Apparently a ton of s are having "issues" with permissions, and I too, have grown weary already of trying to get things to work properly. I cannot change my OWN permissions, and I on't have write access, and it denies me the right to change permissions. A lot of my online related programs won't work due to failure to open or write to the files. mIrc being a good example...... Lets go ms, we have a issue here.....................
Permissios
cj wrote:
Apparently a ton of s are having "issues" with permissions, and I too, have grown weary already of trying to get things to work properly. I cannot change my OWN permissions, and I on't have write access, and it denies me the right to change permissions. A lot of my online related programs won't work due to failure to open or write to the files. mIrc being a good example...... Lets go ms, we have a issue here.....................
UAC is a bit clunky (I believe there are plans to improve that though) but an IRC application that requires admin privileges is just plain broken. That is *not* a problem with vista.. in fact it's one of the things that is good about it, because it'll force people to think about security when they write code.
Complain to mIrc authors not Microsoft.
Tony
"Tony Hoyle" wrote:
cj wrote: Apparently a ton of s are having "issues" with permissions, and I too, have grown weary already of trying to get things to work properly. I cannot change my OWN permissions, and I on't have write access, and it denies me the right to change permissions. A lot of my online related programs won't work due to failure to open or write to the files. mIrc being a good example...... Lets go ms, we have a issue here.....................
UAC is a bit clunky (I believe there are plans to improve that though) but an IRC application that requires admin privileges is just plain broken. That is *not* a problem with vista.. in fact it's one of the things that is good about it, because it'll force people to think about security when they write code.
Complain to mIrc authors not Microsoft.
Tony
Tony, Thanks for the response, however, that was mearly and example, with the real issue being, why can't I change my own permissions, and why don't I have full access to everything ?
Hello,
It is helpful to remember that in Windows Vista, even though you are running as an administrator account, every program you run is running under a *standard user* account, and does not have administrator-level permission. The only way a program can get administrator-level permission is if the application automatically prompts you for permission, or if you explicitly give that application permission.
So ... what are the actual ramifications of this when dealing with the filesystem? Let's take a look at the default access permissions for most folders in windows:
- A user has read access to just about everything - A user generally cannot write to anything outside of his profile directory - Any user can create a folder almost anywhere in the filesystem - The owner of a folder has full control over it and its contents - Administrators have almost full control over just about everything
So... this means, that even though you are an running in an admin account, all your explorer windows and programs you run (having normal user credentials) will be able to read almost any file, but will not be able to write anything unless it is in your profile directory, or a directory that you created or took ownership of.
So, here's the major problem:
- Folders and files from a different windows installation probably won't allow you to write to them, even if they're YOUR files you created from a different version of windows.
- You will need to modify their permissions to give either Everyone full access or your user account in Vista full access. Taking ownership of them is NOT RECOMMENDED as you may have trouble accessing them from the other windows installation.
- Managing your files and folders are going to be a real pain ... which brings me to
HOW DO I MANAGE MY FILES AND FOLDERS if explorer run as a standard user ?!?!
Here's how:
- Click Start - Type: explorer.exe - When it shows up under Applications, right-click it and click Run As Administrator
You now have an "administrator" explorer, kind of like a root shell in that other operating system, that will allow you to change permissions and access files as admin, just like in the good 'ol days.
Hope this helps! :)
- JB
Not that it's any help but I have zero problems with Mirc.
"cj" wrote in message
Apparently a ton of s are having "issues" with permissions, and I too, have grown weary already of trying to get things to work properly. I cannot change my OWN permissions, and I on't have write access, and it denies me the right to change permissions. A lot of my online related programs won't work due to failure to open or write to the files. mIrc being a good example...... Lets go ms, we have a issue here.....................
Wouldn't turning off the UAC be easier to do? That will do away with just about all annoyances for now.
