Why UAC is the best thing that ever happened to Windows
by Mats Hellman on 04.Dec, 2009 under Server 2008 r2, Vista, Windows, Windows 7
You’ve probably heard, countless times, why the Windows UAC (User Access Control) is the worst function ever introduced in a Windows operating system. Today we’ll look at it from another point of view. I’m saying it’s the best function introduced in Vista and later. Why? Because it makes it easy to elevate your privileges without holding down the right CTRL button or looking for it in any menu. How? I’ll show you in a minute.
Using any operating system with administrative privileges is a bad idea. It doesn’t matter if your running OS X, Windows, Linux or something else. If you’re running your day to day tasks as an administrator(root) you’re not thinking straight. You should be using as little privileges as possible to get the job done, and here UAC does a beautiful job stepping in as a bridge into administrator land.
I run my Windows 7 as a ordinary user and have two separate administrator account for any admin work I need done. I haven’t had any problems running as a user since I started using Windows 7(never really used Vista that much). I can work efficiently as a user and elevate my privileges at any time if I need to.
UAC isn’t really there for the ordinary user it’s there to protect you as an administrator so you won’t make mistakes you might regret later. It makes you think about what you are doing, even if you are running as an administrator, touch something that’s crucial for the OS it will hit you with an prompt to remind you that this could have consequences. Find it annoying? Don’t. Use it, bend it to your will.
Using UAC to elevate privileges.
A typical situation is you start an installer and it asks you for the name and password for an administrative account. This worked long before Vista or Windows 7. But the great part with Windows 7 is that you can ask for elevated privileges REALLY easily.
Let’s take Active directory Users and Computers as an example. You can run it and browse your organizational units and you can se users without administrative privileges. If you need to open an account or reset a password you will have to elevate your privileges OR you can delegate the tasks to your restricted user or maybe even a co-worker who normally doesn’t work in IT(by creating custom MMC:s).
Anyway to elevate just hit the Windows Logo button, type Active Directory move to Active directory users and computers AND hit SHIFT+CTRL+ENTER. Instead of the program starting with your user privileges Windows tries to elevate and sees that your access token doesn’t have the required rights for this. So it shows you the prompt. Easy as 1,2,3.
This is something most corporate administrators are used to BUT I would like to see home users adapt to this workflow as well. In the example I used the builtin Windows search, but you can start up any program like this. Now that you have read how easy this is, PLEASE create an administrative user to use and remove administrative privileges from your normal account. I promise it will feel natural in a few days and you’ll be a lot safer using your computer.
Windows Server 2008 r2 free eBook
by Mats Hellman on 25.Oct, 2009 under Server 2008 r2, Windows
Microsoft press has released a free eBook on Windows server 2008 r2. Yes, free, free as in beer. It’s an introduction to Windows server 2008 in almost 200 pages. If you’re an IT Professional working in an Windows Server environment download the book and spend an evening reading. I’m sure you won’t regret it. All it cost’s is a click. You can download the book here.
