JCooney.NET

Joseph Cooney's Weblog

My Links

Blog Stats

News

I work for:


see also:
Dominic Cooney
Patrick Cooney

Archives

Image Galleries

My GotDotNet Samples

LeastPrivilege vs. UAC - is there any point leaving UAC on if you run as a standard user?

I have a confession to make. I've left UAC on on every single Vista machine I've used since using it as my primary OS in mid-2006 (Vista beta 2). On all but one of those machines I also run as a standard user without any specail permissions. Is UAC + least privilege a huge waste of time? It sure does seem so. Am I just slow to have taken this long to realize this? There has been sooo much vitriol and chest thumping about UAC it is hard to find any balanced discussions of it, and the impact of it on people who are already doing the right thing. 

posted on Saturday, July 19, 2008 5:17 AM

Feedback

# re: LeastPrivilege vs. UAC - is there any point leaving UAC on if you run as a standard user? 7/19/2008 6:03 AM lb

works for me too JC.

it's probably overkill that we use it when we're already inside a highly (highly) protected network and we never click things we shouldn't etc.

The only advantage i see is that for MicroISV purposes it's good to understand the least privilege point of view.

lb

# re: LeastPrivilege vs. UAC - is there any point leaving UAC on if you run as a standard user? 7/19/2008 9:35 PM x

Doesn't UAC provide the credential UI for easy runAs for admin tasks?

If you're used to using RunAs, maybe there's no added value, but having a "Gimme admin creds" prompt would seem like a benefit.

Or did I misunderstand what UAC is (isn't it CredUI (std user elevation) ConsentUI (admin Continue))?

Title  
Name  
Url
Security Word (prevent comment spam)
Protected by FormShield
Comments