UAC Wrinkles

GadgetBuilder

New Member
Messages
9
Location
Newtown, CT
As background, I'm a long time XP Home user who moved to Win8 Pro 64 + Classic Shell about a month ago, so I'm still making the transition. Part of this transition is getting used to UAC...

I use a Kensington Expert Mouse trackball and this doesn't have 64 bit drivers. MS installed their default mouse driver so I added X-Mouse and programmed the buttons to simulate, as best I could, the original Kensington driver. This works OK except when UAC pops up -- the X-Mouse button mapping isn't used by UAC so I must remember to use the buttons as they were prior to mapping. UAC doesn't pop up that often but now I've installed Win8 on my wife's machine where she uses a regular mouse (its buttons don't change because they're not mapped) and I find I have to stop and think about which machine I'm on and which button to push. I don't understand why UAC ignores X-Mouse's button mapping, which works fine with everything else?

The other UAC wrinkle I've encountered is that a couple of my frequently used legacy programs cause UAC to pop up each time they're started. I use the Win7 trick of a scheduled task that is invoked directly to get around this which works but takes some time and effort to set up for each legacy program. So, I'm wondering if there's an easier way built into Win8?
 

My Computer

System One

  • OS
    Windows 8 Pro - 64 bit
    System Manufacturer/Model
    Homebrew
    CPU
    AMD 4850e 2.5Ghz
    Motherboard
    Foxconn A7DA-s
    Memory
    4GB
    Graphics Card(s)
    HD 6450
    Monitor(s) Displays
    HP ZR22w
    Screen Resolution
    1920 x 1080
    Hard Drives
    HyperX 3K 120GB SSD
    PSU
    Antec 380S
    Case
    Antec Sonata
    Keyboard
    IBM clicky
    Mouse
    Kensington Expert Mouse Pro - trackball
    Internet Speed
    12/1.5mb - ATT Uverse
    Other Info
    Built to be quiet with low power dissipation
The reason this doesn't work is that X-Mouse intercepts your mouse buttons and changes them. This is similar to a virus or malware trying to intercept a dialog and "approve" its own actions.

UAC opens the dialog in a different user context (technically called a Window Station) and mouse and keyboard messages are not allowed to cross this boundary to prevent viruses and malware from tricking it. This can be turned off, but you would be severely crippling the security of your system by doing so (effectively meaning any program could give itself administrator privileges).

Those programs require UAC approval because they are poorly written and require administrator privileges to run (or maybe not poorly written and just need a privilege not available to normal users). This is no different from Windows 7.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    CPU
    Intel i7 3770K
    Motherboard
    Gigabyte Z77X-UD4 TH
    Memory
    16GB DDR3 1600
    Graphics Card(s)
    nVidia GTX 650
    Sound Card
    Onboard Audio
    Monitor(s) Displays
    Auria 27" IPS + 2x Samsung 23"
    Screen Resolution
    2560x1440 + 2x 2048x1152
    Hard Drives
    Corsair m4 256GB, 2 WD 2TB drives
    Case
    Antec SOLO II
    Keyboard
    Microsoft Natural Ergonomic Keyboard 4000
    Mouse
    Logitech MX
UAC is the first thing i turn off after a fresh windows os install. It is the most annoying thing microsoft has ever produced. "Are you sure you want to run this file" Yes thats why i clicked on it. "You need to provide administrative priviliges." I am the damn admin. If you know what your doing, installing, and downloading, then uac is pointless. If i wanted to be treated like a little kid i would move back in with my mother lol.
 

My Computer

System One

  • OS
    Windows 8 Pro With media Center
    System Manufacturer/Model
    Self Built
    CPU
    Intel Core 2 Quad Q8300 @ 2500MHz
    Motherboard
    Gigabyte EP43-UD3L
    Memory
    4096MB (2 x 2048 DDR2-SDRAM)
    Graphics Card(s)
    nVidia GeForce 8600 GT (512MB)
Except UAC shouldn't pop up under normal usage, and disabling it disables / breaks a lot of Windows 8 functionality. If you get annoyed by it, the question is what are you doing that you are constantly trying to write to the root of the C:\ drive, \Windows, \Program Files (or \Program Files (x86) ), anywhere other than HKCU in the registry?
 

