Share via


UAC Improvements in Release Candidate 1 (RC1) and Video

We’d like to thank all of the Windows Vista beta testers for using and giving us feedback on User Account Control. It’s definitely an area where we’ve received significant feedback, and an area where we’ve been able to make significant improvements in Windows Vista Release Candidate 1.

On June 1, Steve Hiskey, Lead Program Manager for the User Account Control, blogged about the team’s plan to reduce the prompts in RC1. We’ve created a video to show you some of the work the team has done since then.

> Watch video

Prompt reductions shown in the video:

  • File operations, reducing the prompts caused by adding, deleting, or editing files in protected directories. For example, administrators can delete shortcuts from the public desktop without receiving a prompt. And the user should no longer receive a prompt when copying files to a newly formatted storage drive.
  • Re-architecting several Control Panel applets so that they no longer prompt when opened. Examples include the Firewall applet, Scanners and Cameras applet, and the Software Explorer of Windows Defender.
  • Reducing prompts when creating new network connections.

In addition to the prompts in the video, users can install high-priority updates without a prompt, and will receive fewer prompts caused from unknown devices and driver installation. Based on these changes, we are finding that, on average, users are not receiving any prompts most times that they use Windows Vista.

Other improvements besides prompt reduction that we’ve made to Windows Vista RC1 are:

  • UAC prompts will not “steal focus” from the user’s task. If the operating system cannot determine that the prompt was generated from the foreground window the current user is using, we will alert the user with a highlighted operation in the taskbar that an application is requesting elevated privileges. The user can select to elevate at his or her convenience and not be disrupted by an unplanned application elevation.
  • Elevations are now blocked in the user's logon path. Applications improperly elevating during each and every logon were a significant source of feedback from the Beta 2 release, and based on that feedback, we are disallowing elevations during logon.
  • Improved performance when switching to the secure (dimmed) desktop to display the prompts. We received significant feedback that the small delays during switching were disruptive, and we have worked with the video and display teams to enhance the user experience in this area.

If you’ve used an earlier version of Windows Vista, we are confident that you’ll notice the improvements in RC1. If RC1 is your first chance to use Windows Vista, you’ll probably wonder what all the fuss was about.

- Alex Heaton
Windows Vista Security

Comments

  • Anonymous
    September 05, 2006
    Nice to see that feedback is being used well...

    In fact it seems removing prompts is on your mind a little too much. Should't

    "administrators can delete shortcuts from the public desktop without removing a prompt."

    actually say

    "administrators can delete shortcuts from the public desktop without >>receiving<< a prompt."

    :-)
  • Anonymous
    September 05, 2006
    The comment has been removed
  • Anonymous
    September 06, 2006
    PingBack from http://www.themillerexperience.com/?p=5
  • Anonymous
    September 06, 2006
    One of the areas of Windows Vista on which we've received the most feedback is User Account Control (UAC).&amp;nbsp;...
  • Anonymous
    September 06, 2006
    Here's more feedback: when blogging, it helps to say things that are true, and not say things that are not true.  Take, for example, your statement "We received significant feedback that the small delays during switching were disruptive".  The word small carries a clear implication that that the delays are unimportant.  When your team wrote the feature, you probably thought that they were.

    However, once you got feedback about the feature, it's clear that it's not a small delay.  Overwhelming, everyone I know who's seen it thinks that it's a big delay.  Clearly other people think so to ("significant feedback").

    Ergo, a true statement would be: "We received significant feedback that what we hoped would be small delays during switching were in fact too long and disruptive"

    There!  A true statement!  One that you can write and be satisfied with!  Even better, by being more humble, and by acknowledging that your customer feedback is important, the new statement reflects better on Microsoft than the original.

  • Anonymous
    September 06, 2006
    In RC1 has it been made so that you can disable the UAC, without the red shield prompt to irritate the user? If not will this be something that could be utilized in a future release? For me, I am the only user on my computer and I find that the UAC is nothing but a pure aggrevation. I would like to disable this feature without getinng a red shield or any other "alerts" that it is off.

