I have a confession to make. I’ve left UAC on on every single Vista machine I’ve used since using it as my primary OS in mid-2006 (Vista beta 2). On all but one of those machines I also run as a standard user without any specail permissions. Is UAC + least privilege a huge waste of time? It sure does seem so. Am I just slow to have taken this long to realize this? There has been sooo much vitriol and chest thumping about UAC it is hard to find any balanced discussions of it, and the impact of it on people who are already doing the right thing.
Comments
x
Doesn’t UAC provide the credential UI for easy runAs for admin tasks?
If you’re used to using RunAs, maybe there’s no added value, but having a "Gimme admin creds" prompt would seem like a benefit.
Or did I misunderstand what UAC is (isn’t it CredUI (std user elevation) ConsentUI (admin Continue))?
If you’re used to using RunAs, maybe there’s no added value, but having a "Gimme admin creds" prompt would seem like a benefit.
Or did I misunderstand what UAC is (isn’t it CredUI (std user elevation) ConsentUI (admin Continue))?
19/07/2008 9:35:00 PM
it’s probably overkill that we use it when we’re already inside a highly (highly) protected network and we never click things we shouldn’t etc.
The only advantage i see is that for MicroISV purposes it’s good to understand the least privilege point of view.
lb