My Computer

System One

  • OS
    Windows 8.1 x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7 4790K @ 4.5GHz
    Motherboard
    Asus Maximus Hero VII
    Memory
    32GB DDR3
    Graphics Card(s)
    Nvidia GeForce GTX970
    Sound Card
    Realtek HD Audio
    Hard Drives
    1x Samsung 250GB SSD
    4x WD RE 2TB (RAIDZ)
    PSU
    Corsair AX760i
    Case
    Fractal Design Define R4
    Cooling
    Noctua NH-D15
Except UAC shouldn't pop up under normal usage, and disabling it disables / breaks a lot of Windows 8 functionality. If you get annoyed by it, the question is what are you doing that you are constantly trying to write to the root of the C:\ drive, \Windows, \Program Files (or \Program Files (x86) ), anywhere other than HKCU in the registry?

It seems like it prompts for every other program you run. Not to mention i do a lot of tweaking. I also admit i do some not so legit things. But i dont need a guardian hanging over me. If i want to look in a certain folder or modify a certain file, i am aware i want to do it, and dont need to be pestered and slowed down with prompts. UAC is like government for windows. Also you say it breaks functionality. What functionality would that be exactly? UAC is just a scare tactic to keep people who dont know what their doing from messing up their pc.
 

My Computer

System One

  • OS
    Windows 8 Pro With media Center
    System Manufacturer/Model
    Self Built
    CPU
    Intel Core 2 Quad Q8300 @ 2500MHz
    Motherboard
    Gigabyte EP43-UD3L
    Memory
    4096MB (2 x 2048 DDR2-SDRAM)
    Graphics Card(s)
    nVidia GeForce 8600 GT (512MB)
UAC isn't like government for Windows - it's a security mechanism designed for the vast majority of users who aren't going to delve into areas of the system best left to the system itself, and also a mechanism to force developers to write applications that play properly in a LUA sandbox (which most do, nowadays, because of precisely UAC).

If Microsoft designed a system for users like yourself, rather than for the average user (or even the user who's just dangerous enough to know how to break the box, but not fix it), the average user's computing world would be a scary place filled with constant malware infections, and even more clueless users looking for help. Basically, we'd go back to Windows 3.x / 9.x days when the OS had no security and it was each and every one of us for ourselves, and we paid a pretty high price (comparatively) for a security suite to protect us, because the OS vendor didn't. I'm not willing to go back to those days :).

And functionality? For starters, completely disable UAC and then try to use a modern application. It won't work, at all. Also, note your browser now runs with high integrity and full system access, rather than in the untrusted appcontainer sandbox (which is even lower in rights than the "low integrity" sandbox that IE or Google Chrome ran in under Windows 7).
 

My Computer

System One

  • OS
    Windows 8.1 x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7 4790K @ 4.5GHz
    Motherboard
    Asus Maximus Hero VII
    Memory
    32GB DDR3
    Graphics Card(s)
    Nvidia GeForce GTX970
    Sound Card
    Realtek HD Audio
    Hard Drives
    1x Samsung 250GB SSD
    4x WD RE 2TB (RAIDZ)
    PSU
    Corsair AX760i
    Case
    Fractal Design Define R4
    Cooling
    Noctua NH-D15
UAC isn't like government for Windows - it's a security mechanism designed for the vast majority of users who aren't going to delve into areas of the system best left to the system itself, and also a mechanism to force developers to write applications that play properly in a LUA sandbox (which most do, nowadays, because of precisely UAC).

If Microsoft designed a system for users like yourself, rather than for the average user (or even the user who's just dangerous enough to know how to break the box, but not fix it), the average user's computing world would be a scary place filled with constant malware infections, and even more clueless users looking for help. Basically, we'd go back to Windows 3.x / 9.x days when the OS had no security and it was each and every one of us for ourselves, and we paid a pretty high price (comparatively) for a security suite to protect us, because the OS vendor didn't. I'm not willing to go back to those days :).