    Thank you

    Jonathan  
  • Anonymous
    September 06, 2006
    Can you make standard user as default at the end of installation? Because I think many people continue to use admin user as default.
    At the end of installation you require administrator password and to make an standard user and use it as default
    Thanks for all
    Maurizio
  • Anonymous
    September 06, 2006
    As you may have heard by now, Windows Vista Release Candidate 1 (RC1) is complete! See the announcement...
  • Anonymous
    September 06, 2006
    UAC still needs a lot of work. Deleting items still yields too many prompts (with the confirm on delete option set in recycle bin), there is a total that could be up to four different prompts.
  • Anonymous
    September 06, 2006
    With some of the work that is still needed. Make an option to allways allow source to run. I am connected to a SBS2003 machine as many of my clients are, when logging on the server runs a setup program to configure the workstation. EVERY time I log on I have to accept the UAC prompt for the server setup program. Please allow me to trust it.
    Thank you
  • Anonymous
    September 07, 2006
    Vista RC1 Reaction Roundup

    ...
  • Anonymous
    September 08, 2006
    The comment has been removed
  • Anonymous
    September 08, 2006

    Would COM elevation using InvokeAs idiom without registry entries (registration-free COM object) be impossible?

    UAC Elevated moniker still requires registry entry and does not seem support manifest-based COM.

    It seems like COM-based approaches for UAC-friendly applications is best options for ISVs. If manifest-base isolated COM objects are also supported, it would be great for both developers and IT administrators for application deployment.

    Is there any particular reason that it is not feasible?
  • Anonymous
    September 09, 2006
    I think UAC works much better in RC1 than in Beta 2. But there is still work to do.

    I often recieve multiple warnings for one action. For example when I want to run a program directly after being downloeded via IE7, I get one warning from IE7 then from UAC.
    Or when I want delete a file which needs administrator previliges I get to warnings.
    Are there chances that this will be reduced to one warning each?
  • Anonymous
    September 09, 2006
    i still hate it... it asks me about everything to change...i dont like the idea at all...
  • Anonymous
    September 09, 2006
    The comment has been removed
  • Anonymous
    September 09, 2006
    It turns out that you guys disabled the 'serveradministrator' account when i upgraded to RC1. i could fix this by loading vista in safe mode which then allowed me to logon as the serveradministrator user and re-enabling the account.
  • Anonymous
    September 10, 2006
    PingBack from http://spyder.wordpress.com/2006/09/11/things-i-learnt-about-vista-this-weekend/
  • Anonymous
    September 10, 2006
    Andrew, yes we now disble the "built in administrator account" regardless of its name. http://blogs.msdn.com/windowsvistasecurity/archive/2006/08/27/windowsvistasecurity_.aspx.


    I want to understand what you were seeing when you said "i do not have anywhere to type in the password: ie you guys are not presenting me with a textbox to enter the password"

    what did the prompt look like? what did it say?

    - Alex
  • Anonymous
    September 10, 2006
    Jonathan, if you prefer not to recieve the red prompts from the Windows Security Center you can configure this using the "Change the way Security Center alerts me" link n the left side of the security center.
    - Alex
  • Anonymous
    September 10, 2006
    Thank you for a response Alex however the "Change the way Security Center alerts me" does not allow me to shut the UAC "red" shield off. It is only for updates, antivirus and firewall, disabling. I do like the concept of the UAC for those users that need it, however for me it is completely useless and I/we should be able to completely remove it without any "warnings" regarding it's disablement.
  • Anonymous
    September 10, 2006
    On RC1, when I enable the "Change the way Security Center alerts me" setting, I do not get the red security center alerts if UAC is disabled. The behavoir may have been different in early builds. Which build # of Windows Vista are you using?

    Also, I question the "however for me it is completely useless" statement. If you disable i, and run as an admin, all of your software will be running as admin too. And if a piece of malware is able to exploit a vulnerability in one of those programs, that maliscode code will be running with admin privelages as well. With UAC enabled, the programs you run will have standard user privelages, and will be more difficult to use in a serious exploit that could take over your computer. So please consider leaving it enabled.