"Jimmy Brush" wrote in message
Hello,
It is helpful to remember that in Windows Vista, even though you are running as an administrator account, every program you run is running under a *standard user* account, and does not have administrator-level permission. The only way a program can get administrator-level permission is if the application automatically prompts you for permission, or if you explicitly give that application permission.
So ... what are the actual ramifications of this when dealing with the filesystem? Let's take a look at the default access permissions for most folders in windows:
- A user has read access to just about everything - A user generally cannot write to anything outside of his profile directory - Any user can create a folder almost anywhere in the filesystem - The owner of a folder has full control over it and its contents - Administrators have almost full control over just about everything
So... this means, that even though you are an running in an admin account, all your explorer windows and programs you run (having normal user credentials) will be able to read almost any file, but will not be able to write anything unless it is in your profile directory, or a directory that you created or took ownership of.
So, here's the major problem:
- Folders and files from a different windows installation probably won't allow you to write to them, even if they're YOUR files you created from a different version of windows.
- You will need to modify their permissions to give either Everyone full access or your user account in Vista full access. Taking ownership of them is NOT RECOMMENDED as you may have trouble accessing them from the other windows installation.
- Managing your files and folders are going to be a real pain ... which brings me to
HOW DO I MANAGE MY FILES AND FOLDERS if explorer run as a standard user ?!?!
Here's how:
- Click Start - Type: explorer.exe - When it shows up under Applications, right-click it and click Run As Administrator
You now have an "administrator" explorer, kind of like a root shell in that other operating system, that will allow you to change permissions and access files as admin, just like in the good 'ol days.
Hope this helps! :)
- JB
You are correct, this would work.
However, I think it's important that people understand why they are having problems before they go about disabling things ;)
- JB
Yes but at the same time MS should understand that if I am a user with Admin rights then I should have 'admin rights' and not a restricted set of rights. If we want to restrict users we set them up as standard users..we set up admin users precisely because we want them to be able to do anything..so the next logical step for almost everyone in here is to turn off UAC - kinda defeats whatever anal purpose MS thoguht they were giving the world..You just didn't think about it enough and used Security brainstroming as it's rationale for this ..sometimes you need a bit of common sense....
"Jimmy Brush" wrote:
You are correct, this would work.
However, I think it's important that people understand why they are having problems before they go about disabling things ;)
- JB
UAC must be meant for people unfamiliar with using a computer. For me it was a real pain untill I got to the section which told me what it did and how to disable it. It did take me two days. UAC makes using ones computer very frustrating. LA "Jimmy Brush" wrote in message
You are correct, this would work.
However, I think it's important that people understand why they are having problems before they go about disabling things ;)
- JB
Gordon wrote:
Yes but at the same time MS should understand that if I am a user with Admin rights then I should have 'admin rights' and not a restricted set of rights.
The problem is users *don't* have common sense and programmers are lazy.
XP SP2 supports the model you suggest.. and we still have everyone running as admin all the time and lots of software not working as an ordninary user becauase it tries to do things like write temp files into random areas of the disk.
Initially I hated UAC, but then I've come to realize that it's the only way - the only way to get people to work securely is going to be to force them.
I'd go further TBH.. have the admin users have no interactive login rights by default so UAC is the only way to do an admin task.. and I'd remove 'run as administrator' too - apps that need admin rights should be marked as such and preferably signed.
MS didn't decide to go that far but the halfway will make a huge difference over the next couple of years while software producers finally fix the security problems that they've ignored.
One thing I *do* hate is the virtualisation hack... it makes things look like they work when they don't really, and just makes it harder to find issues.
Tony
Yes but at the same time MS should understand that if I am a user with Admin rights then I should have 'admin rights' and not a restricted set of rights.
Absolutely. That is why you can turn this behavior off.
If we want to restrict users we set them up as standard users..we set up admin users precisely because we want them to be able to do anything..
UAC doesn't stop you from doing anything, as long as you know what you're doing. If it DOES stop you from doing something, then that is a bug and should be reported.
so the next logical step for almost everyone in here is to turn off UAC - kinda defeats whatever anal purpose MS thoguht they were giving the world..
