Talk:User Account Control

From Wikipedia, the free encyclopedia

	This article is part of WikiProject Microsoft Windows, a WikiProject devoted to maintaining and improving the informative value and quality of Wikipedia's many Microsoft Windows articles.
B	This article has been rated as B-Class on the assessment scale.
Mid	This article has been rated as mid-importance on WikiProject Microsoft Windows's importance scale.

To-do list for User Account Control:	edit · history · watch · refresh
ActiveX installer service Administrator command prompt Elevation blocking during logon Application/setup program requirements. e.g.[1] Windows Update integration (mentioned here [2]) Parental Controls integration (here [3])

--- The concept was first introduced in Apple OS X, where a user with a limited account could type in an administrator password and continue installing software or making changes to system preferences. ---

I highly doubt this statement is true. —The preceding unsigned comment was added by Ephogy (talk • contribs) 16:04, 1 February 2007 (UTC).

Actually, OS X's system is derived from Unix, where root/user separation has been around since... forever, so you're right, the statement's not true. Windows Vista (NT 6) is just late to the party. 202.89.153.10 02:30, 5 February 2007 (UTC)

Good that was cleared up. But another thing. Under 'similarity to other operating systems': I don't know how Ubuntu works but the Apple Authorization Services do not AFAIK work through sudo. They wouldn't need to and that would only introduce a further element of risk. And redundancy.

I think this would be fair...

"The concept was first introduced has been implemented since 2001 in Apple OS X (10.1 Puma), where a user with a limited account could type in an administrator password and continue installing software or making changes to system preferences." 64.9.19.2 16:07, 16 February 2007 (UTC)

I don't think it should be in there at all. It's not important what Apple has done with this concept. If they had invented it, or Microsoft had claimed to have copied the idea from them, then it would make sense to include it. Since this is not the case, mentioning that Apple has done it makes no more sense than mentioning any of the hundreds of other OSs that do something similar. - 24.10.95.220 19:24, 24 February 2007 (UTC)

I think it should be in there. It doesn't matter that they don't claim to be the first with this. As this an encylopedia it should also give some background about the technology. Stating where this comes from gives credits to the original inventors of this idea. 89.98.157.119 21:19, 26 February 2007 (UTC)

Exactly. Without talking about sudo, this article would make it sound like we should be grateful to Microsoft for coming up with this innovative new feature. In reality, it's not an original concept, and so we ought to mention that. —Remember the dot (t) 21:49, 26 February 2007 (UTC)

And is there any evidence that this idea originated in sudo and not in something else? We don't have to sound grateful to the Linux/OSS community if they don't deserve the credit either. We could just say nothing about it. iamthebob^{(talk|contribs)} 05:30, 27 February 2007 (UTC)

You really are getting a bit ridiculous and tiresome at this point. You don't have to ask such questions - you can do like all good researchers (including those who work on encyclopaedias) and find the answers yourself. —The preceding unsigned comment was added by 62.1.220.135 (talk) 22:48, 7 March 2007 (UTC)

I think it's pretty clear that the idea came from the sudo command. If you read Security Features vs. Convenience you'll learn that Microsoft originally was going to have the user re-enter their password at the UAC prompt, similarly to Ubuntu's gksudo interface. It's inconceivable that Microsoft would have independently come up with the idea when it had already been present in other operating systems for years. —Remember the dot (t) 05:36, 27 February 2007 (UTC)

Prior to the onslaught of viruses and worms Microsoft would never have considered temporary privilege escalation. They didn't worry about privileges at all. Cutler's API for NT includes use of access tokens but once inside attempts to bridge past these tokens usually take the form (for admins) of assuming ownership of resources owned by the system (SYSTEM account). There is no way for an NTx users to pose as another user; there is no viable usable 'root' account; admins don't need those privileges as they can do anything anyway; yes it's a mess. sudo didn't start with Unix but it's an integral part of it today and if Microsoft are following the lead of Unix in establishing better access controls then it's obvious they're following the lead here. Ask yourself this: when is the first time you saw a privilege escalation dialog in Windows? QED. Several years ago Microsoft claimed to have invented the 'hard link' too. Microsoft steal a lot - they don't invent much. But we all know that so what's the big deal? —The preceding unsigned comment was added by 62.1.220.135 (talk) 22:48, 7 March 2007 (UTC)

Contents 1 Merge in Run as administrator 2 File & Registry virtualization 3 UAC configuration 4 Regarding the Idea that Windows 95, 98 and ME are multi user operating systems. They aren't. 5 Insert a "security shield" image 6 Question about ShellExecute call and flashing taskbar icon