    - Alex
  • Anonymous
    September 10, 2006
    I'll add to Alex's comments.  Many people believe they're protected from malware because they keep up to date on patches and don't browse "strange" locations.  The problem is that the criminals have gotten much more aggressive about 1) finding and exploiting previously unknown bugs in software (all software, not just Microsoft's), and 2) hacking into well-known and trusted web sites to exploit innocent victims.  If you're running as admin when you unknowingly get hit with one of these, the criminals will have absolute control over your system.  UAC will dramatically reduce the impact that this malware can have.
  • Anonymous
    September 10, 2006
    The comment has been removed
  • Anonymous
    September 10, 2006
    @Alex - here is a link to a picture that i posted on channel9

    http://static.flickr.com/89/238925965_37e6fe9951.jpg?v=0

    The link to channel9 is
    http://channel9.msdn.com/ShowPost.aspx?PostID=233655

    Thanks
    andrew
  • Anonymous
    September 11, 2006
    I just installed Vista Beta RC1 and decided to do a clean install. Everything with Vista is working great (so far), but when I went to redownload Office 2007 Beta, it told me that Vista Beta RC1 users must come back at another time to get the Microsoft Office 2007 Beta Refresh. Am I missing something? The instructions for loading Vista RC1 did not say Office 2007 Refresh was not available. Can I still download the original Office 2007 beta program or do I have to wait for the Refresh to come out for download? Had I known it was not ready, I would have waited to install the Vista RC1 upgrade. Any ideads or suggestions would be greaty appreciated.


    **Note: for anyone who plans to do a clean install-- if you plan to use the Office 2007 beta, they are now charging $1.50 per application for the download; AND the REFRESH is not currently available.
  • Anonymous
    September 11, 2006
    The comment has been removed
  • Anonymous
    September 11, 2006
    Well when this gets fixed, I'll be happy. :)

    https://connect.microsoft.com/windows/feedback/ViewFeedback.aspx?FeedbackID=189457
  • Anonymous
    September 11, 2006
    The comment has been removed
  • Anonymous
    September 11, 2006
    I would like an option to keep opened the details shown during a UAC message without needing to expand every times.
    I mean the Details button: http://static.flickr.com/89/238925965_37e6fe9951.jpg?v=0
  • Anonymous
    September 12, 2006
    Hi Guys

    Loaded a clean RC1 64 bit install onto my amd shuttle. Graphics fantastic , everything seemed to work until i tried to run a session from the PDC under IE7. I got prompted that the add-on 'Microsoft Office Animation Runtime' was required - so i clicked install active-x and your lovely UAC permission prompt appeared.Pressed Continue and then pressed install on the Security warning messagebox. The messagebox cleared and i was brought into windows messanger.On pressing play i again got the UAC prompt. I pressed Continue and the first slide appeared.Subsequently every time a new powerrpoint slide is about to be displayed up comes the UAC prompt and it doesn't make any difference if I presss 'Continue' or 'Cancel' the next powerpoint slide is displayed anyway.

    As you can imagine after about 20 clicks - i was getting slightly upset. I admit it - i succumbed to the inevitable and decided to turn off the UAC. Which maybe you guys have made too easy to do.

    I Restarted the pc and again went to view the pdc session. This time on accepting the prompt to install the active-x i was brought to the Microsoft download center and downloaded the powerpoint animator add-on.As you'd expect , everything worked swimingly from then on.

    Then I got this guilty feeling that as you guys have put so much effort into the UAC - i should really give it another shot. I turned on the UAC again and restarted the pc.

    When I re-ran the pdc session everything worked as it should.

    If the beta refresh of Office had been available - the active-x would probably have been loaded with office ....

    Now there's a thought.

    Keep up the good work - i appreciate that this is trial software and must be fully tested. I hope this was of some use to you guys.

    P.S. just to confirm i ran into the same problem with a 32 bit install.
  • Anonymous
    September 13, 2006
    Funny thing... I went to the forum where this was posted (http://forums.techarena.in/showthread.php?t=585060) and it looks like you're the only one ready to sue Microsoft over this. Good luck with that; hope you have a lot of resources at your disposal. Especially when it's shown in court that you had the option to turn it off but didn't use it.

    By the way, please learn English. Thank you.
  • Anonymous
    September 25, 2006
    PingBack from http://beta.amanzi.co.nz/2006/09/26/vistas-uac-falls-short-of-promises/
  • Anonymous
    December 19, 2006
    I am running Windows Vista and GP 9.0. Upon installing SP1 for GP 9.0, installation seems running fine, but it will never take effect and the release version will keep showing 9.00.0114 rather than 9.00.029 I beleive with the SP updates.