There has been a raging debate inside and outside of Microsoft about the new security feature in Windows Vista called UAC. UAC stands for User Account Control. The debate has raged mostly about the effectiveness of the feature. Do a search on www.live.com for vista uac and you’ll see what I mean. The mainstream press has even decided this topic is worthy of “debate”.
By effectiveness, I mean that most of the negative articles mention that your are prompted so often for elevation consent, that you become a drone hitting the enter key without really looking closely at why you are being prompted.
Let’s get one thing straight about the feature set… you can control this. In the snip I have posted, you can see the policies that are available that control the behavior of this feature.
The policies can be set and controlled locally via secpol.msc, or via a Windows Active Directory Group Policy. In the snip above, you can see I took a harsh stance on the policies for my machine. I’m currently running a Windows Vista Beta 2 release candidate and have been running with these policies for over three weeks.
Keep in mind Windows Vista is in development. You get to tell us what is the right balance of security and control. Windows Vista Beta 2 is almost ready. Install it and try it for yourself. Post feedback to the UAC blog at http://blogs.msdn.com/uac/archive/2006/01/22/516066.aspx where they’ve outlined the settings and their meanings.
See the Step-By-Step at http://www.microsoft.com/technet/windowsvista/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d9.mspx
See http://www.microsoft.com/technet/windowsvista/security/uacppr.mspx for more information.
See the Application Compatibility article at http://www.microsoft.com/technet/windowsvista/deploy/appcompat/acshims.mspx. This is a very nice resource and you should devote some time to reading that article (recently updated).