How can I optimise UAC on Vista 64?

  • Thread starter Thread starter Quentin
  • Start date Start date
Q

Quentin

Guest
Vista 64 SP1, fully patched.

When UAC kicks in, it's a real pain. Not that it kicks in but the way it
kicks in. The screen dims and the system is unresponsive for a couple of
seconds - just long enough for me to notice and then a bit longer. Then the
UAC prompt comes up. I'd like to remove the screen dimming and change it to
the sort of warning prompt you get when you try to run an ActiveX control or
Java applet. Can I do this?

Note that I don't want to disable UAC just modify the behaviour.


--

qts
 
Re: How can I optimise UAC on Vista 64?


"Quentin" <msfeedback@stq.gro.ku.invalid> wrote in message
news:EF98472E-3EF9-4F8D-91A6-18A12EFEB5FC@microsoft.com...
> Vista 64 SP1, fully patched.
>
> When UAC kicks in, it's a real pain. Not that it kicks in but the way it
> kicks in. The screen dims and the system is unresponsive for a couple of
> seconds - just long enough for me to notice and then a bit longer. Then
> the
> UAC prompt comes up. I'd like to remove the screen dimming and change it
> to
> the sort of warning prompt you get when you try to run an ActiveX control
> or
> Java applet. Can I do this?
>
> Note that I don't want to disable UAC just modify the behaviour.
>

I think you're out of luck.
 
Re: How can I optimise UAC on Vista 64?

On Fri, 15 Aug 2008 14:27:02 -0700, Quentin
<msfeedback@stq.gro.ku.invalid> wrote:

>Note that I don't want to disable UAC just modify the behaviour.

I think you're up sh** creek without a paddle.
 
Re: How can I optimise UAC on Vista 64?


XdN Tweaker has an option for turning Secure Desktop off (what the
"blackness" is called). It works in both 32 and 64 bit flavors and you
can get it here:

http://http://xenomorph.net/?page_id=336

There is also a way of doing it by modifying a registry entry but this
is easier.


--
midway64

[Desktop] Acer Aspire M5620 | Intel Core 2 Quad Q6600 2.40GHz | 4GB RAM
| Vista64 HP SP1
[Laptop] Acer Aspire 5570z | Intel Pentium Dual Core T2080 1.76GHz |
2GB RAM | Vista32 HP SP1
 
Re: How can I optimise UAC on Vista 64?

That's called "Secure Desktop" and it can be disabled.

http://www.vistax64.com/tutorials/117448-user-account-control-uac-blacking-out-screen.html

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/


"Quentin" <msfeedback@stq.gro.ku.invalid> wrote in message
news:EF98472E-3EF9-4F8D-91A6-18A12EFEB5FC@microsoft.com...
> Vista 64 SP1, fully patched.
>
> When UAC kicks in, it's a real pain. Not that it kicks in but the way it
> kicks in. The screen dims and the system is unresponsive for a couple of
> seconds - just long enough for me to notice and then a bit longer. Then
> the
> UAC prompt comes up. I'd like to remove the screen dimming and change it
> to
> the sort of warning prompt you get when you try to run an ActiveX control
> or
> Java applet. Can I do this?
>
> Note that I don't want to disable UAC just modify the behaviour.
>
>
> --
>
> qts
>
 
Re: How can I optimise UAC on Vista 64?


"Quentin" <msfeedback@stq.gro.ku.invalid> wrote in message
news:EF98472E-3EF9-4F8D-91A6-18A12EFEB5FC@microsoft.com...
> Vista 64 SP1, fully patched.
>
> When UAC kicks in, it's a real pain. Not that it kicks in but the way it
> kicks in. The screen dims and the system is unresponsive for a couple of
> seconds - just long enough for me to notice and then a bit longer. Then
> the
> UAC prompt comes up. I'd like to remove the screen dimming and change it
> to
> the sort of warning prompt you get when you try to run an ActiveX control
> or
> Java applet. Can I do this?
>
> Note that I don't want to disable UAC just modify the behaviour.