And functionality? For starters, completely disable UAC and then try to use a modern application. It won't work, at all. Also, note your browser now runs with high integrity and full system access, rather than in the untrusted appcontainer sandbox (which is even lower in rights than the "low integrity" sandbox that IE or Google Chrome ran in under Windows 7).

I guess i agree that without uac the common users group would have a lot more issues with viruses, mailware, and the sort. The point i was trying to convey is that if you know what your doing, uac is useless and a hastle, and doesent hurt to dissable it.

I have been compleetley dissabling uac since vista introduced it and have had no problem with modern apps. I use all the latest and greates and have never had any issues. Yes the browser is less secure, but again i have never had any issues. If uac is so great how did windows 3, 95, 98, 2000, etc live without it? You asked me what i was doing that uac bugged me so much, the better question is what are you doing that you need so much protection?

Im the same way with my phones, i want it rooted and to have full controll over everythig.

I dont know its just my opinion. :D
 

My Computer

System One

  • OS
    Windows 8 Pro With media Center
    System Manufacturer/Model
    Self Built
    CPU
    Intel Core 2 Quad Q8300 @ 2500MHz
    Motherboard
    Gigabyte EP43-UD3L
    Memory
    4096MB (2 x 2048 DDR2-SDRAM)
    Graphics Card(s)
    nVidia GeForce 8600 GT (512MB)
The point i was trying to convey is that if you know what your doing, uac is useless and a hastle, and doesent hurt to dissable it.
I'd disagree that a browser running anywhere but an appcontainer IS more than a hassle, and it does hurt to disable it, but it is your PC - if it's not an issue for you (yet), don't worry about it.

If uac is so great how did windows 3, 95, 98, 2000, etc live without it? You asked me what i was doing that uac bugged me so much, the better question is what are you doing that you need so much protection?
Given this statement I'm guessing you're a bit younger than I, and may not remember the absolute manhandling Microsoft took in the media and press right up until Windows XP SP2, when security was finally added to the OS. Prior to that, it was a pretty common view that Windows had no security, it was Microsoft's fault, and why didn't they just do something about it? Then they did, and users and IT folks alike complained that the security got in their way of "getting things done". It seems this will never change - security (almost) always comes at the price of usability.

As to why I need it? For instance, I might trust a website, maybe, but how much? Do I trust the ad networks they're using to host content (it's not like those never get hacked and used to serve malware)? What happens if active malware tries to hit the box, and manages to infect my PC via my user account? You can be as careful as you want, and in most cases, this will keep you safe. However, I take my PC to rather not-so-nice, security-wise, places for a living, and it's akin to having door locks but not using them because "I'm paying attention". I use the door locks, not because I don't trust myself, but because I don't trust others, and I take my "house" to some rather dangerous neighborhoods for a living.
 

My Computer

System One

  • OS
    Windows 8.1 x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7 4790K @ 4.5GHz
    Motherboard
    Asus Maximus Hero VII
    Memory
    32GB DDR3
    Graphics Card(s)
    Nvidia GeForce GTX970
    Sound Card
    Realtek HD Audio
    Hard Drives
    1x Samsung 250GB SSD
    4x WD RE 2TB (RAIDZ)
    PSU
    Corsair AX760i
    Case
    Fractal Design Define R4
    Cooling
    Noctua NH-D15
Thanks for responding Mystere. UAC remains somewhat of a black box for me but seems to provide additional security at the cost of some effort from the user.

Based on your info I poked around and my understanding now is that Secure Desktop is what prevents X-mouse from mapping the keys when UAC pops up. This makes some sense although I believe X-mouse was approved with administrative privileges so it seems the system could trust it with little loss in security. It is what it is.

On the other wrinkle, making the user provide UAC approval each time a commonly used legacy program is invoked, seems to have been well known since Vista. I've been using the scheduled program trick to make these programs start without having to go through UAC approval each time I start the program. I found a couple helper programs that claim to make using this trick much easier:
UAC Trust Shortcut 1.0 and
Download UAC Pass 1.7a Free - Elevate a program without UAC being prompted - Softpedia

MS put a lot of time and effort into making legacy programs work in Win8 so I'd expect they'd have covered this wrinkle as part of that effort. But I haven't found how this should be handled by Win8 users so I'm wondering if either of the programs noted above would be a good way to automate this or if there's a better method that I haven't come across.
 

