I just came across a website with this "writer" doing a couple of articles about Windows Vista's new feature called User Account Control (UAC). I won't bother to link to the site itself as the guy is clearly just trying to get people to visit by making incoherent arguments against UAC.

I say, I say, I say…when is an administrator not an administrator? When they’re a Vista administrator!


WTF!? Sorry mate on Windows Vista with UAC enabled, administrators have administrator rights (limited users need to provide an admin user and password), they just need to press "allow" on the UAC prompt for any application or setting that requires them.

This is done for a couple of reasons 1) most Windows users today run as an administrator user 2) it’s nice to know when something is writing to a system area.

UAC is one of those aspect of Vista which offers both great and highly annoying features. The concept behind it is sound – distance users from the OS, thereby protecting both the OS and the users themselves.

However, power users don’t want to be protected, don’t want to babysat, don’t want to be cut off from anything. They want full access, all the time, and if something breaks they won’t come crying to your door. They’ll take responsibility for the stuff-up and sort it out themselves. And for these people, UAC is the software equivalent of hearing a mozzie buzzing around in your bedroom when you’re trying to sleep. Personally, when I do a Vista install from now on for my own use, UAC is the first thing to go.

Right power users don't want to be protected. Fine - go to the Control Panel and turn it off. Simple, so what's the problem?

That's not all, the next article this guy wrote was bashing Vista because you could turn it off! Eh? This guy pulls out this bullshit:

What worried us with TweakVista was the tickbox to turn UAC off entirely. There was no protected desktop popping up to ask whether we REALLY wanted to do this – it was simply gone. End of story, goodbye.

Wrong. TweakVista would of prompted you for administrator privileges when it was executed. You need administrator rights to turn off UAC - which you gave it and then you complain because it turned UAC off after you told it to and gave it permission to run with administrator privileges.

What’s stopping a malicious app … say, a downloaded freeware game … from prompting the user for UAC authorisation during the install process and then getting into the registry and disabling UAC?

Nothing, because you've just given it administrator privileges. The administrator privileges you were going on about in your last article. If you allow an application full rights to the system it can do anything, hell disable UAC? Why bother with just that, go and nuke the Program Files and User directories.

That's why UAC is there, to ask you if you really want to give an application administrator rights. You press "allow" and its running as an admin and it can do whatever it likes.

If anything user or application (not that there is any difference because an application can simulate keyboard presses and mouse clicks, which is why UAC runs in a protected mode like the CTRL+ALT+DEL login) the Security Center will inform you that UAC has been disabled.

This isn’t too surprising really. It confirms what we have come to suspect about UAC – it’s very useful for standard users and totally useless for power users/administrators. If you have to grant admin privileges to a setup process to allow installation, and from there it can do whatever it wants, UAC hasn’t actually protected you at all.

It isn't UAC's job to decide if a program running is doing bad things or good things (like anything could decide for all circumstances). That's down to things like anti-virus software. UAC is telling you this application wants administrator rights, do you want to allow it those rights or not. It puts you in control of your machine, nothing can run without you telling it to.


So what's the problem? You start off by saying UAC is annoying, then you start moaning by saying you can turn it off (would you rather an annoying thing be forced on?), then you start going on about applications can do anything when they have admin rights, surely that's the point of having administrator rights? Isn’t that what you said right at the start Mr Power User?