It takes a snapshot of your current screen, darkens it, and switches
to a secure desktop with the darkened screenshot as background.
Then it displays the prompt. It is not just fluff, it is a security measure.

You are probably not able to change this easily.
 
Re: How can I optimise UAC on Vista 64?


"midway64" <guest@unknown-email.com> wrote in message
news:e594a2c1ef466da2012896db5efb161e@nntp-gateway.com...
>
> XdN Tweaker has an option for turning Secure Desktop off (what the
> "blackness" is called). It works in both 32 and 64 bit flavors and you
> can get it here:
>
> http://http://xenomorph.net/?page_id=336
>
> There is also a way of doing it by modifying a registry entry but this
> is easier.
>
>

Yeah, that's a nice set of tools there. I like the UAC black screen disable.

It's a keeper, thanks. :)
 
Re: How can I optimise UAC on Vista 64?


"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
news:%232Wtsu1$IHA.4740@TK2MSFTNGP03.phx.gbl...
>
> "midway64" <guest@unknown-email.com> wrote in message
> news:e594a2c1ef466da2012896db5efb161e@nntp-gateway.com...
>>
>> XdN Tweaker has an option for turning Secure Desktop off (what the
>> "blackness" is called). It works in both 32 and 64 bit flavors and you
>> can get it here:
>>
>> http://http://xenomorph.net/?page_id=336
>>
>> There is also a way of doing it by modifying a registry entry but this
>> is easier.
>>
>>
>
> Yeah, that's a nice set of tools there. I like the UAC black screen
> disable.
>
> It's a keeper, thanks. :)

Disabling the secure desktop feature of the UAC prompt
doesn't exactly "optimize" UAC - in fact it disables UAC
for any malware program smart enough to take advantage
of that change. Sure, maybe it is unlikely that a malware
program exists that can do this, but if enough Vista users
take this option - I'm sure some will be written.
 
Re: How can I optimise UAC on Vista 64?


"FromTheRafters" <erratic@ne.rr.com> wrote in message
news:%23ReDoD5$IHA.4064@TK2MSFTNGP02.phx.gbl...
>
> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
> news:%232Wtsu1$IHA.4740@TK2MSFTNGP03.phx.gbl...
>>
>> "midway64" <guest@unknown-email.com> wrote in message
>> news:e594a2c1ef466da2012896db5efb161e@nntp-gateway.com...
>>>
>>> XdN Tweaker has an option for turning Secure Desktop off (what the
>>> "blackness" is called). It works in both 32 and 64 bit flavors and you
>>> can get it here:
>>>
>>> http://http://xenomorph.net/?page_id=336
>>>
>>> There is also a way of doing it by modifying a registry entry but this
>>> is easier.
>>>
>>>
>>
>> Yeah, that's a nice set of tools there. I like the UAC black screen
>> disable.
>>
>> It's a keeper, thanks. :)
>
> Disabling the secure desktop feature of the UAC prompt
> doesn't exactly "optimize" UAC - in fact it disables UAC
> for any malware program smart enough to take advantage
> of that change. Sure, maybe it is unlikely that a malware
> program exists that can do this, but if enough Vista users
> take this option - I'm sure some will be written.
>
>
You need to provide some proof here that disabling that black screen is
disabling the security functionality you speak about.
 
Re: How can I optimise UAC on Vista 64?

"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
news:%23%23%23y4B7$IHA.1016@TK2MSFTNGP03.phx.gbl...

<snipped>

>> Disabling the secure desktop feature of the UAC prompt
>> doesn't exactly "optimize" UAC - in fact it disables UAC
>> for any malware program smart enough to take advantage
>> of that change. Sure, maybe it is unlikely that a malware
>> program exists that can do this, but if enough Vista users
>> take this option - I'm sure some will be written.
>>
>>
> You need to provide some proof here that disabling that black screen is
> disabling the security functionality you speak about.
>
>

http://technet.microsoft.com/en-us/library/cc709628.aspx

Here's the relevant excerpt:

"Securing the Elevation Prompt

The elevation process is further secured by directing the prompt to the
secure desktop. The consent and credential prompts are displayed on the
secure desktop by default in Windows Vista. Only Windows processes can
access the secure desktop. In addition to the recommendations for
administrators and standard users, Microsoft also strongly recommends that
the User Account Control: Switch to the secure desktop when prompting for
elevation setting should be kept enabled for higher levels of security.

