As the maker/creator of your own website Bink, I am at a loss as to why you would need to run User Access Control in the first place.   I'm all for leaving it on for the individuals who aren't computer savvy but for the rest of us Network Administrators/Tech Savvy folks why do you need it?  It's bad enough we're nothing but a Microsoft Peer to Peer network what with their Genuine Advantage/Updates scheme but why give up control to an operating system that really doesn't know what you want to do?  Why run UAC bypass programs?  If you need them then you clearly aren't the intended UAC audience anyway.  Makes no sense.

this will maybe be useful for scripting purposes, but for endusers i would recommend to look at "Start++"

 http://brandontools.com/content/StartPlusPlus.aspx

BSitko, the answer is simple, Security.

The main point is, do you really want to trust every application you run with full access to do what ever it wants without telling you?

If you are running as admin with full access, then the applications you run automatically have full access. This is dangerous incase one of them gets infected by a virus, then the virus can do anything. If you are using UAC, then the virus would be locked down, unless you chose to run that app with higher access. And, if you are under UAC then chances are the virus would be able to infect to begin with.

Makes plenty sense to me. "Trust no one."

    Rather than security firms spread the "destructive wrath of viruses" perhaps a group of intelligent people can get together and spread awareness.  Don't open that attachment that doesn't look right.  Why is my best friend sending me an attachment that says babygirl.exe?    crpietschmann the security firms have you right where they want you.  In all my years of internet surfing, game playing, social chatting, and general computer usage I have missed the virus bandwagon.  If you are aware of what you are doing, pay attention, and buy a cheap hardware firewall you will not get a virus.  It really is as simple as that.  I refuse to give up CPU cycles to anti-virus/anti-spyware/anti-spam/firewall nonsensical software.  Security firms pray on you being non-computer savvy.  If you were you would realize that all of this is just unnecessary.
    UAC is not the solution to the ultimate problem.  If you can script around UAC now what makes you think it cannot be scripted into a virus later?  I do not need to click endless popups to feel safer.  If Microsoft wanted to build a better operating system they should've created one that helps people understand computers better.  Not creating  the aura of a "safe" operating system. 
    "Trust no one" is a great attitude if you are walking up to the ATM at 12am.   You should at least trust yourself on the computer.  Teaching how has been lost in the profits.
 

My personal opinion about UAC is that it is just about the ONLY way to get developers to stop writing software that "requires" administrative rights when it shouldn't.   While some software is well written and can run w/o being an admin, to many devs got lazy in the 9x days (which had no security) and continued along  blissfully ignorant while creating software for W2K/WXP/W2K3 under the assumption that the person running the software was an administrator on that box (the second incorrect assumption was usually that someone was even logged into the box, but that’s another rant entirely).   So when the Dev is an Admin on his dev box, the tester is an admin on the testing machines, and the QA folks are admins while they run the app through the UAT environment, you end up with software that the end-user can't run w/o being an admin.   

WHY does my 3-year old need to be an admin on our machine at home to play the Zooboomafoo or JJ The Jet Plane games?   Because the Devs didn't think it would be a problem (isn't every 3-year old an admin on the computer they're using?).

UAC will bring these sorts of issues to the forefront with the users, and the users will then complain to the software companies (who hopefully won't be writing KB articles telling users how to disable UAC), and eventually, software companies will have to fix their broken software to allow it to be able to be run as a non-admin (needing admin rights to install is expected, but to run it afterwards?   Complete incompetence...).

BSitko,

Perhaps you misunderstand what this tool provides, and you certainly don't understand how UAC is valuable, even for more advanced computer users.  This does not let you script around UAC, it instead triggers an elevation of privledge and then runs whatever you're opening under that EOP.  It is similar to how "Run as..." allows us to run applications under a different user context.  This tool allows you to run an application at a higher privledge level, but still within the context of the current user -- the user still has to confirm that this is exceptable and expected behavior, hence UAC still acts as sentinal.

Here's an example for you, from the start menu execute this:

notepad %windir%\system32\drivers\etc\hosts

don't make any changes and try to save the file back over itself; you can't.  Now execute this:

elevate.cmd notepad %windir%\system32\drivers\etc\hosts

This time you can save the file.

You could accomplish the exact same thing by typing notepad and starting it with Ctrl-Shift-Enter, or by searching for it in the Start Menu, right clicking on it, and selecting "Run as Administrator".

This is not the same as the XP and Windows 200x trick of holding Ctrl-Shift as you right clicked on a start menu item giving you the "Run as..." prompt to run a program as a different user, more often than not the Administrator account if you practiced Least User Account practices.  In that case, the program actually runs under a different SID as can be observed using Task Manager.  In Vista, UAC gives the user temporary elevation of rights, but they are still running as themselves.

To be able to script that sort of task doesn't make UAC go away, but it gives you a way automate around several UAC tasks in a batch script for instance. I don't have a specific example to demonstrate this, but it is easily demonstrated in a thought experiment.  Let's assume you create a batch file that does long task that requires regular levels, and then a task at the end requiring higher priveldges.  Today, running that batch file will spin its gears for awhile, and then prompt you for UAC before it completes.  If you ran that same script through elevate.cmd, it would prompt you once for UAC at the very beginning and then lower its rights again after it finishes its run; simplifying yourlife, but keeping UAC meaningful.

