You can use TweakUAC to disable the Vista User Account Control (UAC) prompts while leaving its protection intact. TweakUAC is a boon to users of standalone and peer-to-peer networked Windows Vista systems, but it isn't a feasible solution in a domain environment.
In this edition of the Windows Vista Report, I'll introduce you to BeyondTrust Privilege Manager, an alternative for dealing with UAC in the enterprise.
Microsoft's endorsement of Privilege Manager
Microsoft has put a great deal of time and effort into creating UAC and convincing users and administrators to use it while tolerating the prompts for the sake of security. So it may seem odd that Microsoft is endorsing a product seemingly designed to circumvent UAC. However, it makes sense once you understand that, like TweakUAC, Privilege Manager simply removes the prompts while leaving all of the security provided by UAC in place.
This quote from Austin Wilson, Director of Windows Client Security Product Management at Microsoft, appeared in the press release announcing Privilege Manager 3.5 and its support for Vista's UAC:
"Microsoft recognizes that to help create a secure, auditable and compliant enterprise environment all users should be Standard Users and ideally not have administrative privileges or access to administrator passwords. BeyondTrust Privilege Manager helps corporations that need to allow standard users to run applications that require administrative privileges on Windows Vista with UAC enabled without any prompts or input required from the user. I am pleased to see third-party security vendors such as BeyondTrust improve what is already our most secure business client OS, Windows Vista. The combination of elevating approved applications transparently with Privilege Manager and running UAC in no prompt mode with Internet Explorer in protected mode provides a best of breed solution to the least privilege problem."
You may read between the lines and assume that this endorsement is Microsoft's way of admitting that UAC was a mistake, but I'm not sure that it is. I think it's Microsoft's way of recognizing an innovative approach to working around a side effect of UAC's goal of improving Vista's security.
How Privilege Manager works
Privilege Manager works through Group Policy, allowing administrators to use security policies to control how and when UAC operates. By using Privilege Manager and Group Policy, you can decide which application or operation to authorize and when to elevate privileges. This happens behind the scenes, so to speak, without the UAC prompt and without the end user being aware that anything out of the ordinary is occurring. All of the security features the UAC provides are still in place, protecting the system from inadvertent or malicious activity.
By design, Privilege Manager provides Least Privilege Management solutions to pre-Vista Windows networks, so you can use Privilege Manager 3.5 in a mixed environment of Vista, Windows XP, and even Windows 2000 systems. With Vista and UAC, Privilege Manager-configured policies go to work before the UAC dialog box appears. With Windows XP and Windows 2000, such policies automatically elevate privileges for any authorized activity.
Demos and purchasing information
If you're interested in learning more about Privilege Manager 3.5 or any other offerings from BeyondTrust, check out the online demonstrations and Webinars on BeyondTrust's Events page. Pricing for Privilege Manager starts at $30 per seat. You can also investigate the Free Evaluation version.
Do you think Privilege Manager is right for you?
Do you think it's likely that you'll download Privilege Manager 3.5? Post your thoughts in this article's discussion.
Don't miss a thing!
Delivered each Friday, TechRepublic's Windows Vista Report newsletter features tips, news, and scuttlebutt on Vista development, as well as a look at new features in the latest version of the Windows OS. Automatically sign up today!
Greg Shultz is a freelance Technical Writer. Previously, he has worked as Documentation Specialist in the software industry, a Technical Support Specialist in educational industry, and a Technical Journalist in the computer publishing industry.