deleting C:\Windows, since I'm not stupid. But I used it as an example - it never prompts me.

As mentioned in the first post, I turned off UAC when I first installed vista. Edited the Administrators group in the command prompt, turned UAC on (as part of an AIM bug - if you google it and find out more, you may be able to help), removed the "local users" from the Administrators group, and UAC has been weird ever since.

 

[TechieSooner]

lol... so you modify the system, and wonder why the permissions don't work right?
By far not a normal situation, and I don't think warrants a blanket statement that "UAC is broken"

 

[senorcarne]

no lol
well yeah, i modified the system
but i undid my modification
and it's still acting eratically.

 

[xxEIEIOxx]

well first of all, i never actually tried deleting C:\Windows, since I'm not stupid. But I used it as an example - it never prompts me.

As mentioned in the first post, I turned off UAC when I first installed vista. Edited the Administrators group in the command prompt, turned UAC on (as part of an AIM bug - if you google it and find out more, you may be able to help), removed the "local users" from the Administrators group, and UAC has been weird ever since.

What edit did you make to the Administrators group?

 

[milkweg]

UAC is not flawed, and I'm able to prevent your little program from wiping my drive. I use a little tool called my fist. No one sticks anything in my computer without my permission.

Nice forum. I get one guy swearing at me and another threatening me with bodily harm.

 

[milkweg]

your attitude is not welcome on this forum, others with it were deal with over a year ago. this is not slashdot, gtfo.

gtfo = GET THE FUCK OUT Wow, such language and you are not even a mod.

 

[milkweg]

That is the most idiotic thing I've heard.

You misunderstand. I'm talking about when the OS is up and running.

 

[milkweg]

My thought was he probably has never used Vista and assumed the same exploit would work.

Nope, I am not that much of an idiot. Vista allows portable Eraser to delete files at will with no prompt and yet when I press the delete key it has to ask me twice to delete a file that I am sure I want to delete. This is a program that is just an exe file and doesn't even need to be installed to be usable. If UAC is so great shouldn't it be making progs like this require admin privileges to be able to wipe files or the HDD? If I use MP3Tag to re-write tags in the mp3 files I need admin privilege and yet it allows Eraser to delete files with no prompt at all. Odd. And yet you guys still insist UAC is perfect.

 

[TechieSooner]

What edit did you make to the Administrators group?

Same thing I wondered.

You *could* try sfc /scannow but it probably won't reverse customization settings like that.

You misunderstand. I'm talking about when the OS is up and running.

And everyone here could call BS on this. Simply doesn't happen. I use PortableApps myself, just tried this on a file inside C:\Windows, got a prompt right away.
As a matter of fact, I got one prompt when I stuck the drive in asking me to run the EXE or not, and a second one asking if I wanted to let it have access to C:\Windows when I ran it.

If you want help (although I *may* be accurate in assuming you just want to complain about it), please do like the poster above did... tell us what exactly you've done to UAC and your permissions.

 

[senorcarne]

http://forum.notebookreview.com/archive/index.php/t-185622.html

This is someone talking about the AOL Instant Messenger on Vista error and how to fix it. They specifically say to type this into command line:

net localgroup Administrators NT Authority\Local Service /add

I added this, everything was fine. Then I typed this:

net localgroup Administrators NT Authority\Local Service /delete

And everything was back to, seemingly, before I made any edit, but with the AIM problem fixed. But now UAC doesn't prompt me with anything.

 

[gtg465x]

Nice forum. I get one guy swearing at me and another threatening me with bodily harm.

Can you take a joke?

By the way, your argument about Portable Eraser makes no sense. What would you suggest UAC do in this situation? As long as someone doesn't leave their computer logged in and unattended in a public place, then this tactic presents no security threat. And if someone does do that, theft is a much greater risk than this.

 

[TechieSooner]

How long ago was this? Did you try a system restore?

Did you look at this?

net localgroup Administrators

This should give you a list of the Members of the Administrators group. like this:

C:\Windows\system32>net localgroup administrators
Alias name administrators
Comment Administrators have complete and unrestricted access to the compu
ter/domain

Almost sounds to me like you never removed the group, therefore it still has Admin.

 

[JustLong]

Nope, I am not that much of an idiot. Vista allows portable Eraser to delete files at will with no prompt and yet when I press the delete key it has to ask me twice to delete a file that I am sure I want to delete. This is a program that is just an exe file and doesn't even need to be installed to be usable. If UAC is so great shouldn't it be making progs like this require admin privileges to be able to wipe files or the HDD? If I use MP3Tag to re-write tags in the mp3 files I need admin privilege and yet it allows Eraser to delete files with no prompt at all. Odd. And yet you guys still insist UAC is perfect. You are dumbasses.

Well then how much of an idiot are you?

No one here said UAC was perfect.

Also by default you ARE and admin in Vista. Are you able to get this program to run when you are logged on as a member of just the "users" group?

 

[JustLong]

How long ago was this? Did you try a system restore?

Did you look at this?


Almost sounds to me like you never removed the group, therefore it still has Admin.

Even if you are a member of the adminstrators group you will still get UAC prompts.
Only the actuall administrator will not get UAC prompts. Accounts not in the administrators groups will get the really annoying UAC prompts that ask for credentials to an account that has access to do the requested action.

 

[Finn]

Well it's clear UAC is completely broken even without modifications. First of all, the virtualization is a horrid mess! It moves and/or deletes files without user consent or notification, breaking database applications in programfiles for example, or just moving .ini files away from where they should be.

Second it nags for the most trivial of tasks such as renaming a desktop icon. For christs sake there's nothing dumber than that. People will get so bored with the constant prompts for nothing that they will automatically click ok every time it pops up after a while - or disable it.

Third the idea of 'protecting' programfiles folder is a born dead one. System I could understand but programfiles is just retarded. It causes so much trouble in many ways. Imagine being a game support person for example: Earlyer you could direct the users by phone - go to program files, game folder, subfolder this and that and you'll find item X. With Vista.. oopps.. they can be literally ANYWHERE behind a long path depending on how the users profile is built. Just retarded.

 

[odoe]

Can everyone please relax and continue with the discussion without the fisticuffs.

Thank you.

 

[Azhar]

edit: wrong post