[edit] Merge in Run as administrator

Are there any objections to merging in the article Run as administrator? This command is really just another aspect of UAC. When a user clicks "Run as administrator", the dialog that pulls up is titled "User Account Control". —Remember the dot (t) 06:11, 10 March 2007 (UTC)

Sounds like the right thing to do... no sense in duplicating effort. -/- Warren 06:14, 10 March 2007 (UTC)

I think I disagree - I think there's enough things on User Account Control's list of things to cover, that Run as administrator has merit as a separate article. I believe the concept that processes started by Administrators don't run as Administrators without this, is distinct enough from the idea that non-administrators can start processes as an administrator given an administrator password to not be the same. I also note su (Unix) and Unix security are separate. Further, the link to User Account Control, especially when it's a fully-developed page, may not make sense to someone who is just looking for a context-developing explanation of run as administrator as it may have simply been used in a sentence. As an example I note the current state of the GPS article. GPS has an exact meaning that's different to people - to some, it's a satellite network, to others it's that thing in their car. If a person who's never heard of a GPS receiver goes to look up GPS, he's overwhelmed with a single page detailing all kinds of technical information about "coarse acquisition codes" and L1 carriers and wide-area-augmentation-system, when really all he wanted to know was what that thing in his friend's boat was. Finally, the concept of "Run as administrator" isn't and won't only be unique to Vista, while User Account Control most certainly is. Run as administrator ought to be separate so it can cover the same concept as it relates to multiple operating systems. Reswobslc 18:11, 10 March 2007 (UTC)

This article is all about "Run as administrator" in relation to UAC. It doesn't focus on the general computer security concept. —Remember the dot (t) 19:17, 10 March 2007 (UTC)

You are right... but I am still not sure merging it with UAC gives the resulting redirect the right meaning. Run as administrator is an example of privilege elevation that happens to be part of Vista. If there is an article on Privilege elevation somewhere (under a different title, or we were to start one), redirecting there (and explaining relationship to UAC) would make more sense to me. Reswobslc 21:49, 10 March 2007 (UTC)

User:Remember the dot and I have it in mind to do pretty much exactly that. The tricky part is the naming, because there's no industry-wide term that describes this. See our talk pages for a discussion on potential names.... -/- Warren 22:47, 10 March 2007 (UTC)

We could essentially make up a title that encompasses the concept. There is no WP:OR problem with making up appropriate titles as there would be with making up article content. I've done it before - I made up the title Diaphragm spasm to describe "getting the wind knocked out of you" because I couldn't find anything better in use, and neither could anyone else. For this purpose, I would consider Privilege elevation, or perhaps Single-process privilege elevation to denote the common recurring theme among all of these - that a single process under a user's control is getting special perks. Reswobslc 00:33, 11 March 2007 (UTC)

Actually, WP:NOR says original research includes defining or introducing new terms. Thus, the title we choose should not imply that it is the authoritative term for the concept, and the title Diaphragm spasm is inappropriate.

Also, the article is going to focus on comparing the various methods. It will only include a short explanation of the concept.

Finally, "privilege elevation" sounds a lot like privilege escalation, which is quite different from what we're trying to cover. Were we to use the term "privilege elevation", it's quite possible that readers would be confused.

For these reasons, I stand by Comparison of privilege authorization features. —Remember the dot (t) 00:50, 11 March 2007 (UTC)

If you're so sure Diaphragm spasm is inappropriate, then walk the wiki-walk (instead of talking the talk) and move the page to the more correct term. (There's got to be some Latin-sounding ouchus my lungus hurtus-ish phrase out there that fits that's officially correct). Secondly, if you're saying what the article will be, and that it will be a comparison, that sounds to me like you plan to synthesize some original research... unless of course you can name that source that has already done that for you that you'll be referencing. That's all fine with me, but leave the merging of a non-OR article out of it. Reswobslc 01:39, 11 March 2007 (UTC)

OK. I redirected moved Diaphragm spasm to Getting the wind knocked out of you. To answer your other concern, we'll be citing reliable published sources, such as software documentation, in putting together a comparison of the various programs. —Remember the dot (t) 03:58, 11 March 2007 (UTC)

"Getting the wind knocked out of you" is not the right title because the encyclopedia isn't supposed to refer to the reader with the word "you". WP:MOS#Avoid second-person pronouns. A "better" title would be the medical word for it, other than a reference to a spasm of the diaphragm. Second, taking cited reliable published sources and using it to synthesize your own comparison and analysis is still original research. But don't let me stop you, go ahead and spend the time writing it. If it is what I'm guessing it is, then it can be nominated for deletion and considered from there. Reswobslc 05:08, 11 March 2007 (UTC)

The Manual of Style is a guideline. There are occasional exceptions, as in this case. If you know the medical term for this, feel free to go ahead and move the article to that title. But do not make up a term for it and imply that your term is authoritative. If you have an authoritative source that states that "diaphragm spasm" is indeed the correct term, then cite it. "Googling it", as you suggested does not constitute an appropriate citation.

