Talk:User Account Control

Apple OS X comment
--- The concept was first introduced in Apple OS X, where a user with a limited account could type in an administrator password and continue installing software or making changes to system preferences. ---

I highly doubt this statement is true. —The preceding unsigned comment was added by Ephogy (talk • contribs).


 * Actually, OS X's system is derived from Unix, where root/user separation has been around since... forever, so you're right, the statement's not true. Windows Vista (NT 6) is just late to the party. 202.89.153.10 02:30, 5 February 2007 (UTC)


 * Good that was cleared up. But another thing. Under 'similarity to other operating systems': I don't know how Ubuntu works but the Apple Authorization Services do not AFAIK work through sudo. They wouldn't need to and that would only introduce a further element of risk. And redundancy.


 * I think this would be fair...
 * "The concept was first introduced has been implemented since 2001 in Apple OS X (10.1 Puma), where a user with a limited account could type in an administrator password and continue installing software or making changes to system preferences." 64.9.19.2 16:07, 16 February 2007 (UTC)

I don't think it should be in there at all. It's not important what Apple has done with this concept. If they had invented it, or Microsoft had claimed to have copied the idea from them, then it would make sense to include it. Since this is not the case, mentioning that Apple has done it makes no more sense than mentioning any of the hundreds of other OSs that do something similar. - 24.10.95.220 19:24, 24 February 2007 (UTC)

I think it should be in there. It doesn't matter that they don't claim to be the first with this. As this an encylopedia it should also give some background about the technology. Stating where this comes from gives credits to the original inventors of this idea. 89.98.157.119 21:19, 26 February 2007 (UTC)

Exactly. Without talking about sudo, this article would make it sound like we should be grateful to Microsoft for coming up with this innovative new feature. In reality, it's not an original concept, and so we ought to mention that. —Remember the dot (t) 21:49, 26 February 2007 (UTC)


 * And is there any evidence that this idea originated in sudo and not in something else? We don't have to sound grateful to the Linux/OSS community if they don't deserve the credit either. We could just say nothing about it.  iamthebob ( talk 05:30, 27 February 2007 (UTC)


 * You really are getting a bit ridiculous and tiresome at this point. You don't have to ask such questions - you can do like all good researchers (including those who work on encyclopaedias) and find the answers yourself. —The preceding unsigned comment was added by 62.1.220.135 (talk) 22:48, 7 March 2007 (UTC)

I think it's pretty clear that the idea came from the sudo command. If you read Security Features vs. Convenience you'll learn that Microsoft originally was going to have the user re-enter their password at the UAC prompt, similarly to Ubuntu's gksudo interface. It's inconceivable that Microsoft would have independently come up with the idea when it had already been present in other operating systems for years. —Remember the dot (t) 05:36, 27 February 2007 (UTC)


 * Prior to the onslaught of viruses and worms Microsoft would never have considered temporary privilege escalation. They didn't worry about privileges at all. Cutler's API for NT includes use of access tokens but once inside attempts to bridge past these tokens usually take the form (for admins) of assuming ownership of resources owned by the system (SYSTEM account). There is no way for an NTx users to pose as another user; there is no viable usable 'root' account; admins don't need those privileges as they can do anything anyway; yes it's a mess. sudo didn't start with Unix but it's an integral part of it today and if Microsoft are following the lead of Unix in establishing better access controls then it's obvious they're following the lead here. Ask yourself this: when is the first time you saw a privilege escalation dialog in Windows? QED. Several years ago Microsoft claimed to have invented the 'hard link' too. Microsoft steal a lot - they don't invent much. But we all know that so what's the big deal? —The preceding unsigned comment was added by 62.1.220.135 (talk) 22:48, 7 March 2007 (UTC)

Possible addition to UAC history. Why is XP not noted?
XP was an innovative step forward towards UAC and gets very short shrift in the text. ("Later operating systems had slightly more...") This is an article about Vista's UAC and thus should at least mention its immediate predecessor.

XP, for certain, has the essential features as described in the subject of UAC, ergo it must be "early UAC". This is verifiable by anyone with XP Administrator rights that created limited accounts: that can only: change or remove your password, change your desktop picture, theme, desktop settings, view files you created (but no one else can view them), and use the shared documents folder.

As for "...slow on the uptake" at schools around the nation that have XP on student and teacher computers, their IT departments rely heavily on XP's UAC to keep students or teachers from installing malware or unlicensed copies of software to avoid viruses, worms,(and thus costly time wasted fixing those problems) or expensive royalty settlements for pirated software as well as account privacy on networks. UAC was one of the truly innovative features of Windows XP home oriented operating systems. (Verifiable from my personal experience or a few phone calls to I.T. departments but essentially common sense - having realized the fiscal advantage of not allowing anyone to run anything many help desks and tech guys spent far less time/money undoing problems with XPs "limited accounts."