Most users aren't the people in this forum, and MS is doing a huge favor to the world security-wise. I believe this is absolutely the best solution microsoft could come up with.
Best security practice: standard user for everything, elevate when you need admin to accomplish system administration stuff, full "root"-type admin user should never be used.
(Most common) Windows security practice: All users run as full, unrestricted admin
What microsoft is doing is giving us an environment that is exactly the same as in other operating systems, following best security practice ... we elevate when we need to do something admin, the rest of the time we run as normal user.
And ... if you want to run as full root, it's only one checkbox you have to uncheck! Best of both worlds...
Sure, this isn't the normal windows way of doing things ... and because this is new to everyone that makes software, there will be ALOT of compatability issues.
But now the most common windows user, the home user, is automatically, out of the box, using BEST SECURITY PRACTICE instead of WORST SECURITY PRACTICE.
And most administrators I think will prefer using the elevation system once it gets tweaked and they get comfortable with it. Most non-windows admins do this type of administration already.
The only major drawback, besides application compatability, is working with the filesystem.
Most people aren't familiar with the security offered by NTFS (and how much more secure [read: complex] it is than just about any other file system), and this will make system administration difficult. I can only hope Microsoft changes the tools used to administer NTFS permissions to be easier to use, because I think that would make this transition 60% better.
You just didn't think about it enough and used Security brainstroming as it's rationale for this ..sometimes you need a bit of common sense....
I have thought about this extensively.
I am not rationalizing anything. Lots of people here do not understand how Windows Vista does security. I am explaining how this feature works and why things don't work the way they did in XP.
- JB
I totally agree with you, but there are a few things which I want to talk about. I'm a Linux user from years and I love the security model. I can run applications as normal user and only do admin tasks as root when needed, so I love the new model Microsoft has implemented on Vista (read UAC or now LUA). But, normal Windows users never take care of security implications, mainly because the way Microsoft and software developers had implemented the easy way to do things, where the only way to run most software was as administrator. So in my opinion this new security model will be hard to understand by old windows users, but it's the only way to go. Also, I hope Microsoft doesn't allow to disable UAC, and force software developers to write proper code, Who need to run a game as administrator anyway? Why a user wants to get full access to system folders? A lot of viruses, trojans horses and malware were written to take full advantage of users running whith admin privileges, and this in part is because the default user account after setup was created with admin rights. So I think Microsoft is going the right way about security, and old windows users need to change their mind too.
Fernando
Jimmy Brush escribió:
Yes but at the same time MS should understand that if I am a user with Admin rights then I should have 'admin rights' and not a restricted set of rights.
Absolutely. That is why you can turn this behavior off.
If we want to restrict users we set them up as standard users..we set up admin users precisely because we want them to be able to do anything..
UAC doesn't stop you from doing anything, as long as you know what you're doing. If it DOES stop you from doing something, then that is a bug and should be reported.
so the next logical step for almost everyone in here is to turn off UAC - kinda defeats whatever anal purpose MS thoguht they were giving the world..
Most users aren't the people in this forum, and MS is doing a huge favor to the world security-wise. I believe this is absolutely the best solution microsoft could come up with.
Best security practice: standard user for everything, elevate when you need admin to accomplish system administration stuff, full "root"-type admin user should never be used.
(Most common) Windows security practice: All users run as full, unrestricted admin
What microsoft is doing is giving us an environment that is exactly the same as in other operating systems, following best security practice ... we elevate when we need to do something admin, the rest of the time we run as normal user.
And ... if you want to run as full root, it's only one checkbox you have to uncheck! Best of both worlds...
Sure, this isn't the normal windows way of doing things ... and because this is new to everyone that makes software, there will be ALOT of compatability issues.
But now the most common windows user, the home user, is automatically, out of the box, using BEST SECURITY PRACTICE instead of WORST SECURITY PRACTICE.
