Administrator Marking for Command Prompt

Besides reducing the number of prompts, one of the top requests we’ve gotten is a way to identify whether a window (particularly Command Prompt) is running with reduced privileges. If you asked for this, too, you’ll be happy to know that when Windows Vista Release Candidate 1 comes out you’ll be able to tell.

When you run cmd.exe as an administrator...

 
“Administrator” will be pre-pended to the title bar of the window...

 
This is designed for scenarios where you have multiple command windows open and you want to know which ones are elevated. You will also be able to tell which ones are elevated by looking at the taskbar...

This functionality is not enabled for all programs, but we got feedback that Command Prompt needed it most. Overall, our user experience goals with regards to UAC are:

(a) A user should be running as a standard user all the time.
(b) Elevation should be rare and for a very short duration.

As a result of these goals, a user should not have to keep track of what is running elevated and what is running normal, as in general, there should be nothing running elevated all the time.

In our research, we have not come across many applications that have valid scenarios where they should be running normal and elevated on a continuous basis for long durations. Command Prompt is one such application that people tend to run continuously as normal as well as elevated to perform mostly script- or batch-oriented tasks.

Therefore, based on feedback received, and just for Command Prompt, we have made changes such that if Command Prompt is running elevated, its title will be prefixed with “Administrator:” to help a user distinguish between a normal and elevated CMD.

Even though we provide this facility, from a security point of view, our recommendation remains that you keep the elevated CMD on your desktop for as short a duration as possible so as to avoid any inadvertent changes to your computer without further UAC prompts.

Comments

• Anonymous
  August 01, 2006
  I (beta tester) prefer the Shield Icon instead of that long "Administrator: ", it's such a waste of space!

• Anonymous
  August 01, 2006
  Not a beta tester...  
  
  In XP Pro, I run with limited privileges but keep a prompt open with elevated privileges.  A batch file sets up the environment in that console window and that batch file sets the caption using the 'title' command.  Would 'Administrator:' go away or be prepended to the title that is set via a batch file?

• Anonymous
  August 01, 2006
  Why not colour the window (some shade of red perhaps, but of course this would not work too well for Classic or Aero Basic views) or add a shield icon as Licantrop0 suggests?

• Anonymous
  August 02, 2006
  In previous builds, it was possible to set a different background color for the elevated command prompt (that's much easier to recognize than just the little "Administrator:" text in the title bar).
  
  When I change the elevated backgorund color in 5472, the color also changes for the non-elevated prompt. Why did you make this change (or is this just a side-effect of other changes)? Please revert that change, different background colors are much better than just a text in the title.
  
  There's also no way to see if an explorer window is elevated.
  
  You should really consider making elevated windows easier to distinguish from non elevated windows, not just for cmd.exe, but fo rall windows.

• Anonymous
  August 02, 2006
  The problem though, and it's there even in 5472, is that processes that you run from that elevated command prompt do not get a full admin token; those apps still need UAC consent.  Other apps do not even run.
  
  One thing that I did all the time in XP was to launch another instance of Explorer.exe (or the control panel, control.exe) from that admin command prompt.  In Vista that no longer works -- typing control does nothing.  
  
  Running services.msc or other apps that need full admin brings up a UAC prompt.  
  
  If someone has an admin command prompt, then any processes run from it should have the full admin token, not the lower-level one.   They should also be able to open another explorer / control panel process as that full admin to do other tasks.
  
  --Oren

• Anonymous
  August 02, 2006
  The comment has been removed

• Anonymous
  August 02, 2006
  @onovotny:  BTW, when I run services.msc from an elevated command prompt, I don't get a UAC prompt - it just runs as admin.

• Anonymous
  August 02, 2006
  I really believe that you need to have an at a glance indicator for all windows of elevated processes.
  
  I understand that you consider most usage scenarios that have long running elevated processes to be detrimental to system security. They probablly are. Users will do what they want to/have to, however.
  
  It is annoying to confuse your elevated and non elevated instances of applications. I do it all the time to test dynamic app functionality based on current token.

• Anonymous
  August 02, 2006
  The comment has been removed

• Anonymous
  August 02, 2006
  Nice. I love UAC.

• Anonymous
  August 03, 2006
  Have to say I agree with those calling for all elevated applications to have some form of visual indication that they are indeed elevated. Couldn't they have some sort of glow effect, similar to the one on the min/max/close buttons, but all around the window frame?