Vista has elaborated greatly on this basic concept of privileges to dramatically increase its flexibility and protection from files or new hardware the user thought to be safe but that Vista wants you to approve. Still, truly individual accounts and thus comparatively but significant UAC for Microsoft home started with XP.

=
End of likely relevant material 65.78.157.53 (talk) 03:01, 13 August 2008 (UTC)thescottguy 6:30 August 12, 2008  =========

Merge in Run as administrator
Are there any objections to merging in the article Run as administrator? This command is really just another aspect of UAC. When a user clicks "Run as administrator", the dialog that pulls up is titled "User Account Control". —Remember the dot (t) 06:11, 10 March 2007 (UTC)


 * Sounds like the right thing to do... no sense in duplicating effort. -/- Warren 06:14, 10 March 2007 (UTC)


 * I think I disagree - I think there's enough things on User Account Control's list of things to cover, that Run as administrator has merit as a separate article. I believe the concept that processes started by Administrators don't run as Administrators without this, is distinct enough from the idea that non-administrators can start processes as an administrator given an administrator password to not be the same.  I also note su (Unix) and Unix security are separate.  Further, the link to User Account Control, especially when it's a fully-developed page, may not make sense to someone who is just looking for a context-developing explanation of run as administrator as it may have simply been used in a sentence.  As an example I note the current state of the GPS article.  GPS has an exact meaning that's different to people - to some, it's a satellite network, to others it's that thing in their car.  If a person who's never heard of a GPS receiver goes to look up GPS, he's overwhelmed with a single page detailing all kinds of technical information about "coarse acquisition codes" and L1 carriers and wide-area-augmentation-system, when really all he wanted to know was what that thing in his friend's boat was.  Finally, the concept of "Run as administrator" isn't and won't only be unique to Vista, while User Account Control most certainly is.  Run as administrator ought to be separate so it can cover the same concept as it relates to multiple operating systems. Reswobslc 18:11, 10 March 2007 (UTC)

This article is all about "Run as administrator" in relation to UAC. It doesn't focus on the general computer security concept. —Remember the dot (t) 19:17, 10 March 2007 (UTC)


 * You are right... but I am still not sure merging it with UAC gives the resulting redirect the right meaning. Run as administrator is an example of privilege elevation that happens to be part of Vista.  If there is an article on Privilege elevation somewhere (under a different title, or we were to start one), redirecting there (and explaining relationship to UAC) would make more sense to me. Reswobslc 21:49, 10 March 2007 (UTC)


 * User:Remember the dot and I have it in mind to do pretty much exactly that. The tricky part is the naming, because there's no industry-wide term that describes this.  See our talk pages for a discussion on potential names.... -/- Warren 22:47, 10 March 2007 (UTC)


 * We could essentially make up a title that encompasses the concept. There is no WP:OR problem with making up appropriate titles as there would be with making up article content.  I've done it before - I made up the title Diaphragm spasm to describe "getting the wind knocked out of you" because I couldn't find anything better in use, and neither could anyone else.  For this purpose, I would consider Privilege elevation, or perhaps Single-process privilege elevation to denote the common recurring theme among all of these - that a single process under a user's control is getting special perks. Reswobslc 00:33, 11 March 2007 (UTC)

Actually, WP:NOR says original research includes defining or introducing new terms. Thus, the title we choose should not imply that it is the authoritative term for the concept, and the title Diaphragm spasm is inappropriate.

Also, the article is going to focus on comparing the various methods. It will only include a short explanation of the concept.

Finally, "privilege elevation" sounds a lot like privilege escalation, which is quite different from what we're trying to cover. Were we to use the term "privilege elevation", it's quite possible that readers would be confused.

For these reasons, I stand by Comparison of privilege authorization features. —Remember the dot (t) 00:50, 11 March 2007 (UTC)


 * If you're so sure Diaphragm spasm is inappropriate, then walk the wiki-walk (instead of talking the talk) and move the page to the more correct term. (There's got to be some Latin-sounding ouchus my lungus hurtus-ish phrase out there that fits that's officially correct). Secondly, if you're saying what the article will be, and that it will be a comparison, that sounds to me like you plan to synthesize some original research... unless of course you can name that source that has already done that for you that you'll be referencing.  That's all fine with me, but leave the merging of a non-OR article out of it. Reswobslc 01:39, 11 March 2007 (UTC)

OK. I redirected moved Diaphragm spasm to Getting the wind knocked out of you. To answer your other concern, we'll be citing reliable published sources, such as software documentation, in putting together a comparison of the various programs. —Remember the dot (t) 03:58, 11 March 2007 (UTC)