And most administrators I think will prefer using the elevation system once it gets tweaked and they get comfortable with it. Most non-windows admins do this type of administration already.
The only major drawback, besides application compatability, is working with the filesystem.
Most people aren't familiar with the security offered by NTFS (and how much more secure [read: complex] it is than just about any other file system), and this will make system administration difficult. I can only hope Microsoft changes the tools used to administer NTFS permissions to be easier to use, because I think that would make this transition 60% better.
You just didn't think about it enough and used Security brainstroming as it's rationale for this ..sometimes you need a bit of common sense....
I have thought about this extensively.
I am not rationalizing anything. Lots of people here do not understand how Windows Vista does security. I am explaining how this feature works and why things don't work the way they did in XP.
- JB
Ha ha ok...maybe I am generalising but admin rights should ONLY be given to people who know what they are doing or at least understand the consequences and are pretty switched on about ( like I think I am). I think your vision is a bit more draconian than I could ever subscribe to but fair do's. I don't think it's lazy programmers either just bad programmers......
Common sense is still a wonderful thing to have and work to...
"Tony Hoyle" wrote:
Gordon wrote: Yes but at the same time MS should understand that if I am a user with Admin rights then I should have 'admin rights' and not a restricted set of rights.
The problem is users *don't* have common sense and programmers are lazy.
XP SP2 supports the model you suggest.. and we still have everyone running as admin all the time and lots of software not working as an ordninary user becauase it tries to do things like write temp files into random areas of the disk.
Initially I hated UAC, but then I've come to realize that it's the only way - the only way to get people to work securely is going to be to force them.
I'd go further TBH.. have the admin users have no interactive login rights by default so UAC is the only way to do an admin task.. and I'd remove 'run as administrator' too - apps that need admin rights should be marked as such and preferably signed.
MS didn't decide to go that far but the halfway will make a huge difference over the next couple of years while software producers finally fix the security problems that they've ignored.
One thing I *do* hate is the virtualisation hack... it makes things look like they work when they don't really, and just makes it harder to find issues.
Tony
"Larry" wrote in message
UAC must be meant for people unfamiliar with using a computer. For me it was a real pain untill I got to the section which told me what it did and how to disable it. It did take me two days. UAC makes using ones computer very frustrating. LA "Jimmy Brush" wrote in message You are correct, this would work.
However, I think it's important that people understand why they are having problems before they go about disabling things ;)
- JB
Windows Vista
User login
Related topics
- Sound Recording Mixer will not open in Vista for Line In rec
- Problem on a Intel D945GNT with RAID.
- active sync in vist
- Overall Vista Bugs
- Symantec Antivirus Corp 10.1 won't install
- Network/Internet Conflict
- x64 Vista Beta 2 and SBS
- No Messages Displayed?
- Suggestion: Newsgroups
- Disappearing Desktop
- Problems??
- Vista asking for password on XP
- Problem connecting to some intranet sites
- DVD Burning
- Extracting from .MIG files
- user profile being created at each new login
- Lexmark X1150
- Where is "Run as..." in Vista?
- Start-Up Boot Menu Xp-Vista not Working
- Detecting Moto V3x in Mobile Phone Tools
- VistaBootPRO Version 1 for Windows Vista
- Can't get out of safe mode
- Why Vista doesn't recognize the driver m1573 during install
- I spoke too soon:
- IE7 problem soltion
- Plantronics 320 Bluetooth Headset issue
- Vista Beta 2 5384: Installation Error 8007045D
- No BOOT.INI in Vista? How do I add a third partition?
- Older Systems
- I am having trouble with a Kworld TV tuner/capture card.
- Windows Network Project
- Widescreen on standard monitor
- cannot copy files onto local machine
- Windows Mail Demanded Passport Credentials
- Help Me!! Read & Reply plz.
- WMP11
- Internet Access Blocking for certain user group
- The return to Pre-Vista Beta2.