You could accomplish the same thing without this by starting a cmd window in an elevated state before launching your script, but keeping elevated command prompts sitting around is just inviting trouble... much like turning UAC off, even for the computer savvy.  If something on my computer wants to run with elevated rights, I want to know and I want to approve it.  If this is new behavior for an old app, or I start getting UAC prompts everytime I run something, I'd better start sniffing around for some sort of malware.

    You are correct.  I do not see how UAC is valuable for the savvy types.  I suppose I am not worried or concerned about running processes as Admin as most people.  UAC certainly addresses the needs to those users who should NOT be installing or deleting items.  This lockdown is certainly different from XP because it also allows users to install certain programs they know are okay and don't have to fetch the Administrator to install.  That is how I view UAC.
    Why all the extra time to determine what needs to run with elevated rights and what doesn't?   Running certain processes with  administrator rights versus running some that don't "need" it... good grief.  Making sure every process that runs on your machine only runs with the rights you want.  If you can give me what the difference is (Besides that whole I THINK IT'S MALWARE thing) running "something" with Administrator rights versus not, I'd love to hear it.  For me it's overcomplication.  Why should I worry about CCleaner trying to install itself?  Why do I need permission to make that happen?  (Oh yeah... it needs those pesky Administrator rights).  Clearly this is a debate between who has the control.  I prefer to have control over my machine... I do not install something which to me seems goofy.   Then there's the side who wants the  machine to exhibit the control.  I prefer the former.

BSitko,

What you are perceiving as a loss of control, or replacing control for the user is false.  With UAC, the user still has control and is in no different a position.  The difference is that you have a new way to view what is happening with your system.

Here's another way to look at things, consider navigation systems in cars.  We've had maps for a long time now.  If you are driving in an area unfamiliar to you, you look at a map to give you orientation and bearing.  Then came GPS navigation systems.  You can still use many GPS navigation systems like maps, but if you program in your destination, most of them will give you turn-by-turn instructions to guide you.  Ultimately you are still driving, if a GPS device tells you to drive the wrong way down a one-way street, you use your common sense and find some other way -- you could have the same problem with a map.

Like UAC, there is a potential problem whereby some people will use it as a crutch and drive off the ends of a road under construction (happened recently I heard), but by and large most people will use GPS to supplement what their eyes are telling them.

UAC is that GPS system. It isn't going to solve security problems for you, it is only providing you another tool by which you can detect them for yourself.  It's a checkpoint before a piece of software starts making changes to a system that could problematic.  As more UAC aware software is written, the nag prompts will become less nagging and software will be written so that in general they will be less risky, but at all times UAC will act as that canary in the mine, keying you into significant and potential harmful changes to your system.

Like you, I haven't caught a computer virus since 1992 when a (former) friend of mine gave me my first and only virus, MonkeyB.  I don't engage in at risk software practices that makes me highly suseptable.  Lulled into a false sense of smugness by my I'm-better-than-you computer skills, I'm not going to be caught completely off-guard If I start seeing UAC prompts where I don't expect them; nor am I going to paint over my windshield any time soon.

    xMorpheousx416... I realize I don't need to reply but after re-reading my comment I felt I should.  I left some pieces out of that sentence.  Someone competent enough to produce/create their own website in my mind is not a candidate for using UAC.  That was my point.  I just wish my comments put that across.
    Chinpokomon... good points.  I will continue to leave UAC on for those individuals who I think need it.  It's difficult for me to turn it on and have to beg the machine to allow me to do something.  It sort of reminds me of a 4 year old.  "Can you hand me that?" ... "Why daddy?"  "Please come here!"... "Why daddy?"  Sometimes the answer is "BECAUSE I SAID SO!"

What was commented elsewhere: UAC isn't really helping things. You will have those non-savvy users agreeing to everything. You will have those running as administrator turning off the UAC in the group policy.

The first part reminds me of this guy whjo recently concluded a 6 month salary. You may have heard it. A flashy ad saying something like "click here to download a virus" and over 400 very non-savvy users did [of course there wasn't any virus]. [And of course you'll be seeing a lot more stupid ads posted as well as scum who will actually include a virus at the end.....]

 

If all those users are just saying yes, the answer isn't turning off UAC, the answer is educating those users.  Remeber, UAC doesn't prevent stupid people from doing stupid things, and turning it off doesn't suddenly make those stupid people go hmmm, maybe I don't want to run virus.exe... no offense intended to stupid people, but honestly I don't expect many stupid people to be reading this thread.

"the answer is educating those users."  Bingo.  It's the drug companies problem too... building a better bandaid.  Seems this thread is starting to come around to my way of thinking... perhaps?  [;)]

Do you genuinely not have a feeling you are having a fight against this UAC windmill, BSitko, all alone? Let it go already, UAC is useful and it is here to stay, get used to it.