 * "Getting the wind knocked out of you" is not the right title because the encyclopedia isn't supposed to refer to the reader with the word "you". WP:MOS.  A "better" title would be the medical word for it, other than a reference to a spasm of the diaphragm.  Second, taking cited reliable published sources and using it to synthesize your own comparison and analysis is still original research.  But don't let me stop you, go ahead and spend the time writing it.  If it is what I'm guessing it is, then it can be nominated for deletion and considered from there.  Reswobslc 05:08, 11 March 2007 (UTC)

The Manual of Style is a guideline. There are occasional exceptions, as in this case. If you know the medical term for this, feel free to go ahead and move the article to that title. But do not make up a term for it and imply that your term is authoritative. If you have an authoritative source that states that "diaphragm spasm" is indeed the correct term, then cite it. "Googling it", as you suggested does not constitute an appropriate citation.

Please read Attribution — We do not need to cite a source to say 2 + 2 = 4. The idea is to say "this program has this feature." "That program has that feature." "The two features are similar." For example, UAC runs in the secure desktop, graying the screen and preventing malicious applications from simulating keystrokes, movements of the mouse, etc. This behavior is well-documented. gksudo grays the screen and "grabs" the keyboard and the mouse, again to prevent malicious applications from simulating keystrokes and movements of the mouse. Again, this is a documented behavior. We do not need to cite a source to say that UAC and sudo behave similarly in this aspect. It's obvious that they are.

On a more general scale, we don't need to have a source that spells out that UAC and sudo exist for similar reasons. UAC exists to prevent applications from having administrative privileges unless expressly authorized. sudo exists to prevent applications from having administrative privileges unless expressly authorized. Do we really someone outside Wikipedia to point out that UAC and sudo are similar? —Remember the dot (t) 05:53, 11 March 2007 (UTC)

File & Registry virtualization
The section on File & Registry virtualization at Security and safety features new to Windows Vista is far more comprehensive than the one line on it that was in this article; so on the basis that that section is *supposed* to be a shortened summary of this article, I've copied it over to here (rephrasing the intro to read more technically with less fluff on the basis that this article seems to be aimed at a more technical audience that Security & Safety...). Simxp 23:03, 15 April 2007 (UTC)

UAC configuration
There are a number of things that can be configured about UAC. I would like to add these items with a short description. Here is the list:

Behaviour of the elevation prompt for administrators in admin approval mode This options can be used to turn off UAC (no prompt), turn UAC on. UAC on comes in two tasts (default) prompt for consent or prompt for credentials.

Behaviour of the elevation prompt for standard users ...

Admin approval mode for the built-in administrator account ....

Detect application installations and prompt for elevation ...

Switch to the secure desktop when prompting for elevation ...

Only execute executables that are signed and validated ...

Run all administrators in Admin Approval Mode .... --Tom.fransen 17:56, 9 July 2007 (UTC)

Alternatives should be mentioned
As far as talking about User Account Control, such things like Tweak UAC and Smart UAC should be mentioned. That would be fair, because the article has the "Criticism" but doesn't say a thing about these programs. Besides, that will be a useful information for readers. 2:30, 17 September 2008 (UTC)

Regarding the Idea that Windows 95, 98 and ME are multi user operating systems. They aren't.
Please read The Wikipedia article on Multi User operating systems. http://en.wikipedia.org/wiki/Multi_user

Multi-user is a term that defines an operating system or application software that allows concurrent access by multiple users of a computer.

Windows 95, 98 and ME did not have this feature, yes you could create two accounts so more than one person could use it and have different settings, but they couldn't both use the computer at the same time. This is not the same as being a multi-user operating system.

One of the significant things is that if two people are going to use the computer at the same time there has to be a way of dealing with conflicts, if two people want to open the same file and make changes then the OS has to have a way to resolve this, similarly if two people want to use the same resources the OS must be able to deal with this. These features were not present in the aforementioned OSs, the permissions model was very simple, there was read only, and not read only, the file system was not adequate for a multi-user OS. The multiple account feature in these operating systems was just a matter of profiles, it would save the settings of those individuals. There was still one account with super user rights, you could just load a custom profile that would change the settings of the computer. With any login you could edit delete, move, delete. Perform admin actions that would affect the other users.

As such Windows 95, 98 and ME were not, are not and never will be multi-user operating systems.

