Actually, UAC elevation is explicitly discouraged for Business and
Enterprise settings. Only home users should really be mixing up admin and
standard user tasks, with the majority of their daily work done as a
standard user. Businesses should have most of their users always running as
Standard Users and only have special admin accounts have admin rights.

Most of the pain of UAC goes away when applications are updated to work
correctly without demanding full admin rights (which they really do not need
99% of the time, and the 1% they do need can be done other ways). This is
obviously a long-term investment, but until UAC was on by default most
application writers would continue to ignore the inherent security risks and
not support the more secure mode (see Windows XP LUA). The Windows logo
programs are pushing vendors and applications to get updated, and over time
more of them will be. UAC elevation is still around to get old stuff to work
as needed.

There are things that can be done to the Windows shell experience to make
UAC easier, some of which were done in SP1, but mostly it's user habit and
lack of understanding that would cause a UAC elevation prompt to come up
"every 5 seconds". That's not to say teaching non-technical people technical
skills isn't difficult.

--
-Chuck Walbourn
SDE, XNA Developer Connection

This posting is provided "AS IS" with no warrenties, and confers no rights.

Chuck Walbourn [MSFT] wrote:

> Actually, UAC elevation is explicitly discouraged for Business and
> Enterprise settings. Only home users should really be mixing up admin
> and standard user tasks, with the majority of their daily work done as a
> standard user. Businesses should have most of their users always running
> as Standard Users and only have special admin accounts have admin rights.
>
> Most of the pain of UAC goes away when applications are updated to work
> correctly without demanding full admin rights (which they really do not
> need 99% of the time, and the 1% they do need can be done other ways).
> This is obviously a long-term investment, but until UAC was on by
> default most application writers would continue to ignore the inherent
> security risks and not support the more secure mode (see Windows XP
> LUA). The Windows logo programs are pushing vendors and applications to
> get updated, and over time more of them will be. UAC elevation is still
> around to get old stuff to work as needed.
>
> There are things that can be done to the Windows shell experience to
> make UAC easier, some of which were done in SP1, but mostly it's user
> habit and lack of understanding that would cause a UAC elevation prompt
> to come up "every 5 seconds". That's not to say teaching non-technical
> people technical skills isn't difficult.
>

My sentiments exactly. However there are still some
applications that require admin rights to register, winamp
and some burn stack software, ms office, publishers. These
then will work fine after the registration process on a
standard account.
Winamp, in addition , needs to sign the program modules, so
the nag about unsigned software will vanish.


--
Visit Family Radio Today
http://www.familyradio.com/

>>>Have you tried TweakUAC. It suppresses the UAC prompts but leave the
underpinnings of the protection UAC provides intact.<<<

David,

TweakUAC is misleading and your reply isn't exactly true.
It's best described by Ronnie Vernon MS-MVP and wish I had written this :>)

Quote:
This is a fallacy! If UAC cannot notify the user that a program is trying to
gain global access to the system, then it is effectively 'disabled'. This so
called 'quite mode' setting just changes a UAC registry setting to
'automatically elevate everything without prompting'. This means that when
you click to open a file, it is 'assumed' that you already know that the
file will have unrestricted access to your computer.

The main thing that UAC does is to detect when a program or application
tries to access restricted parts of the system or registry that requires
administrator privileges. When a program does this, UAC will prompt the user
for administrative elevation. Without this prompt, UAC cannot warn the user,
which means that it is effectively disabled.

Some people will tell you that using "quiet mode" will still let IE run in
protected mode, but this just isn't true. Without the UAC prompt, a
malicious file that runs from a website can run, without restrictions, and
silently.

Another issue is that with UAC prompt disabled, some legitimate procedures
will just silently fail to work properly, with no notification, if you are
logged on with a Standard User account, since the application cannot notify
you that administrative privileges are required.

Even the developer of the TweakUAC utility includes this statement about his
product.
"if you are an experienced user and have some understanding of how to manage
your Windows settings properly, you can safely use the quiet mode of UAC."
In my opinion, if you are an experienced user, the last thing you would want
to do is turn off the UAC notification.

