Nixadmins.net

You’ve probably heard, countless times, why the Windows UAC (User Access Control) is the worst function ever introduced in a Windows operating system. Today we’ll look at it from another point of view. I’m saying it’s the best function introduced in Vista and later. Why? Because it makes it easy to elevate your privileges without holding down the right CTRL button or looking for it in any menu. How? I’ll show you in a minute.

Using any operating system with administrative privileges is a bad idea. It doesn’t matter if your running OS X, Windows, Linux or something else. If you’re running your day to day tasks as an administrator(root) you’re not thinking straight. You should be using as little privileges as possible to get the job done, and here UAC does a beautiful job stepping in as a bridge into administrator land.

I run my Windows 7 as a ordinary user and have two separate administrator account for any admin work I need done. I haven’t had any problems running as a user since I started using Windows 7(never really used Vista that much). I can work efficiently as a user and elevate my privileges at any time if I need to.

UAC isn’t really there for the ordinary user it’s there to protect you as an administrator so you won’t make mistakes you might regret later. It makes you think about what you are doing, even if you are running as an administrator, touch something that’s crucial for the OS it will hit you with an prompt to remind you that this could have consequences. Find it annoying? Don’t. Use it, bend it to your will.

Using UAC to elevate privileges.

A typical situation is you start an installer and it asks you for the name and password for an administrative account. This worked long before Vista or Windows 7. But the great part with Windows 7 is that you can ask for elevated privileges REALLY easily.

Let’s take Active directory Users and Computers as an example. You can run it and browse your organizational units and you can se users without administrative privileges. If you need to open an account or reset a password you will have to elevate your privileges OR you can delegate the tasks to your restricted user or maybe even a co-worker who normally doesn’t work in IT(by creating custom MMC:s).

Anyway to elevate just hit the Windows Logo button, type Active Directory move to Active directory users and computers AND hit SHIFT+CTRL+ENTER. Instead of the program starting with your user privileges Windows tries to elevate and sees that your access token doesn’t have the required rights for this. So it shows you the prompt. Easy as 1,2,3.

This is something most corporate administrators are used to BUT I would like to see home users adapt to this workflow as well. In the example I used the builtin Windows search, but you can start up any program like this. Now that you have read how easy this is, PLEASE create an administrative user to use and remove administrative privileges from your normal account. I promise it will feel natural in a few days and you’ll be a lot safer using your computer.

No related posts.