All of that nonsense can be eliminated by running UAC in “quiet” mode.
[color=blue]
> "Alan Simpson" wrote:
>[color=green]
>> Well said Jimmy. But just a couple minor additions. Using a computer in a
>> limited account for day-to-day stuff has been a security "best practice"
>> for
>> many years, and totally ignored outside the corporate environment for
>> just
>> as many years. Basically Vista makes that practice security best practice
>> automatic and as painless as possible by letting you temporarily elevate
>> on-the-fly on an as-needed basis.
>>
>> Also, for home users, there's a tie-in to parental controls here. From a
>> password-protected administrative account you can set parental controls
>> on
>> children's standard accounts and monitor their computer and Internet use.
>> The kids can't get to any of that from their standard accounts (without
>> an
>> administrative password). So they can't tamper with any of that.
>>
>>
>> "Jimmy Brush" <JimmyBrush@discussions.microsoft.com> wrote in message
>> news:3DD0CEBA-1550-486F-9361-9A0F826897A0@microsoft.com...[color=darkred]
>> > Hello,
>> >
>> > I've noticed that a lot of the questions in these newsgroups are either
>> > directly or indirectly related to UAC (User Account Control). In this
>> > post, I will go over what UAC does, how it works, the reasoning behind
>> > it,
>> > how to use your computer with UAC on, why you shouldn't turn UAC off,
>> > and
>> > answer some common questions and respond to common complaints about it.
>> >
>> >
>> > * What is UAC and what does it do?
>> >
>> > UAC mode (also known as Admin Approval Mode) is a mode of operation
>> > that
>> > (primarily) affects the way administrator accounts work.
>> >
>> > When UAC is turned on (which it is by default), you must explicitly
>> > give
>> > permission to any program that wants to use "administrator" powers. Any
>> > program that tries to use admin powers without your permission will be
>> > denied access.
>> >
>> >
>> > * How does UAC work
>> >
>> > When UAC mode is enabled, every program that you run will be given only
>> > "standard user" access to the system, even when you are logged in as an
>> > administrator. There are only 2 ways that a program can be "elevated"
>> > to
>> > get full admin access to the system:
>> >
>> > - If it automatically asks you for permission when it starts up, and
>> > you
>> > click Continue
>> > - If you start the program with permission by right-clicking it, then
>> > clicking Run As Administrator
>> >
>> > A program either starts with STANDARD rights or, if you give
>> > permission,
>> > ADMINISTRATOR rights, and once the program is running it cannot change
>> > from one to the other.
>> >
>> > If a program that you have already started with admin powers starts
>> > another program, that program will automatically be given admin powers
>> > without needing your permission. For example, if you start Windows
>> > Explorer as administrator, and then double-click on a text file,
>> > notepad
>> > will open and display the contents of the text file. Since notepad was
>> > opened from the admin explorer window, notepad WILL ALSO automatically
>> > run
>> > WITH admin powers, and will not ask for permission.
>> >
>> >
>> > * What's the point of UAC?
>> >
>> > UAC is designed to put control of your computer back into your hands,
>> > instead of at the mercy of the programs running on your computer.
>> >
>> > When logged in as an administrator in Windows XP, any program that
>> > could
>> > somehow get itself started could take control of the entire computer
>> > without you even knowing about it.
>> >
>> > With UAC turned on, you must know about and authorize a program in
>> > order
>> > for it to gain admin access to the system, REGARDLESS of how the
>> > program
>> > got there or how it is started.
>> >
>> > This is important to all levels of users - from home users to
>> > enterprise
>> > administrators. Being alerted when any program tries to use admin
>> > powers
>> > and being able to unilaterally disallow a program from having such
>> > power
>> > is a VERY powerful ability. No longer is the security of the system
>> > tantamount to "crossing one's fingers and hoping for the best" - YOU
>> > now
>> > control your system.
>> >
>> >
>> > * How do I effectively use my computer with UAC turned on?
>> >
>> > It's easy. Just keep in mind that programs don't have admin access to
>> > your
>> > computer unless you give them permission. Microsoft programs that come
>> > with Windows Vista that need admin access will always ask for admin
>> > permissions when you start them. However, most other programs will not.
>> >
>> > This will change after Windows Vista is released - all Windows
>> > Vista-era
>> > programs that need admin power will always ask you for it. Until then,
>> > you
>> > will need to run programs that need administrative powers that were not
>> > designed for Windows Vista "as administrator".
>> >
>> > Command-line programs do not automatically ask for permission. Not even
>> > the built-in ones. You will need to run the command prompt "as
>> > administrator" in order to run administrative command-line utilities.
>> >
>> > Working with files and folders from Windows Explorer can be a real pain
>> > when you are not working with your own files. When you are needing to
>> > work
>> > with system files, files that you didn't create, or files from another
>> > operating system, run Windows Explorer "as administrator". In the same
>> > vein, ANY program that you run that needs access to system files or
>> > files
>> > that you didn't create will need to be ran "as administrator".
>> >
>> > If you are going to be working with the control panel for a long time,
>> > running control.exe "as administrator" will make things less painful -
>> > you
>> > will only be asked for permission once, instead of every time you try
>> > to
>> > change a system-wide setting.