= So please stop changing the article to say they are.

possible addition to Windows 95, 98, etc security
===========================

Total control by anyone = no true control and thus, no true security. The fact that you could bypass a so-called password log-in with a tap of the ESC key deserves mention as an excellent example of the lax security inherent in outmoded Windows operating systems. (Windows 98 Secrets Livingston and Straub, page 123, 1998)

=
========== end of possible addition to Windows 95, 98 ME section =======65.78.157.53 (talk) 03:01, 13 August 2008 (UTC)thescottguy 8/12/08 7:45 PM ======== Very little gravitas indeed (talk) 11:29, 6 December 2007 (UTC)


 * As the above paragraph notes, Windows 9x was single user and permissionless; so to point to the fact that you could bypass a login dialogue as an example of "lax security" is rather straining incredulity. Is an insecure door lock in a house with no walls a security flaw?  (Also, this is an article about a Windows Vista feature; why should there be a Windows 9x section?) -- simxp (talk) 11:30, 18 August 2008 (UTC)
 * However, the current wording is wrong. It currently says that you can only have a single user account on the systems, although you can in fact have several accounts. Never mind that you can only use at most one at a time and that all accounts have the same permissions, there may still be several accounts. (Stefan2 (talk) 22:04, 3 September 2011 (UTC))

Insert a "security shield" image
An SVG image of the four-colored Windows security shield should be inserted into the page; it will help readers understand what is meant by the "4-color security shield symbol" mentioned in the section "Tasks that trigger a UAC prompt". Dragon 280 (talk) 21:48, 24 March 2008 (UTC)

If you need to know why, it's a dedicated image, rather than a small piece of a larger image. Dragon 280 (talk) 04:05, 9 June 2008 (UTC)

Question about ShellExecute call and flashing taskbar icon
The article talks about using ShellExecute to get a new process running with admin privileges. It says that the elevation prompt will appear as a flashing icon in the taskbar unless an HWND is supplied. I believe that the opposite is true -- you get a flashing icon unless the HWND value is NULL. I've verified this on my machine, but I don't want to change it unless someone else can duplicate the behaviour. —Preceding unsigned comment added by 209.82.10.194 (talk) 22:58, 6 May 2008 (UTC)

Confirmed. Valid HWND -> Flashing icon in the taskbar. —Preceding unsigned comment added by 62.181.255.31 (talk) 12:23, 8 December 2009 (UTC)

Where is the LEACfg tool?
This mysterious tool is mentioned with no references to where it might abide? Also that section needs copy editing as of 2008-09-10.


 * It is a command prompt application. It is integrated into the system. For regular users, it does not abide anywhere. If you wish to use it, go start -> run -> cmd -> LEACfg . This does not need to be mentioned though, as it is a command line tool. It's already explained implicitly how to use it, as these instructions are generic to all command line tools.
 * As an illustration, imagine if every food related artical explained the mechanics of ingesting food. This is not needed and neither is it here.
 * However, LEACfg appears not to exist. I've had a go at locating it myself but failed. I shall remove the reference to it for now, and replace it with command line instructions.
 * --Naznomarn (talk) 10:44, 19 October 2008 (UTC)

Whitelist
Is it possible to whitelist programs so UAC doesn't pop up every time you want to open a program? --88.114.42.122 (talk) 17:37, 12 May 2009 (UTC)
 * Probably there is no whitelist. - http://www.sevenforums.com/system-security/120643-add-exceptions-uac.html Andrej7 (talk) 05:58, 25 September 2012 (UTC)

Configuration Section
The section on Configuration definitely doesn't seem encyclopedic. There is information about the control panel way to turn off UAC, so there is probably no need for the command line information (which is not even the best way to do that). Any other thoughts? -anabus (Talk to me) 19:55, 20 July 2009 (UTC)

Sophos study
The Sophos study seems incredibly inconclusive.

The study seems to show that 8 out of 10 viri 'Ran'.

Of course they 'Ran' !? UAC is not designed to block suspicious executables! It is designed to limit their damage to the system!

To be fair to Microsoft, this 'criticism' of UAC's prowess is completely unfair — Preceding unsigned comment added by Podraigporridge (talk • contribs) 03:15, 28 December 2011 (UTC)

What is elevated mode?
I'm not familiar with Windows, and need to use it to run chkdsk since fsck isn't working... Anyway, I got weird errors when I tried running chkdsk and couldn't find an equivalent of sudo. — Preceding unsigned comment added by 64.118.122.163 (talk) 22:21, 27 November 2012 (UTC)

Administrator account
After reading the article, one thing still isn't clear enough to me: does UAC makes unnecessary the creation of separate accounts, one for installing software, and the other for normal day-to-day usage?

One thing was true until Windows 7: the user shouldn't use the Admin account all the time. It needed to have a normal-account for day-to-day use, and an admin account only for making system changes. But with UAC, even and admin need to "authorize" applications to make changes, without this need of logging out and logging in again. So, nowadays, it's not necessary to have separate accounts anymore?

--MisterSanderson (talk) 19:55, 9 April 2019 (UTC)

What "convenience"?
Under section 5/"Security" it says UAC does not provide any security whatsoever and is merely a "convenience feature", can someone explain to me what that even means? If a program or function is meant to provide security, but doesn't, then what "convenience" does it provide exactly? Billy7 (talk) 14:29, 13 November 2022 (UTC)