Windows Vista User Account Control (UAC) - love it?

There has been a raging debate inside and outside of Microsoft about the new security feature in Windows Vista called UAC.  UAC stands for User Account Control.  The debate has raged mostly about the effectiveness of the feature.  Do a search on www.live.com for vista uac and you’ll see what I mean.  The mainstream press has even  decided this topic is worthy of  “debate”.

By effectiveness, I mean that most of the negative articles mention that your are prompted so often for elevation consent, that you become a drone hitting the enter key without really looking closely at why you are being prompted.

Let’s get one thing straight about the feature set… you can control this.  In the snip I have posted, you can see the policies that are available that control the behavior of this feature.

UAC policy

The policies can be set and controlled locally via secpol.msc, or via a Windows Active Directory Group Policy.  In the snip above, you can see I took a harsh stance on the policies for my machine.  I’m currently running a Windows Vista Beta 2 release candidate and have been running with these policies for over three weeks.

Keep in mind Windows Vista is in development.  You get to tell us what is the right balance of security and control.  Windows Vista Beta 2 is almost ready.  Install it and try it for yourself.  Post feedback to the UAC blog at https://blogs.msdn.com/uac/archive/2006/01/22/516066.aspx where they’ve outlined the settings and their meanings.

See the Step-By-Step at https://www.microsoft.com/technet/windowsvista/library/0d75f774-8514-4c9e-ac08-4c21f5c6c2d9.mspx

See https://www.microsoft.com/technet/windowsvista/security/uacppr.mspx for more information.

See the Application Compatibility article at https://www.microsoft.com/technet/windowsvista/deploy/appcompat/acshims.mspx.  This is a very nice resource and you should devote some time to reading that article (recently updated).