My Computer

System One

  • OS
    Windows 8 Pro - 64 bit
    System Manufacturer/Model
    Homebrew
    CPU
    AMD 4850e 2.5Ghz
    Motherboard
    Foxconn A7DA-s
    Memory
    4GB
    Graphics Card(s)
    HD 6450
    Monitor(s) Displays
    HP ZR22w
    Screen Resolution
    1920 x 1080
    Hard Drives
    HyperX 3K 120GB SSD
    PSU
    Antec 380S
    Case
    Antec Sonata
    Keyboard
    IBM clicky
    Mouse
    Kensington Expert Mouse Pro - trackball
    Internet Speed
    12/1.5mb - ATT Uverse
    Other Info
    Built to be quiet with low power dissipation
It depends on what the application is trying to do. However, in my experience in this area, the most common thing that "bad" applications do is to simply try to write to the root of the drive, \Program Files, \Windows, or to the HKLM registry tree every time they start, and this is one of the (many) things Microsoft is forcing developers to not do. It's OK on installation (and expected, even), but these locations are not databases for settings and as such any attempt to touch these locations WILL result in a UAC prompt - this is a remnant of the days when every developer wrote their app expecting the user running it to always be an administrator.

There are other things that can trigger a UAC prompt, but this is the most common. One interesting way (and my favorite) to see what exactly an application is doing is to download and run LUA BugLight, and allow it to run the offending application (unelevated, but logged in with an administrative account) and generate a report on all the things the application did that would have generated a UAC prompt. A lot of these behaviors can be "shimmed" with the AppCompat Toolkit to allow the app to run without needing to resort to being logged in as an administrator, or encountering UAC prompts when running the application. Obviously the real fix is to get the application updated or replaced with something designed for least-user access (LUA, hence the tool's name), but in the interim there are options.
 

My Computer

System One

  • OS
    Windows 8.1 x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    Intel Core i7 4790K @ 4.5GHz
    Motherboard
    Asus Maximus Hero VII
    Memory
    32GB DDR3
    Graphics Card(s)
    Nvidia GeForce GTX970
    Sound Card
    Realtek HD Audio
    Hard Drives
    1x Samsung 250GB SSD
    4x WD RE 2TB (RAIDZ)
    PSU
    Corsair AX760i
    Case
    Fractal Design Define R4
    Cooling
    Noctua NH-D15
Thanks for taking the time to reply Cluberti. My situation is that I have some legacy programs I've used for several years under XP so I trust them not to damage my OS. I could purchase updated versions but would like to avoid this because I'm used to the version I have, plus I'm retired so expense is an issue.

I have used the Win7 scheduled program trick to avoid having to provide UAC approval each time I run one of these legacy programs and this works well. But I have to look up the directions and plug through them each time I add a legacy program to ensure I get things right, so it takes a while.

I'm unsure whether I've missed a facility built into Win8 to simplify having it remember that it's OK to run designated ill behaved programs. Or, if this isn't provided, are either of the programs I mentioned above reasonable ways to simplify accomplishing this? Is there a better way than any I've found?
 

My Computer

System One

  • OS
    Windows 8 Pro - 64 bit
    System Manufacturer/Model
    Homebrew
    CPU
    AMD 4850e 2.5Ghz
    Motherboard
    Foxconn A7DA-s
    Memory
    4GB
    Graphics Card(s)
    HD 6450
    Monitor(s) Displays
    HP ZR22w
    Screen Resolution
    1920 x 1080
    Hard Drives
    HyperX 3K 120GB SSD
    PSU
    Antec 380S
    Case
    Antec Sonata
    Keyboard
    IBM clicky
    Mouse
    Kensington Expert Mouse Pro - trackball
    Internet Speed
    12/1.5mb - ATT Uverse
    Other Info
    Built to be quiet with low power dissipation
Back
Top