See User Account Control in Action

  • Article

We created this video to show those who haven’t had a chance to try Windows Vista yet what User Account Control looks like and to demonstrate the benefits of running Windows as a standard user.

 

Start video.

 

This 12 minute video includes:

  • Introduction from Microsoft Security VP Mike Nash on the overall security improvement in Windows Vista.
  • Demonstrations from Windows Vista Security Director Austin Wilson that show the risks of running as an administrator, how UAC makes it easier on Vista, explanations on the different types of prompts, and a look at the progress we have made to reduce the number of prompts since the early beta versions.

To everyone who’s commented that it takes multiple prompts to delete a desktop shortcut, here’s proof that this will be changed in the RC1 build. (This is shown around the 11th minute of the video.)

We hope you enjoy this video and find it useful.

- The User Account Control Team

Comments

  • Anonymous
    June 09, 2006
    Great video! Keep up the good work for RC0.

  • Anonymous
    June 09, 2006
    Microsoft today published a video on Vista's controversial User Access Control (UAC) feature. Warning: Contains acronyms, depictions of violence against desktop icons.

  • Anonymous
    June 10, 2006
    I have some questions:

    Upgrading from XP to Vista, as an administrator user and without a password set, what will happen to my account?

    And will the invisible XP's"Guest" account be removed?

    Do you suggest to remain as administrator (to be able to bypass dialog boxes just clicking without inserting every time a password) or switching to a standard account anyway?

    And for example, today's XP programs that require an administrative account to be installed, will run if executed from a standard account? In Vista, of course.

    I have a bit of confusion ;-)

  • Anonymous
    June 10, 2006
    I like the ideas here from a security standpoint.  Changing it over to a "per-change" rather than "per-view" is a remarkably nice change.

    One question : why are you all 'shimming' the millions of insecure and unimportant applications, as opposed to the dozens of programs that actually need to be secure?

    It seems like it would have been easier to never check and allow people to install to a :/Program Files folder all they want, but have the important stuff in :/Windows/Program Files, and have that one require heightened security for.

    Same with Registry : have the Registry that progams would normally write to be replaced by a per-user one, and

    From what I've seen (and I know I'm not an expert) a vast majority of existing UACs occur not because the application actually NEEDS to access something beyond the initial user, but simply because the application's development team choose to affect things on a large scale rather than on a small one.  Why not build the operating system to fool them, rather than build traps outside the operating system on an individual basis?  I don't think we can change how every other company does their work - it'd be easier to change things inside Microsoft.

  • Anonymous
    June 10, 2006
    I hate this stupid feature

  • Anonymous
    June 11, 2006
    man, this is really news, lol. Linux has had it for years....

  • Anonymous
    June 11, 2006
    Any attacker who knows what they're doing is going to make sure that the Big Scary Red Warning doesn't appear on an elevation prompt, by signing their app. This does not make the attacker traceable; they can either take advantage of certification authorities' lax procedures, or break into some other developer's machine and steal their private key.

    IOW, the Big Scary Red Warnings are only going to appear for legitimate applications (and attacks by clueless script kiddies, and in marketing demos).

  • Anonymous
    June 12, 2006
    The comment has been removed

  • Anonymous
    June 12, 2006
    The first user account in Windows Vista beta2 is an administrator protected by UAC. But why not force to use a Standard user protected by UAC?
    Microsoft should force the users to create 2 accounts: Administrator with UAC + Standard with UAC. Only in this way there's a chance that
    many users will run Vista as Standard account.

  • Anonymous
    June 13, 2006
    The comment has been removed

  • Anonymous
    June 14, 2006
    Dear Gattsuro,

    I do not believe that the problem is that developers "choose to affect things on a large scale rather than on a small one".

    As I see it the problems with programs not running as non-administrator is that:

    1. The architects did a design based on one user per machine, e.g. placing per-user directories inside the program installation.

    Changing that takes a redesign of the program. Having to install every program for every user would be a major step backwards, and a shim must be adapted to the particular application to redirect specific directories/files in the installed program directory to a user-directory (or some form of generic shadowing).

    My experience is that given some time the programs can be redesigned.

    2. The developers made mistakes.

    E.g. as a standard user in XP I could not spell-check in Word in Works 7.

    The reason: some registry keys were opened for full access. (As I understand it the keys were just read).

    I still agree with "mudsfriend" regarding sandbox-installs.

    Best regards,
    Hans

  • Anonymous
    June 14, 2006
    The comment has been removed

  • Anonymous
    June 14, 2006
    The comment has been removed

  • Anonymous
    June 14, 2006
    To the Linux poster who claimed:

    "man, this is really news, lol. Linux has had it for years.... "

    Windows 2000's had it for years, too.  Only back then they called them 'Restricted Users.'  Still works today.

  • Anonymous
    June 15, 2006
    Running applications in a standard account is all very well, but even if it could be made to work perfectly for all apps, it still only addresses a small part of the problem. The main problem is that applications need to be protected from each other. An ACL-based system with a single account per user will always be vulnerable to one application tampering with or snooping on files used by another, against the wishes of the user.

    It is possible to solve this problem, and still allow files to be shared between apps when that is what the user wants, without introducing useless security prompts: see http://citeseer.ist.psu.edu/yee03secure.html

  • Anonymous
    June 15, 2006
    L'UAC (User Account Control) est l'une des nouvelles fonctionnalités de Windows Vista les plus controversées...

  • Anonymous
    June 28, 2006
    The comment has been removed

  • Anonymous
    January 28, 2007
    PingBack from http://www.errorforum.com/microsoft-windows-vista-error/6348-windows-vista-user-account-control-gone-wild.html#post8241

  • Anonymous
    February 14, 2007
    You are coming to a sad realization, cancel or allow?