If you 'are' an experienced user, then you would already know how to
temporarily bypass the UAC prompt to perform just about any procedure in
Vista, such as running programs from an elevated command prompt, or using an
elevated instance of windows explorer.

The last problem I have with this so-called 'quiet mode' is that it
dissuades developers from programming their applications to run in a least
user privilege environment.
End Quote

--
All the best,
SG

Is your computer system ready for Vista?
https://winqual.microsoft.com/hcl/

"David P." <dgprozzoLEAVE@bellsouthOUT.com> wrote in message
news:enmsl%23zmIHA.3400@TK2MSFTNGP03.phx.gbl...

> Have you tried TweakUAC. It suppresses the UAC prompts but leave the
> underpinnings of the protection UAC provides intact.
>
> "Swampthing" <Swampthing@discussions.microsoft.com> wrote in message
> news:10D46609-FD32-4E08-95DE-9CB57E2C6D5A@microsoft.com...

>>
>> --
>> Thanks from C-Swampthing.
>>

SNIPPED

Thanks for taking the time to post this! I will take it under advisement.

"SG" <sorry@nomail.com> wrote in message
news:#iB0mmFnIHA.1212@TK2MSFTNGP05.phx.gbl...

>>>>Have you tried TweakUAC. It suppresses the UAC prompts but leave the

> underpinnings of the protection UAC provides intact.<<<
>
> David,
>
> TweakUAC is misleading and your reply isn't exactly true.
> It's best described by Ronnie Vernon MS-MVP and wish I had written this
> :>)
>
> Quote:
> This is a fallacy! If UAC cannot notify the user that a program is trying
> to
> gain global access to the system, then it is effectively 'disabled'. This
> so
> called 'quite mode' setting just changes a UAC registry setting to
> 'automatically elevate everything without prompting'. This means that when
> you click to open a file, it is 'assumed' that you already know that the
> file will have unrestricted access to your computer.
>
> The main thing that UAC does is to detect when a program or application
> tries to access restricted parts of the system or registry that requires
> administrator privileges. When a program does this, UAC will prompt the
> user
> for administrative elevation. Without this prompt, UAC cannot warn the
> user,
> which means that it is effectively disabled.
>
> Some people will tell you that using "quiet mode" will still let IE run in
> protected mode, but this just isn't true. Without the UAC prompt, a
> malicious file that runs from a website can run, without restrictions, and
> silently.
>
> Another issue is that with UAC prompt disabled, some legitimate procedures
> will just silently fail to work properly, with no notification, if you are
> logged on with a Standard User account, since the application cannot
> notify
> you that administrative privileges are required.
>
> Even the developer of the TweakUAC utility includes this statement about
> his
> product.
> "if you are an experienced user and have some understanding of how to
> manage
> your Windows settings properly, you can safely use the quiet mode of UAC."
> In my opinion, if you are an experienced user, the last thing you would
> want
> to do is turn off the UAC notification.
>
> If you 'are' an experienced user, then you would already know how to
> temporarily bypass the UAC prompt to perform just about any procedure in
> Vista, such as running programs from an elevated command prompt, or using
> an
> elevated instance of windows explorer.
>
> The last problem I have with this so-called 'quiet mode' is that it
> dissuades developers from programming their applications to run in a least
> user privilege environment.
> End Quote
>
> --
> All the best,
> SG
>
> Is your computer system ready for Vista?
> https://winqual.microsoft.com/hcl/
>
> "David P." <dgprozzoLEAVE@bellsouthOUT.com> wrote in message
> news:enmsl%23zmIHA.3400@TK2MSFTNGP03.phx.gbl...

>> Have you tried TweakUAC. It suppresses the UAC prompts but leave the
>> underpinnings of the protection UAC provides intact.
>>
>> "Swampthing" <Swampthing@discussions.microsoft.com> wrote in message
>> news:10D46609-FD32-4E08-95DE-9CB57E2C6D5A@microsoft.com...