Please read Wikipedia:Attribution#What is not original research? — We do not need to cite a source to say 2 + 2 = 4. The idea is to say "this program has this feature." "That program has that feature." "The two features are similar." For example, UAC runs in the secure desktop, graying the screen and preventing malicious applications from simulating keystrokes, movements of the mouse, etc. This behavior is well-documented. gksudo grays the screen and "grabs" the keyboard and the mouse, again to prevent malicious applications from simulating keystrokes and movements of the mouse. Again, this is a documented behavior. We do not need to cite a source to say that UAC and sudo behave similarly in this aspect. It's obvious that they are.

On a more general scale, we don't need to have a source that spells out that UAC and sudo exist for similar reasons. UAC exists to prevent applications from having administrative privileges unless expressly authorized. sudo exists to prevent applications from having administrative privileges unless expressly authorized. Do we really someone outside Wikipedia to point out that UAC and sudo are similar? —Remember the dot (t) 05:53, 11 March 2007 (UTC)

[edit] File & Registry virtualization

The section on File & Registry virtualization at Security and safety features new to Windows Vista is far more comprehensive than the one line on it that was in this article; so on the basis that that section is *supposed* to be a shortened summary of this article, I've copied it over to here (rephrasing the intro to read more technically with less fluff on the basis that this article seems to be aimed at a more technical audience that Security & Safety...). Simxp 23:03, 15 April 2007 (UTC)

[edit] UAC configuration

There are a number of things that can be configured about UAC. I would like to add these items with a short decription. Here is the list:

Behaviour of the elevation prompt for administrators in admin approval mode This options can be used to turn off UAC (no prompt), turn UAC on. UAC on comes in two tasts (default) prompt for consent or prompt for credentials.

Behaviour of the elevation prompt for standard users ...

Admin approval mode for the built-in administrator account ....

Detect application installations and prompt for elevation ...

Switch to the secure desktop when prompting for elevation ...

Only execute executables that are signed and validated ...

Run all administrators in Admin Approval Mode .... --Tom.fransen 17:56, 9 July 2007 (UTC)

[edit] Regarding the Idea that Windows 95, 98 and ME are multi user operating systems. They aren't.

Please read The Wikipedia article on Multi User operating systems. http://en.wikipedia.org/wiki/Multi_user

Multi-user is a term that defines an operating system or application software that allows concurrent access by multiple users of a computer.

Windows 95, 98 and ME did not have this feature, yes you could create two accounts so more than one person could use it and have different settings, but they couldn't both use the computer at the same time. This is not the same as being a multi-user operating system.

One of the significant things is that if two people are going to use the computer at the same time there has to be a way of dealing with conflicts, if two people want to open the same file and make changes then the OS has to have a way to resolve this, similarly if two people want to use the same resources the OS must be able to deal with this. These features were not present in the aforementioned OSs, the permissions model was very simple, there was read only, and not read only, the file system was not adeqaute for a multi-user OS. The multiple account feature in these operating systems was just a matter of profiles, it would save the settings of those individuals. There was still one account with super user rights, you could just laod a custom profile that would change the settings of the computer. With any login you could edit delete, move, delete. Perform admin actions that would affect the other users.

As such Windows 95, 98 and ME were not, are not and never will be multi-user operating systems.

So please stop changing the article to say they are.

Very little gravitas indeed (talk) 11:29, 6 December 2007 (UTC)

[edit] Insert a "security shield" image

An SVG image of the four-colored Windows security shield should be inserted into the page; it will help readers understand what is meant by the "4-color security shield symbol" mentioned in the section "Tasks that trigger a UAC prompt". Dragon 280 (talk) 21:48, 24 March 2008 (UTC)

If you need to know why, it's a dedicated image, rather than a small piece of a larger image. Dragon 280 (talk) 04:05, 9 June 2008 (UTC)

[edit] Question about ShellExecute call and flashing taskbar icon

The article talks about using ShellExecute() to get a new process running with admin privileges. It says that the elevation prompt will appear as a flashing icon in the taskbar unless an HWND is supplied. I believe that the opposite is true -- you get a flashing icon unless the HWND value is NULL. I've verified this on my machine, but I don't want to change it unless someone else can duplicate the behaviour. —Preceding unsigned comment added by 209.82.10.194 (talk) 22:58, 6 May 2008 (UTC)