Security

More user options with User Account Control in Windows 7 Beta

In order to improve UAC’s image while still providing this type of security, Microsoft has modified UAC in Windows 7 Beta to give more control to the user when deciding how UAC works. Greg Shultz takes a closer look at the new UAC features shown in Windows 7 Beta.

In Windows Vista, Microsoft introduced User Account Control (UAC), which is designed to mitigate the impact of malware by locking down the desktop (the Secure Desktop feature) and displaying a notification dialog box that warns you of a possible unauthorized operation and prompts you to confirm or deny the operation.

This system will prevent unauthorized applications from automatically installing as well as prevent users from inadvertently making detrimental changes to system settings.

In Vista, UAC is very strictly controlled -- you either have it on and in full-force protection mode or you disable it completely and fend for yourself; there is no middle ground. This extreme level of security is often mentioned as a big source of users' extreme dislike of Vista.

In order to improve UAC's image while still providing this type of security, Microsoft has modified UAC in Windows 7 Beta to give more control to the user when deciding how UAC works. In this Windows Vista Report, I'll take a closer look at the new UAC features shown in Windows 7 Beta.

Note: Keep in mind that this is a Beta version and that the look and features of UAC that I will discuss here may very well change between now and the time that Windows 7 is actually released.

This blog post is also available in PDF format in a TechRepublic download.

User Account Control settings

In the Windows 7 Control Panel, you can find a new tool called User Account Control Settings that is accessible from both the Action Center and User Accounts. (The Action Center is essentially a combination of Vista's Security Center and a new Maintenance interface that includes backup and troubleshooting tools.) When you access User Account Control Settings, as shown in Figure A, you'll see that the main control is a slider bar that allows you to choose one of four different UAC levels. Let's begin by looking at the default setting.

Figure A

The new Windows 7 User Account Control Settings allow you to choose one of four different UAC levels.

The Default level

As you can see here, the Default setting is on the second level down. At this level, UAC notifications and the Secure Desktop will appear only when programs try to make changes to your computer that require administrator-level permissions. You will not see UAC notifications when you try to make changes to Windows settings that require administrator-level permissions. This setting provides a medium level of security and will more than likely be satisfactory to most users. For example, at this level I can open and run such things as Computer Management or Disk Defragmenter without encountering a UAC. However, when I launched the AVG antivirus and the installation program launched, Windows 7 displayed the UAC notification shown in Figure B, and the Secure Desktop locked down the system -- the desktop dimmed and was inaccessible.

Figure B

At the new default UAC level, notifications will appear when programs try to make any changes to your computer that require administrator-level permissions.

The Always Notify level

The first level is labeled Always Notify and is shown in Figure C. Of course this level represents the default setting used in Windows Vista. At this level, UAC notifications and the Secure Desktop will appear when either programs or you try to make changes to your computer that require administrator-level permissions.

Figure C

The Always Notify level is like the default UAC in Windows Vista.

The Notification-Only level

The third level, as shown in Figure D, is called Notification-Only and works similarly to the default level except that the Secure Desktop is disabled. In other words, when programs try to make changes to your computer that require administrator-level permissions, UAC notifications will appear, but the desktop will not be locked down -- no dimming will occur and the desktop will be accessible. You will not see UAC notifications when you try to make changes to Windows settings that require administrator-level permissions.

Figure D

This level disables the Secure Desktop.

The Never Notify level

At the fourth level setting, designated as Never Notify, as shown in Figure E, UAC is completely disabled. You will never receive UAC notifications nor encounter the Secure Desktop.

Figure E

You can disable UAC completely.

Administrator account needed

If you are logged on with a Standard user account and access the User Account Control Settings interface, you will only be able to select and enable the Always Notify level. If you select either the third or fourth levels, you'll see a warning message at the bottom of the window, as shown in Figure F. You'll also notice that the OK button is not accessible.

Figure F

When logged on with a Standard user account, you cannot select the third or fourth levels in User Account Control Settings.

What's your take?

If you've used Vista, chances are that this is the type of UAC that you've always wanted. What's your take on UAC?