>>>
>>> --
>>> Thanks from C-Swampthing.
>>>

> SNIPPED

Althoug mentioned in SG's post - for "home users" the most important feature
of UAC is IE7 "Protected Mode" (Indicated lower right corner when active).

When downloading any item from the Internet which may affect system or
registry files, proteced mode creates "virtual systen and registry"
locations to first evaluate actions of downloaded items - if UAC consider
them safe then it provides access to the "real" system file locations.



"SG" <sorry@nomail.com> wrote in message
news:%23iB0mmFnIHA.1212@TK2MSFTNGP05.phx.gbl...

>>>>Have you tried TweakUAC. It suppresses the UAC prompts but leave the

> underpinnings of the protection UAC provides intact.<<<
>
> David,
>
> TweakUAC is misleading and your reply isn't exactly true.
> It's best described by Ronnie Vernon MS-MVP and wish I had written this
> :>)
>
> Quote:
> This is a fallacy! If UAC cannot notify the user that a program is trying
> to
> gain global access to the system, then it is effectively 'disabled'. This
> so
> called 'quite mode' setting just changes a UAC registry setting to
> 'automatically elevate everything without prompting'. This means that when
> you click to open a file, it is 'assumed' that you already know that the
> file will have unrestricted access to your computer.
>
> The main thing that UAC does is to detect when a program or application
> tries to access restricted parts of the system or registry that requires
> administrator privileges. When a program does this, UAC will prompt the
> user
> for administrative elevation. Without this prompt, UAC cannot warn the
> user,
> which means that it is effectively disabled.
>
> Some people will tell you that using "quiet mode" will still let IE run in
> protected mode, but this just isn't true. Without the UAC prompt, a
> malicious file that runs from a website can run, without restrictions, and
> silently.
>
> Another issue is that with UAC prompt disabled, some legitimate procedures
> will just silently fail to work properly, with no notification, if you are
> logged on with a Standard User account, since the application cannot
> notify
> you that administrative privileges are required.
>
> Even the developer of the TweakUAC utility includes this statement about
> his
> product.
> "if you are an experienced user and have some understanding of how to
> manage
> your Windows settings properly, you can safely use the quiet mode of UAC."
> In my opinion, if you are an experienced user, the last thing you would
> want
> to do is turn off the UAC notification.
>
> If you 'are' an experienced user, then you would already know how to
> temporarily bypass the UAC prompt to perform just about any procedure in
> Vista, such as running programs from an elevated command prompt, or using
> an
> elevated instance of windows explorer.
>
> The last problem I have with this so-called 'quiet mode' is that it
> dissuades developers from programming their applications to run in a least
> user privilege environment.
> End Quote
>
> --
> All the best,
> SG
>
> Is your computer system ready for Vista?
> https://winqual.microsoft.com/hcl/
>
> "David P." <dgprozzoLEAVE@bellsouthOUT.com> wrote in message
> news:enmsl%23zmIHA.3400@TK2MSFTNGP03.phx.gbl...

>> Have you tried TweakUAC. It suppresses the UAC prompts but leave the
>> underpinnings of the protection UAC provides intact.
>>
>> "Swampthing" <Swampthing@discussions.microsoft.com> wrote in message
>> news:10D46609-FD32-4E08-95DE-9CB57E2C6D5A@microsoft.com...

>>>
>>> --
>>> Thanks from C-Swampthing.
>>>

> SNIPPED

=?Utf-8?B?U3dhbXB0aGluZw==?= <Swampthing@discussions.microsoft.com> wrote
in news:10D46609-FD32-4E08-95DE-9CB57E2C6D5A@microsoft.com:

>

I tell everyone that buys a Windows Vista PC that when they get the UAC
prompt that's because something is about to happen that's going to change
your system. If you are installing a program then hit Continue, but if it
comes up and you're not sure, err on the side of caution and hit cancel.

I think UAC is a huge help, espically for home users, but that's just my
opinion.

--
-A.