When an executable requests elevation, the interactive desktop (also called
the user desktop) is switched to the secure desktop. The secure desktop
renders an alpha-blended bitmap of the user desktop and displays a
highlighted elevation prompt and corresponding calling application window.
When the user clicks Continue or Cancel, the desktop switches back to the
user desktop.

It is worthwhile to note that malware can paint over the interactive desktop
and present an imitation of the secure desktop, but when the setting is set
to prompt for approval the malware does not gain elevation should the user
be tricked into clicking Continue on the imitation. If the setting is set to
prompt for credentials, malware imitating the credential prompt may be able
to gather the credentials from the user. Note that this does also does not
gain malware elevated privilege and that the system has other protections
that mitigate malware from automated driving of user interface even with a
harvested password."

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/
 
Re: How can I optimise UAC on Vista 64?


"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
news:ehx7iJ7$IHA.3936@TK2MSFTNGP06.phx.gbl...
> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
> news:%23%23%23y4B7$IHA.1016@TK2MSFTNGP03.phx.gbl...
>
> <snipped>
>
>>> Disabling the secure desktop feature of the UAC prompt
>>> doesn't exactly "optimize" UAC - in fact it disables UAC
>>> for any malware program smart enough to take advantage
>>> of that change. Sure, maybe it is unlikely that a malware
>>> program exists that can do this, but if enough Vista users
>>> take this option - I'm sure some will be written.
>>>
>>>
>> You need to provide some proof here that disabling that black screen is
>> disabling the security functionality you speak about.
>>
>>
>
> http://technet.microsoft.com/en-us/library/cc709628.aspx
>

Yeah ok, I see it and see the functionality. However, that little utility
program has some other nice features not that disable *Black* on UAC is a
bad feature either.
 
Re: How can I optimise UAC on Vista 64?

"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
news:e0aMye7$IHA.5096@TK2MSFTNGP02.phx.gbl...
>
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:ehx7iJ7$IHA.3936@TK2MSFTNGP06.phx.gbl...
>> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
>> news:%23%23%23y4B7$IHA.1016@TK2MSFTNGP03.phx.gbl...
>>
>> <snipped>
>>
>>>> Disabling the secure desktop feature of the UAC prompt
>>>> doesn't exactly "optimize" UAC - in fact it disables UAC
>>>> for any malware program smart enough to take advantage
>>>> of that change. Sure, maybe it is unlikely that a malware
>>>> program exists that can do this, but if enough Vista users
>>>> take this option - I'm sure some will be written.
>>>>
>>>>
>>> You need to provide some proof here that disabling that black screen is
>>> disabling the security functionality you speak about.
>>>
>>>
>>
>> http://technet.microsoft.com/en-us/library/cc709628.aspx
>>
>
> Yeah ok, I see it and see the functionality. However, that little utility
> program has some other nice features not that disable *Black* on UAC is a
> bad feature either.
>


Disabling the secure desktop isn't necessarily a bad thing as long as you
understand the implications of doing so. It is automatically disabled when
you RDP to a Vista box for instance.

As the secure desktop is enabled by default it's very unlikely malware would
be coded to look to see if it was disabled and take advantage of that fact.
What percentage of users would be able to figure out that it could be
disabled and then figure out how to do it? How many of those would just say
"Interesting, but so what" then leave it enabled? Although you would be
relying on security by obscurity I think it's very unlikely disabling secure
desktop would actually cause you any harm. Security is all about assessing
risk and managing a balance between mitigating that risk and performing a
task without too many hurdles. For me the increased security of secure
desktop more than makes up for the slight inconvenience it causes.

UAC gives us a few more tools to help manage that balance. All of the
settings that the UAC tweak tools provide were built into Vista to help
people manage UAC. I do agree that some of them give you nice GUI way to do
it though.