TechRepublic's Windows Vista Report newsletter, delivered every Friday, offers tips, news, and scuttlebutt on Vista development, as well as a look at new features in the latest version of the Windows OS. Automatically sign up today!

About

Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.

31 comments
Striikor
Striikor

This still does not fix the UAC problem. Microsoft has restricted the unhindered use of programs I want to run. I should be able to 'trust' a program. For instance I have programs that insist be run as administrator to get them to operate. Unfortunately I map my MS Sidewinder X8 buttons in these programs. Mapping does not work if the program is 'Run as administrator'. The option we have all asked for is not insituted, 'trusting' programs. I should be able to say yes I always want to run this program. If the program is changed prompt me again but don't prompt me every friggin' time. I have 32bit programs that run fine but must be run as administrator also. Personally it amazes me how they missed the point after all the howling and research on the reception of UAC in Vista. Microsoft, I neither need or want an electronic nanny. Give me back ownership and control of my computers. Let me specify what programs are safe.

LocoLobo
LocoLobo

As opposed to a malicious program operating from the web? At home the UAC won't allow me to even move or delete a nonsystem file without going through 2 or 3 dialog boxes. Makes it difficult to organize my stuff. So I disable it half the time. To be honest, I do like to have 1 warning when permanently deleting something. (Are you sure?) Beyond that is just irritating. Changes to windows settings? Go ahead and bug me, once. Installing new programs? If the keyboard and mouse got me there, (not an auto program from a website) then let me go. Is that possible? Most home users are their own administrators. If they find the safety procedures too complex or annoying they will bypass them. Which puts them right back where they were before the nice new features.

The Bird
The Bird

I actually experienced problems with this while using Crossloop. It took forever to make the changes as a user because unless the host user was there to select "Continue", I'd be disconnected everytime. Obviously I had asked him to logon with administrative rights, however he didn't setup his laptop and didn't know the password. So my point is that the UAC option seems to disconnect a remote desktop user as well, so be sure to tell your clients to note these necessary changes, too.

bill.gorman
bill.gorman

Not very different from the way Ubuntu Linux works

jules21966
jules21966

I think that this is going to be a much needed and wanted feature. I love using Vista more so than any of the other OS's that I have used over the years. Just takes getting familiar with and setting things to your liking. Although I am leary of using anything that is in Beta form, I am rather anxious for the final release of Windows 7. I will keep reading and watching until it is out and go from there. Thank you. Julie

john3347
john3347

"This system will prevent unauthorized applications from automatically installing as well as prevent users from inadvertently making detrimental changes to system settings." I have asked this question a number of times and in a number of circumstances. HOW DOES UAC PREVENT "USERS FROM INADVERTENTLY MAKING DETRIMENTAL CHANGES TO THEIR SYSTEM"? If a user feels confident that they wish to go to a certain website, or to download a certain item, they check the UAC box to do so. They are just going to do that. If they had thoughts that they were going to a site or download that was going to "make detrimental changes", they would not have selected to go there in the first place. Now, if a "scout" made a recon to the site and came back and reported that the site you requested to go to was known or believed to distribute malware, that would be a totally different can of worms. This would only happen on rare instances and would be a really good thing. When this verification that you wish to do what you just indicated you wish to do (by a certain series of keystrokes or mouse clicks) is ONLY in response to a certain keystroke or series of keystrokes; how does that increase security?

garyu203
garyu203

With the new UAC if you go below the default setting, it also disables the gadget side bar.I do not like Microsoft making my decisions.