• Anonymous
  August 04, 2006
  The comment has been removed

• Anonymous
  August 07, 2006
  The Windows Explorer does not have a title at all (Vista Aero) - could you put "Administrator" in its title bar when applicable? The stated intent is that it shouldn't be applicable -- the plan is to make Explorer a truly single-instance process, always running in the same non-admin security context. -- Aaron Margosis

• Anonymous
  August 09, 2006
  @onovotny
  
  With Windows Vista Explorer you don't need to open multiple instances because you have a tree view on the left.

• Anonymous
  August 10, 2006
  @Aaron Margosis: you reply that Text "Administrator: " also appears in taskbar, but why 2 icons can't appear in the same minimized window in taskbar?
  
  Where is all that WPF Microsoft is developing?
  
  I mean, something like this:
  http://img118.imageshack.us/img118/6181/admincmdru0.jpg
  (just a bad paint editing)
  
  Isn't really better?

• Anonymous
  August 10, 2006
  I just want to know what about the new UAC security policy"Only elevate UIAccess applications that are installed in secure locations"?
  
  Thanks a lot:)

• Anonymous
  August 11, 2006
  Earlier today a colleague was in my office and he sharing his experiences with Vista.  One of his...

• Anonymous
  August 11, 2006
  PingBack from http://systemcenter.wordpress.com/2006/08/11/uacblog-administrator-marking-for-command-prompt/

• Anonymous
  August 14, 2006
  UAC should be hard coded enabled i.e. it should be impossible to disable by a registry trick otherwise a malware can disable it and security become useless.
  Please don't allow UAC to be disabled.
  An idea should be makes some basic UAC functions hard coded enabled, and more advanced features optional.

• Anonymous
  August 14, 2006
  Hey,
  
  I like the idea from "Licantrop0" for an replacement or addition of the Shield Icon for an elevated command prompt!
  
  @Aaron Margosis and UAC team, why not set the Administrator marking for elevated cmd as default and give the users the option/ability to change this behavior in the settings. In order that you can set, that you want the Shield Icon instead of the Administrator marking, or additionally to the Administrator marking!
  
  So all users are happy and blind users/accessibility issues are supported.
  
  Thx in advance!
  
  best regards,
  
  PSchuetz

• Anonymous
  August 19, 2006
  The comment has been removed

• Anonymous
  August 19, 2006
  Hey Luca,
  
  hmm, but you can't protect it from change by an password requirement or something, or is this impossible?!
  
  Or you make it only selectable..(Between Administration marking and only the Shield Icon..!)
  
  If you hardcode both versions, and you can change the option only with an password or such thing, maleware can't change it!
  
  Thx in advance!
  
  best regards,
  
  PSchuetz

• Anonymous
  August 21, 2006
  ProgIDFromCLSID is getting failed for Administrator Marking for Command Prompt.
  
  To get an idea of issue,
  
  I have written a simple MFC appliaction with following code.When we open the vcproj file and run the appliaction from Administrator Marking for Command Prompt, pOleStr retruns as NULL.
   
  
  HRESULT hr;
  LPOLESTR pOleStr;
  CLSID clsid;
  LPOLESTR strCLSID = L"{7AABBB95-79BE-4C0F-8024-EB6AF271231C}";
  CLSIDFromString( strCLSID, &clsid );
  hr = ProgIDFromCLSID(clsid, &pOleStr);
  
  However, same code works fine for normal command prompt.
  
  Please note that I have also marked the appliaction with UAC manifest, but still ProgIDFromCLSID gets failed for Administrator Marking for Command Prompt.
  
   <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
     <security>
       <requestedPrivileges>
         <requestedExecutionLevel
           level="requireAdministrator"
           uiAccess="false"/>
         </requestedPrivileges>
        </security>
   </trustInfo>
  
  Could some body help me to find the casue of the issue?
  
  -Saurabh
  
  
  
  
   

• Anonymous
  August 24, 2006
  45645

• Anonymous
  August 28, 2006
  Very nice! Glad to see this in build 5563. :D

• Anonymous
  September 05, 2006
  The comment has been removed

• Anonymous
  September 05, 2006
  We’d like to thank all of the Windows Vista beta testers for using and giving us feedback on User Account...

• Anonymous
  September 07, 2006
  We’d like to thank all of the Windows Vista beta testers for using and giving us feedback on User Account...

• Anonymous
  December 10, 2006
  The comment has been removed

• Anonymous
  January 10, 2007
  If you try and install the Team Foundation Server Power Toys (or Tools) on a Vista machine, you may well

• Anonymous
  March 08, 2007
  how to run the cmd.exe without administrator privileges...