--
Kerry Brown
MS-MVP - Windows Desktop Experience: Systems Administration
http://www.vistahelp.ca/phpBB2/
http://vistahelpca.blogspot.com/
 
Re: How can I optimise UAC on Vista 64?


"Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
news:%23%23%23y4B7$IHA.1016@TK2MSFTNGP03.phx.gbl...
>
> "FromTheRafters" <erratic@ne.rr.com> wrote in message
> news:%23ReDoD5$IHA.4064@TK2MSFTNGP02.phx.gbl...
>>
>> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
>> news:%232Wtsu1$IHA.4740@TK2MSFTNGP03.phx.gbl...
>>>
>>> "midway64" <guest@unknown-email.com> wrote in message
>>> news:e594a2c1ef466da2012896db5efb161e@nntp-gateway.com...
>>>>
>>>> XdN Tweaker has an option for turning Secure Desktop off (what the
>>>> "blackness" is called). It works in both 32 and 64 bit flavors and you
>>>> can get it here:
>>>>
>>>> http://http://xenomorph.net/?page_id=336
>>>>
>>>> There is also a way of doing it by modifying a registry entry but this
>>>> is easier.
>>>>
>>>>
>>>
>>> Yeah, that's a nice set of tools there. I like the UAC black screen
>>> disable.
>>>
>>> It's a keeper, thanks. :)
>>
>> Disabling the secure desktop feature of the UAC prompt
>> doesn't exactly "optimize" UAC - in fact it disables UAC
>> for any malware program smart enough to take advantage
>> of that change. Sure, maybe it is unlikely that a malware
>> program exists that can do this, but if enough Vista users
>> take this option - I'm sure some will be written.
>>
>>
> You need to provide some proof here that disabling that black screen is
> disabling the security functionality you speak about.

All of the official documentation I have read about UAC funtionality
indicates that this is so. As far as whether or not it is a good idea to
circumvent this part of UAC - some users don't need UAC at all and
even that extreme is okay with me. They can enable and unhide the
most privileged user account and do without it, but it should be an
informed decision.
 
Re: How can I optimise UAC on Vista 64?

Bother. At least, is there any way of making it faster? If the d*mn thing
came up straightaway, it would be much less of a bother.

--

qts



"FromTheRafters" wrote:

>
> "Quentin" <msfeedback@stq.gro.ku.invalid> wrote in message
> news:EF98472E-3EF9-4F8D-91A6-18A12EFEB5FC@microsoft.com...
> > Vista 64 SP1, fully patched.
> >
> > When UAC kicks in, it's a real pain. Not that it kicks in but the way it
> > kicks in. The screen dims and the system is unresponsive for a couple of
> > seconds - just long enough for me to notice and then a bit longer. Then
> > the
> > UAC prompt comes up. I'd like to remove the screen dimming and change it
> > to
> > the sort of warning prompt you get when you try to run an ActiveX control
> > or
> > Java applet. Can I do this?
> >
> > Note that I don't want to disable UAC just modify the behaviour.
>
> It takes a snapshot of your current screen, darkens it, and switches
> to a secure desktop with the darkened screenshot as background.
> Then it displays the prompt. It is not just fluff, it is a security measure.
>
> You are probably not able to change this easily.
>
>
>
 
Re: How can I optimise UAC on Vista 64?

Quentin wrote:
> Bother. At least, is there any way of making it faster? If the d*mn thing
> came up straightaway, it would be much less of a bother.
>

Why don't you read the rest of the threads in this posts?
 
Re: How can I optimise UAC on Vista 64?