TooCool13
TooCool13

Maybe I'm missing something here not having tried the beta myself, but from the above example, it still looks like an All Or Nothing situation. Example... I installed Doom 3 on my sons pc running 64 bit Vista. Every time he tries to run it, Vista prompts for an admin password. Obviously, I'm not always going to be there when he wants to play his game and even if I was, that's extremely annoying. In the end, I was unable to find any method for stopping this behavior and eventually gave him admin rights. The Windows 7 examples above do not appear to address this issue. As an admin, I should be able to set a specific application to NOT notify/prompt for an admin password. Or if an admin password is required, then make it required ONCE per application, not on a per run basis.

adieatkins
adieatkins

This is definately an improvement over Vista's UAC, however I would like to see an option for trusted programs, such as AV etc.

boxfiddler
boxfiddler

MS appears to be trying to be 'all things for all users'. I think that I don't want UAC (among other things MS) in the first place. I prefer to choose my own tools. I also prefer not to have to find ways to disable more and more 'services' after a fresh install. That said, it is an improvement over Vista's implementation of UAC.

Mark W. Kaelin
Mark W. Kaelin

If you?ve used Windows Vista, chances are that this is the type of UAC that you?ve always wanted. What?s your take on the new Windows 7 Beta UAC?

acook
acook

If you talk your client through the necessary steps then you can get them to turn off UAC in accounts and then you dont get disconnected.

csmith.kaze
csmith.kaze

Why be leery? its fun to mess with stuff in testing! Of course if you don't have a spare computer or one that can't run vmware well, I can understand, but not doing it just because it is a Beta test? come on. all cool kids are doing it. :) on topic: I tried using UAC in all settings, and, like in Vista, it got shut the hell off. Sorry, but UAC is still not quite what it should. Having control of what is allowed and being able to whitelist programs from GP on a Domain is a must for us. as it is, UAC is still geared toward the home user and even there, the "click yes" forever syndrome is alive and well. User training should be a higher priority than UAC.

acook
acook

UAC allows you to run your pc's using admin permissions and then your alerted to any activity that needs admin rights, this stops things from getting changed or installed without a persons knowledge. Much better than running under an account with only user permissions and then having to log off and in as administrator to change or install a programme isn't it?. these people hit a nerve with me, their probably the ones with all the spyware and trojans on their pc's and then complain about how crap microsoft are because they click yes to anything and everything... Cant save some people from themselves..

melias
melias

Most users don't bother to read these pop-ups, they simply see "Yes" "No" and click Yes. That is why I sometimes go nuts when I see somebody who has MSN, Yahoo!, Google and somebody's brother in law's toolbar in EI, and about 3 inches of browsing space!

john3347
john3347

I didn't now that lowering the UAC slide disabled the gadget sidebar because I had already disabled the gadget sidebar before I got around to disabling the worthless UAC. Now if only I could disable AERO without completely losing control of my desktop. Windows Classic all the way! Been working for 14 years, why change now?

paulmck1
paulmck1

This shouldn't be that hard to accomplish. Microsoft didn't need to re-vamp their whole UAC. They just needed to add a few different features. An "Always allow this Program to Run" button for one example. There you go Microsoft. Instantly gratify MILLIONS of Vista users!

trichardson
trichardson

Right on... they stopped being programmers a long time ago. Bloated, Bloated, Bloated !

webmaster
webmaster

I will love not having to yell at UAC every time I go change some minute setting, or launch the MMC. ~DtD

trichardson
trichardson

Disable it in the registry ASAP. It is a bane to any IT persons existance.

ederkley
ederkley

I've actually left UAC on in Vista despite the occasional warning - it's a reasonable prompt but glad to see it can now differentiate between a human request and a program request. That seemed such an obvious ommission. In Windows 7 can you set the compatability mode for a program to require admin access (as in Vista) but then setting the new UAC slider to the second slot from the top means the software is effectively run as trusted? Does that work? If not, it definitely needs some Trusted Program option...even if it takes a power user to add it using powershell or something - as long as it's possible.

