New
#1
UAC - To be or not to be?
I find that the UAC control can be a bit overbearing, not sure if thats the best description but - would it make any difference if I shut it down???
I find that the UAC control can be a bit overbearing, not sure if thats the best description but - would it make any difference if I shut it down???
UAC is nice security feature, unless you install a lot of software, it should not be too bothersome. You can create shortcuts for system settings or software, which needs to be run with admin privileges, so you would not get any UAC prompts.
Create Elevated Shortcut without UAC prompt in Windows 10 Customization Tutorials
Interesting, so THATS how this you cant run this without admin privileges. The problems I have had with that over the months!!! If I had known it was UAC, I'd have nuked it ages ago. Cheers Tair'
Brinks' explanation seems a lot to do, think it would be easier to slam UAC into next week!!!
Would disabling UAC make a difference?
YES
In Windows 8 and later the slider in accounts control will not disable UAC. You need to do that in the registry. But then you would find that none of the modern Apps and a number of other things will not work. This is by design and not a bug. In the future there may be further limitations. The option to disable UAC was designed for exceptional situations, not for general use.
Then there are the security issues. Without UAC you will be running with a full time admin level account. Best practice with the NT platform has always been to use a standard account for general use, reserving the admin level account for when it was actually needed. That goes back to 1993 when security wasn't nearly the problem it is today. But UAC makes following that practice much easier than it once was.
Without UAC malware will be able to do pretty much whatever it wants, when it wants. And it won't ask for your approval. Don't assume your security software will keep you safe. It won't. Malware authors are experts at evading such protection and are getting quite good at it. With UAC enabled malware will more limited in what it can do. This can be overcome but it is another layer of protection.
Good security always consists of multiple layers. Any one layer may be circumvented while having multiple layers makes this more difficult. UAC is just one more layer, but a very useful one.
Security always has it's price. And not just with computers.
Personally I won't turn it off. It's there to provide protection. Sure, it can be annoying when you launch something that requires admin access and you have to click on Yes, but the benefit is that if you are running something like a browser and all of a sudden you click on a link and it tries to escalate to admin, you can tell it know and prevent something bad from happening.
At work, we all run as standard user accounts on our Windows boxes. We have a secondary account that is a member of the local admins group on the computer. But we are NOT allowed to log into Windows with that secondary account. We are required to use the Standard account and when something comes up requiring admin access, we have to enter in our secondary user account and password in the UAC box. As a Systems Engineer, I do an awful lot that requires admin access, but even so I still have to follow the rules and deal with the prompts. To gain access to a server, I have to RDP into a jumpbox, which prompts me for a username/password and then requires 2 factor authentication. Once on the jumpbox, I can then RDP from that location onto a server. If it something like a domain controller, I have to do 2 factor authentication again. But in the wake of all of the companies suffering data leaks, etc...it really should not be viewed as optional. It's a must today.
Leave UAC on, even if it protects you just 1 time, that should be enough.
LMiller and pparks, ok, will do as you say, and leave it. My impression of UAC was a parental thing, apparently its more than that, thank guys appreciate the input.
mine is on third notch, yes, I knew you could bottom it, which is what I meant by switching off.
Yeah, it's not a parental thing. It helps provide security by running all apps and tasks in the security context of a non-administrator account. This helps to prevent automatic installation of unwanted applications, and helps to ensure that something doesn't change your system settings on you. When you get to an app that requires more permissions than what is available to a standard user account you are greeted with the UAC prompt. When you click on Yes, you are basically elevating up to admin level credentials for the duration of that task, and only for that task.
As an example, if you launch Windows Explorer (Not Internet Explorer), right click on "This PC" and notice that Manage has the yellow and blue shield on it. This signifies a task that requires UAC acknowledgement to become an admin. Once you say yes, you have run Computer Management as an admin and can perform all tasks contained within as an admin.
But let's say that you launch something like notepad.exe. If notepad starts to open and then UAC pops up, it should leave you thinking "what in the world does this need admin access for, something here isn't right, I should say no". And by saying no, you prevent something bad from happening.
So it requires you to know as a user what you are doing. if you click on things you know require admin access, expect the dialog and say yes. However, if it pops up and you weren't expecting it, you might get concerned.