"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> schreef in bericht
news:#OM4F07$IHA.4040@TK2MSFTNGP05.phx.gbl...
> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
> news:e0aMye7$IHA.5096@TK2MSFTNGP02.phx.gbl...
>>
>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
>> news:ehx7iJ7$IHA.3936@TK2MSFTNGP06.phx.gbl...
>>> "Mr. Arnold" <MR. Arnold@Arnold.com> wrote in message
>>> news:%23%23%23y4B7$IHA.1016@TK2MSFTNGP03.phx.gbl...
>>>
>>> <snipped>
>>>
>>>>> Disabling the secure desktop feature of the UAC prompt
>>>>> doesn't exactly "optimize" UAC - in fact it disables UAC
>>>>> for any malware program smart enough to take advantage
>>>>> of that change. Sure, maybe it is unlikely that a malware
>>>>> program exists that can do this, but if enough Vista users
>>>>> take this option - I'm sure some will be written.
>>>>>
>>>>>
>>>> You need to provide some proof here that disabling that black screen is
>>>> disabling the security functionality you speak about.
>>>>
>>>>
>>>
>>> http://technet.microsoft.com/en-us/library/cc709628.aspx
>>>
>>
>> Yeah ok, I see it and see the functionality. However, that little utility
>> program has some other nice features not that disable *Black* on UAC is a
>> bad feature either.
>>
>
>
> Disabling the secure desktop isn't necessarily a bad thing as long as you
> understand the implications of doing so. It is automatically disabled when
> you RDP to a Vista box for instance.
>
> As the secure desktop is enabled by default it's very unlikely malware
> would be coded to look to see if it was disabled and take advantage of
> that fact. What percentage of users would be able to figure out that it
> could be disabled and then figure out how to do it? How many of those
> would just say "Interesting, but so what" then leave it enabled? Although
> you would be relying on security by obscurity I think it's very unlikely
> disabling secure desktop would actually cause you any harm. Security is
> all about assessing risk and managing a balance between mitigating that
> risk and performing a task without too many hurdles. For me the increased
> security of secure desktop more than makes up for the slight inconvenience
> it causes.
>
> UAC gives us a few more tools to help manage that balance. All of the
> settings that the UAC tweak tools provide were built into Vista to help
> people manage UAC. I do agree that some of them give you nice GUI way to
> do it though.
>
> --
> Kerry Brown
> MS-MVP - Windows Desktop Experience: Systems Administration
> http://www.vistahelp.ca/phpBB2/
> http://vistahelpca.blogspot.com/
>
>
>
>
You know, many users would not even think of disabling UAC if it had one
extra option: to remember what was accepted. Just like the way good
firewalls do. But now, if you have to use an application that has to be
checked by the UAC, and you have to use it many times a day, then you have
to tell the UAC every time again that it is OK. That's the ONLY reason that
users wish to disable the UAC.

You can state that this would be less secure but then I ask: what's worse,
using UAC with such a function, of not using UAC at all? Here I see a
tendency that I found in other cases too: Microsoft seems to think that all
users are stupid idiots. The simplest things are "secured" with questions
like: are you sure you want that? I always think then: yeah, I am not an
idiot, stupid! Now you get the situation that users click Yes without even
reading it, because it is overused. That's why I started to use Buzoff
(basta computing) to have it automatically done in cases where this question
is simply too stupid to think about.

If Microsoft would start to look at users as normal behaving people, the
real security issues would be much more accepted.
 
Re: How can I optimise UAC on Vista 64?

On Sun, 17 Aug 2008 10:24:50 +0200, "Flight"
<jPUNTvoorbeeld@gmailPUNTcom> wrote:

>If Microsoft would start to look at users as normal behaving people, the
>real security issues would be much more accepted.

The "real reason" for UAC is supposeldly to nudge software developers
to write Vista-compatible apps, not to burden users with a barrage of
prompts.

Yeah, riiiiiiiiight.
 
Re: How can I optimise UAC on Vista 64?



"Paul Montgomery" <nonnymoose@yahoo.com> schreef in bericht
news:i8ofa4p2mndjahr0ipf2tg7h643rpm7rv2@4ax.com...
> On Sun, 17 Aug 2008 10:24:50 +0200, "Flight"
> <jPUNTvoorbeeld@gmailPUNTcom> wrote:
>
>>If Microsoft would start to look at users as normal behaving people, the
>>real security issues would be much more accepted.
>
> The "real reason" for UAC is supposeldly to nudge software developers
> to write Vista-compatible apps, not to burden users with a barrage of
> prompts.
>
> Yeah, riiiiiiiiight.