Striikor
Striikor

Look if UAC prompted once that would be fine. Many many business operations use programs not certified by Microsoft. These programs are perfectly safe. They run well on either Vista, Vista x64, Win7 or Win7x64. Yet everytime time on a regular basis the user is required to authorize running the program. In many cases even authorizing it or running as adminstrator allows only impaired operation. In any case productivity is always impacted. Many of us run computers and systems in the real world and not the ivory Microsoft tower.

john3347
john3347

acook, I refer you to my post earlier in this thread. I challenge you to answer the question I proposed there. If, for example, you wish to download an application from TechRepublic downloads article how does a requiring couple of confirmations increase security. There is no statement or suggestion in connection with these confirmations that imply that there is a security threat. There is only an implication that there are threats "out there". You already had full knowledge that there were threats "out there" and if you did not have confidence that the site you seek was a safe one, you would not have gone there to begin with. conversely, if you feel a site might be dispensing malware, you are not going to be going there in the first place. UAC gives you no hint whatsoever whether the site might deliver something bad. That decision rests with the user - with or without UAC! Now explain to me how UAC increases security. John

dougtalk21
dougtalk21

If its that bad why are you using MS products at all ? In fact making any negative comment seems to suggest you are not real professionals in the first place. Being in this business means we make it work not moan about it !!!

corporalheff
corporalheff

The thing that aggravates me most about Vista's UAC is it's habit of resetting to the normal alarmist reaction after a reboot. That is, programs I have already allowed in UAC produce the "Arooga! Arooga!" Response from a panic-struck UAC which is a shade more annoying than the W9x "Are you sure you want proceed?" dialogue. If I (or other hapless Vista users, for that matter) have designated a program as OK to run, this situation is unlikely to change, simply because I have rebooted my laptop. This adds extra time to a reboot, detracting from productivity. Aha! My mistake...Vista was never intended to be used in a corporate environment. (sarcasm intended) Micro$oft has missed the point. AGAIN!

shryko
shryko

but it involves using the scheduler, and a custom shortcut... but if you're willing to send people to the powershell for a trusted program, I think the current workaround would fit your needs. and yes, it means that you'll have a shortcut that completely bypasses the UAC prompt and all the associated hassles, no matter the security settings.

adipur
adipur

All the pain you describe is so very true. Still, I don't understand, why don't you just throw this USELESS UAC out? Schulz described how to do this here some months ago. And SP1 seems to allow it from the control panel. No UAC - no useless pain. I did it more than a year ago and can tolerate my Vista after that.

john3347
john3347

It has been my understanding from the start that UAC DOES NOT work the way you describe. If it warned me that a website was about to run a script to install what appeared to be malware, I would be all for it. I would be a huge supporter. It doesn't do that though. It only notifies you that you are requesting to go to a site that may have such capability. Well nearly any site MAY have such capability, duh! If UAC could distinguish between those sites that may have a propensity to distribute malware from those who merely possibly have such capability, it would have some value. In other words, if it sent a "scout" to the website and found a likelihood that you would be receiving malware instead of just responding to a series of keystrokes, it would have some value. In your scenario above, you would have to have already given permission to go to the dubious site. It asks if you are sure you want to go there, not whether you want to allow the script. You already gave permission. Windows 7 beta, at some level of the slider, does have a window that reports that, "the current website is attempting to make changes to your computer, do you want to continue?", or something close to that, but my edition of Vista only asks - two or three times - "are you sure you want to do what you just said you want to do?" in response to a certain series of keystrokes.

acook
acook

Like I said in my post, you can't save some people from themselves. True if your going to go to a website that you knew was dispensing malware then your not going to help somebody who's going to click yes and procede anyway but to answer your challenge if you were at a website that you didn't know was dubious then wouldn't you like to know that the website was trying to run a script to install malware without you even knowing about it?, I'd call that added security wouldn't you?

john3347
john3347

dougtalk, I wish to take issue with you on your statement. If no one points out problems that exist with a product and only praise it in spite of items that could easily be corrected at the production level, we will forever be stuck with "Vista quality" in everything we do. In addition to this issue, the purpose of a beta product is to find problems with it so these problems can be corrected before production. Therefore, pointing out negatives in a product, especially beta products, is being productive. This forum is designed to discuss both positive and negative sides of an issue, so "negative comments", presented respectfully, are totally appropriate and do not mean that anyone does not (or should not) learn to work with the negative aspects of a product. Nor does it mean that we should not seek a product that is more perfect "out of the box". edited to correct punctuation

Editor's Picks