UAC: Meant to Teach Developers a Lesson

[Thorin]

Mark Russinovich was the author of all the great, free SysInternals Windows tools.  When Microsoft bought out SysInternals, they also hired Mark.  He now has some really interesting blog entries.  Here's one I really liked:

User Account Control: Inside Windows 7 User Account Control

To summarize, UAC is a set of technologies that has one overall goal: to make it possible for users to run as standard users. The combination of changes to Windows that enable standard users to perform more operations that previously required administrative rights, file and registry virtualization, and prompts all work together to realize this goal. The bottom line is that the default Windows 7 UAC mode makes a PA user?s experience smoother by reducing prompts, allows them to control what legitimate software can modify their system, and still accomplishes UAC?s goals of enabling more software to run without administrative rights and continuing to shift the software ecosystem to write software that works with standard user rights.

By "software ecosystem" he means "application developers", as evidenced by this quote:

As we've stated since before the launch of Windows Vista, the primary purpose of elevation is not security, though, it's convenience: if users had to switch accounts to perform administrative operations, either by logging into or Fast User Switching to an administrative account, most users would switch once and not switch back. There would be no progress changing the environment that application developers design for.

So there you have it - millions of users get annoyed so that Microsoft can teach developers to stop using techniques that require administrative rights even though Microsoft is the one who originally had all users running using administrative rights.

Oh, and if you read the rest of the article you learn that UAC can just be turned off, so the default tech support answer for my app will be "turn off UAC".

[Lazybones]

If you are creating NEW applications that access system files unnecessarily you might find your application looked over for one that does it correctly by IT admins in the future.

If you support a legacy app that contains old DCOM or other admin hogging dependencies, yes you may need to turn UAC off OR BETTER create a compatibility SHIM that admins can deploy with your app to create an exception.

[Tom]

I've disabled UAC in windows 7 once. Turns out it makes things very annoying. More annoying than UAC is Trying to change many settings you normally could have before, just doesn't work.