Since I’ve spent a significant portion of my career repackaging applications, I’m all-too familiar with lazy vendors who assume users have admin rights and won’t support packaging the app to a locked-down environment, even though that’s been the enterprise standard for a decade or more (MSI was released in ‘99/2000, and apps were brute-force repackaged before then).

Still, I’m not seeing a benefit to UAC in the real world. Yes, it does expose improperly-engineered apps, but that exposure doesn’t help the end user in the moment who has to deal with that poorly-engineered app…it merely exposes it and makes working with it require extra clicks on screens that a typical end-user won’t even read, or they’ll just get used to having those extra clicks. While enterprise environments will simply open specific registry perms to allow the app to work (as they already have to do), the SOHO environments will give the user admin rights-it’s faster and they don’t have the luxury of time for discovering which perms it requires.

UAC is an interesting idea, and it’s good MS put effort into solving the underlying issue: too many things in windows require admin priveleges, and too many users aren’t very savvy. Unfortunately, it seems to only address a small class of users. Hell, I don’t run any of my machines (or my family’s) machines as restricted users-the administrative overhead is just too high. It’s easier to let everyone run as admin, use good prevention and scanning tools, and clean up the machines occasionally.

Not only at home, but I think it would be worse at work. At work, people would be more inclined to click OK for anything because “Hey” it’s not your PC or business. Let the supervisor sort it out if anything goes wrong.

Also, mostly no one knows whether they are suppose to click OK to something or not. Why not do an ‘in the wild’ survey of a firm with 100 – 500 employees. Load something they are NOT suppose to elevate or click OK and see how many do.

So, what’s the point of UAC? Except to very knowledgeable geeks!

Don’t expect a firms employees to give a shit about UAC – or even know what it is.

I’ve spent most of my career in enterprise environments (thousands of PC’s, hundreds of servers), and have supported a small-business equivalent of home users (family and friends, about 30 machines in all). In the enterprise, workstations are locked down, users have limited access, and all installations are managed via SMS or manual installs performed by a small group with administrative rights, so UAC isn’t really useful (or is there an enterprise model where it is?).

I see the potential benefit of UAC for the home user, although my experience is that home users eventually get tired of the prompts, and ask to have it disabled. Also, making home users reduced accounts can be done, but I find it actually costs more in support effort (because then they HAVE to call me for advanced config, or I have to give them an admin account, which they end up using all the time anyway), and isn’t the purpose of UAC to reduce support needs by reducing infections, etc?

I guess I’m just missing the model where UAC is truly beneficial and it’s objectives can’t be accomplished through other, more traditional methods which are also required for disaster recovery/new systems anyway (real physical firewall, good regular backups, images or unattended setup) .

Any thoughts? What am I missing?