>> >
>> > In short:
>> >
>> > - Run command prompt as admin when you need to run admin utilities
>> > - Run setup programs as admin
>> > - Run programs not designed for Vista as admin if (and only if) they
>> > need
>> > admin access
>> > - Run Windows Explorer as admin when you need access to files that
>> > aren't
>> > yours or system files
>> > - Run programs that need access to files that aren't yours or system
>> > files
>> > as admin
>> > - Run control.exe as admin when changing many settings in the control
>> > panel
>> >
>> >
>> > * UAC is annoying, I want to turn it off
>> >
>> > Having to go through an extra step (clicking Continue) when opening
>> > administrative programs is annoying. And it is also very frustrating to
>> > run a program that needs admin power but doesn't automatically ask you
>> > for
>> > it (you have to right-click these programs and click Run As
>> > Administrator
>> > for them to run correctly).
>> >
>> > But, keep in mind that these small inconveniences are insignificant
>> > when
>> > weighed against the benefit: NO PROGRAM can get full access to your
>> > system
>> > without you being informed. The first time the permission dialog pops
>> > up
>> > and it is from some program that you know nothing about or that you do
>> > not
>> > want to have access to your system, you will be very glad that the
>> > Cancel
>> > button was available to you.
>> >
>> >
>> > * Answers to common questions and responses to common criticism
>> >
>> > Q: I have anti-virus, a firewall, a spyware-detector, or something
>> > similar. Why do I need UAC?
>> >
>> > A: Detectors can only see known threats. And of all the known threats
>> > in
>> > existence, they only detect the most common of those threats. With UAC
>> > turned on, *you* control what programs have access to your computer -
>> > you
>> > can stop ALL threats. Detectors are nice, but they're not enough. How
>> > many
>> > people do you know that have detectors of all kinds and yet are still
>> > infested with programs that they don't want on their computer? Everyone
>> > that I have ever helped falls into this category.
>> >
>> >
>> > Q: Does UAC replace anti-virus, a firewall, a spyware-detector, or
>> > similar
>> > programs?
>> >
>> > A: No. Microsoft recommends that you use a virus scanner and/or other
>> > types of security software. These types of programs compliment UAC:
>> > They
>> > will get rid of known threats for you. UAC will allow you to stop
>> > unknown
>> > threats, as well as prevent any program that you do not trust from
>> > gaining
>> > access to your computer.
>> >
>> >
>> > Q: I am a system administrator - I have no use for UAC.
>> >
>> > A: Really? You don't NEED to know when a program on your computer runs
>> > with admin powers? You are a system administrator and you really could
>> > care less when a program runs that has full control of your system, and
>> > possibly your entire domain? You're joking, right?
>> >
>> >
>> > Q: UAC keeps me from accessing files and folders
>> >
>> > A: No, it doesn't - UAC protects you from programs that would try to
>> > delete or modify system files and folders without your knowledge. If
>> > you
>> > want a program to have full access to the files on your computer, you
>> > will
>> > need to run it as admin. Or as an alternative, if possible, put the
>> > files
>> > it needs access to in a place that all programs have access to - such
>> > as
>> > your documents folder, or any folder under your user folder.
>> >
>> >
>> > Q: UAC stops programs from working correctly
>> >
>> > A: If a program needs admin power and it doesn't ask you for permission
>> > when it starts, you have to give it admin powers by right-clicking it
>> > and
>> > clicking Run As Administrator. Programs should work like they did in XP
>> > when you use Run As Administrator. If they don't, then this is a bug.
>> >
>> >
>> > Q: UAC keeps me from doing things that I could do in XP
>> >
>> > A: This is not the case. Just remember that programs that do not ask
>> > for
>> > permission when they start do not get admin access to your computer. If
>> > you are using a tool that needs admin access, right-click it and click
>> > Run
>> > As Administrator. It should work exactly as it did in XP. If it does
>> > not,
>> > then this is a bug.
>> >
>> >
>> > Q: UAC is Microsoft's way of controlling my computer and preventing me
>> > from using it!
>> >
>> > A: This is 100% UNTRUE. UAC puts control of your computer IN YOUR HANDS
>> > by
>> > allowing you to prevent unwanted programs from accessing your computer.
>> > *Everything* that you can do with UAC turned off, you can do with it
>> > turned on. If this is not the case, then that is a bug.
>> >
>> >
>> > Q: I don't need Windows to hold my freaking hand! I *know* what I've
>> > got
>> > on my computer, and I *know* when programs run! I am logged on as an
>> > ADMINISTRATOR for a dang reason!
>> >
>> > A: I accept the way that you think, and can see the logic, but I don't
>> > agree with this idea. UAC is putting POWER in your hands by letting you
>> > CONTROL what runs on your system. But you want to give up this control
>> > and
>> > allow all programs to run willy-nilly. Look, if you want to do this go
>> > right ahead, you can turn UAC off and things will return to how they
>> > worked in XP. But, don't be surprised when either 1) You run something
>> > by
>> > mistake that messes up your computer and/or domain, or 2) A program
>> > somehow gets on your computer that you know nothing about that takes
>> > over
>> > your computer and/or domain, and UAC would have allowed you to have
>> > stopped it.
>> >
>> >
>> > - JB
>> >
>> > Vista Support FAQ
>> > [url]http://www.jimmah.com/vista/[/url][/color]
>>[/color][/color]