Whatever reason they give, it is the user who gets headaches of this. They
refuse to look from our point of view.
 
Re: How can I optimise UAC on Vista 64?



"Junk Yard Dog" <JunkYard@Dog.com> schreef in bericht
news:O0MMg29$IHA.4816@TK2MSFTNGP06.phx.gbl...
> Quentin wrote:
>> Bother. At least, is there any way of making it faster? If the d*mn thing
>> came up straightaway, it would be much less of a bother.
>>
>
> Why don't you read the rest of the threads in this posts?

Exact. Looks like we have to do all the work for him.
 
Re: How can I optimise UAC on Vista 64?


"Flight" <jPUNTvoorbeeld@gmailPUNTcom> wrote in message >>
> You know, many users would not even think of disabling UAC if it had one
> extra option: to remember what was accepted. Just like the way good
> firewalls do. But now, if you have to use an application that has to be
> checked by the UAC, and you have to use it many times a day, then you
> have to tell the UAC every time again that it is OK. That's the ONLY
> reason that users wish to disable the UAC.
>

I can't go with that:

1)Aa personal FW/personal packet filter is not a firewall.
2) The Application Control in personal FW(s)/packet filters has no business
trying to control applications running on the machine, because that can
easily be defeated, nothing but snake-oil in the solution.
3) If UAC accepted a remembered prompt for approval for an actual malware
solution ok-ing it, then it's always going to be run with no challenge, just
like Application Control in PFW(s) -- snake-oil.


> You can state that this would be less secure but then I ask: what's worse,
> using UAC with such a function, of not using UAC at all? Here I see a
> tendency that I found in other cases too: Microsoft seems to think that
> all users are stupid idiots. The simplest things are "secured" with
> questions like: are you sure you want that? I always think then: yeah, I
> am not an idiot, stupid! Now you get the situation that users click Yes
> without even reading it, because it is overused. That's why I started to
> use Buzoff (basta computing) to have it automatically done in cases where
> this question is simply too stupid to think about.

No, you miss a key point of UAC. Since Admin is locked down to Standard user
with two secuirty tokens representing Full Admin Rights and Standard Admin
rights (discussed in the link below), when a situation arises that promps
for Full Admin rtghts such as malware about to be installed, then the user
as a signal that something may be wrong.

http://technet.microsoft.com/en-us/library/cc709691.aspx

Now, take the examples in the link below of a user clicking on something as
Full Admin rights running on Win NT, Win 2k, or Win XP. What's going going
to happen? I'll tell you. The machine is going to be compromised, with a
user sitting there clicking with Full Admin rights. As opposed to Vista with
UAC enabled, Admin is locked down to Standard user, and Admin user is
prompted/challenged for Full Admin rights to do it, which they can see
something is about to happen.

http://www.eweek.com/c/a/Security/Hundreds-Click-on-Click-Here-to-Get-Infected-Ad/

You can apply the same principles above when an Admin user is clicking on an
unknown email attachment with malware in it that wants to install itself on
the machine.

>
> If Microsoft would start to look at users as normal behaving people, the
> real security issues would be much more accepted.

They are treating users like normal people that will not practice safehex
computing, and they will click on everything under the Sun not knowing that
malware is about to install itself. With UAC enabled and they click, they
got a chance of seeing that something may be wrong when prompted to allow or
disallow or give that Admin User-id and PSW if the user is a Standard user
with only a Standard user security token.

I don't see this is really being any different than when a user has to give
that Root Full Admin rights user-id and psw on Linux when root full admin
rights are required.

One doesn't have a ton of applications that require full admin rights to
run. I think I have maybe 4 applications I use that use full admin rights in
order to run. And I am not running those applications all the time, so I get
very little prompts from UAC. The rest can run with Standard user rights.
One doesn't get prompted when the application only needs Standard rights to
run, unless you have Run As Administrator enabled on every
application/program, *you* did it, and you are being prompted all over the
place when you shouldn't be.
 
Back
Top