Aug 24, 2011
tom

Does UAC kill the need to run as a regular user?

Question

Professionally, I’ve run as a standard user for a decade, and had mastered all the little tips and tricks to administering an enterprise using nothing but runas. Now in trots UAC, and while it makes some situations easier… For the most part all this thing does it get in my way.

I’m an Administrator, Outlook is the only process running on my pc that doesn’t need elevated credentials! Yet I spend all day not only accepting prompts, but entering my password 200+ times a day. I believe in the REAL security UAC provides my environment, but the password over and over… it’s maddening.

My question is this, with UAC forcing us to run a standard user is it safe? Can we go back to the NT days. Would you trust UAC enough to just log in with your admin account? Does UAC do enough to protect your Domain credentials?

Update: Put another way do we place UAC on the same level as sudo? Yes there will be bugs, but can we start to reorganize how we do business around this feature, or is this to protect my mom(not ready for primetime)?

Answer

NO.

Check this out:
http://www.istartedsomething.com/20090131/microsoft-dismisses-windows-7-uac-security-flaw-insists-by-design/

And this:
http://www.withinwindows.com/2009/02/04/windows-7-auto-elevation-mistake-lets-malware-elevate-freely-easily/

EDIT

I think I might be out of date, I am not sure the current status of UAC now. According to this: http://blogs.msdn.com/e7/archive/2009/02/05/uac-feedback-and-follow-up.aspx they fixed the first issue.

Related posts:

  1. How to run a program marked as requiring elevation via UAC without actual elevation on Windows 7?
  2. Is there a correct way to turn off UAC, User Account Control, in Windows Server 2008?
  3. Windows 7 UAC requests escalated to sysadmins?
  4. Good reason for UAC on a server machine?
  5. Is disabling UAC on a Windows 2008 server a bad idea?

Leave a comment