If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
"Administrative" necessary?
I am annoyed by repeated demands that I be in Administrative mode to
do simple things such as move a file. I am the sole non-paranoid user, owner, and Administrator of a Win7pro Dell. How can I convince Win7 of that fact? Thanks. |
Ads |
#2
|
|||
|
|||
"Administrative" necessary?
|I am annoyed by repeated demands that I be in Administrative mode to
| do simple things such as move a file. | | I am the sole non-paranoid user, owner, and Administrator of a Win7pro | Dell. | | How can I convince Win7 of that fact? Thanks. You can boot in the actual Administrator account. If you want to do that it first has to be made visible. That was discussed last week. As a less extreme measure, you can go into Control Panel user settings and set User Account Control to the lowest level. That should stop the majority of nags. You can also take a file-oriented approach. If you take ownership of files and then grant yourself full control of them then you can do with them as you like. As long as you first take ownership, that approach can be used for *any* file system item. It's a wacky system that doesn't make much sense, but all you really need to know is that taking ownership and giving yourself "permissions" are two different things, and that in many cases you'll need to do the former before you can have success with the latter. That's just how it works. |
#3
|
|||
|
|||
"Administrative" necessary?
| However, moving files around,
| deleting your System folder, is just as hard as it was before. | Most procedures still require multiple steps. I don't | really know of any way to make things "totally convenient". | Assuming one is not worried about security issues and doesn't actually want to delete the system folder (but may want to go so far as, say, removing restrictions on Program Files) it's very much doable by systematically taking ownership of most or all of C drive and removing restrictions. We've talked about this before. After encountering the Win7 mess for the first time I wrote a tool to keep me from tearing my hair out: http://www.jsware.net/jsware/nt6fix.php5#restfix In tests I didn't find anything I couldn't remove restrictions from. I was able to free and move or delete winsxs, for instance. (Not something I'd recommend to the faint of heart, but it can be done. I think you, yourself, have posted details of another way to do the same thing: A Registry tweak that will allow restrictions to be removed via context menu. As I noted above, one doesn't have to tolerate restrictions. But Microsoft have made it both mysterious and tedious to get around them. Security through obscurity. The option they offer is two command line tools, Takeown and CACLS. The menu tweak option puts those tools in the context menu. My utility uses the Windows API to do the same thing conveniently and recursively. (Even the Windows API is an obscure maze when it comes to file restrictions. The excessive, artificial complexity is dizzying. [And a target of scorn by Linux people.] But as with Takeown and CACLS, removing restrictions *can* be done via API.) People who have any experience with scripting could also write their own scripts to automate/recurse Takeown and CACLS. However it's approached, while it may take some work, it only has to be done once. |
#4
|
|||
|
|||
"Administrative" necessary?
Mayayana wrote:
| However, moving files around, | deleting your System folder, is just as hard as it was before. | Most procedures still require multiple steps. I don't | really know of any way to make things "totally convenient". | Assuming one is not worried about security issues and doesn't actually want to delete the system folder (but may want to go so far as, say, removing restrictions on Program Files) it's very much doable by systematically taking ownership of most or all of C drive and removing restrictions. We've talked about this before. After encountering the Win7 mess for the first time I wrote a tool to keep me from tearing my hair out: http://www.jsware.net/jsware/nt6fix.php5#restfix In tests I didn't find anything I couldn't remove restrictions from. I was able to free and move or delete winsxs, for instance. (Not something I'd recommend to the faint of heart, but it can be done. I think you, yourself, have posted details of another way to do the same thing: A Registry tweak that will allow restrictions to be removed via context menu. As I noted above, one doesn't have to tolerate restrictions. But Microsoft have made it both mysterious and tedious to get around them. Security through obscurity. The option they offer is two command line tools, Takeown and CACLS. The menu tweak option puts those tools in the context menu. My utility uses the Windows API to do the same thing conveniently and recursively. (Even the Windows API is an obscure maze when it comes to file restrictions. The excessive, artificial complexity is dizzying. [And a target of scorn by Linux people.] But as with Takeown and CACLS, removing restrictions *can* be done via API.) People who have any experience with scripting could also write their own scripts to automate/recurse Takeown and CACLS. However it's approached, while it may take some work, it only has to be done once. But if we promote such an approach, who is going to help the people who start to see random side effects ? (Like say they run Windows Update and an update doesn't install successfully, and the "repair" tools don't have a clue what is wrong.) If a user understands the permission model better than I do, then perhaps working this way has merit. You can use the Task Scheduler, and schedule a .bat file to run one minute from now, and using that technique, the running .bat runs as the SYSTEM account, and that will open a lot of doors to you as well. But perhaps when you finish, things won't be quite the same as they were before. For a person on a mission to smash stuff, I would recommend an ICACLS /save run, to record the permissions of C: for later. The output is a text file, which can be edited if necessary. Then if the conclusion later was "if only I could put all the stuff I changed back", that text file would be a good starting material. Paul |
#5
|
|||
|
|||
"Administrative" necessary?
On Thu, 21 Jan 2016 19:24:37 -0500, B00ze wrote:
Good day. On 2016-01-21 02:19, Paul wrote: masonc wrote: I am annoyed by repeated demands that I be in Administrative mode to do simple things such as move a file. Disable UAC would prevent being prompted for permission. Read the caveats, before you do this! What caveats? Security? Malware writers have long ago switched their approach so that their crap runs in the USER context and does not bring-up UAC at all, I know, 3 times a client of mine got CryptoWall and not a beep on UAC. I also got infected with a fake A/V (using IE @ work) and no UAC prompt. UAC is completely useless on Windows 7 (unfortunately and beyond belief, you HAVE to turn it on with Win8+ because MS are braindead and stuff doesn't work without it). On both 7 and 8.x, one of the very first things I do on a new install is to disable UAC completely. I also disable System Restore and enable file extension visibility, but those aren't relevant. Do you have an example of a situation where you needed UAC enabled in order for something to work? -- Char Jackson |
#6
|
|||
|
|||
"Administrative" necessary?
On 2016-01-21 20:18, Char Jackson wrote:
On Thu, 21 Jan 2016 19:24:37 -0500, B00ze wrote: Good day. On 2016-01-21 02:19, Paul wrote: masonc wrote: I am annoyed by repeated demands that I be in Administrative mode to do simple things such as move a file. Disable UAC would prevent being prompted for permission. Read the caveats, before you do this! What caveats? Security? Malware writers have long ago switched their approach so that their crap runs in the USER context and does not bring-up UAC at all, I know, 3 times a client of mine got CryptoWall and not a beep on UAC. I also got infected with a fake A/V (using IE @ work) and no UAC prompt. UAC is completely useless on Windows 7 (unfortunately and beyond belief, you HAVE to turn it on with Win8+ because MS are braindead and stuff doesn't work without it). On both 7 and 8.x, one of the very first things I do on a new install is to disable UAC completely. I also disable System Restore and enable file extension visibility, but those aren't relevant. Do you have an example of a situation where you needed UAC enabled in order for something to work? Not in Windows 7. I have "Administrator" and "Me" users, and I want badly to run "Me" as a standard user, but for now I decided to add "Me" to the admin group because I constantly have to tweak the built-in firewall and I can't do that as a normal user. If I finally try and end-up using "Private Firewall" then I will probably make "Me" a simple user. But UAC will remain disabled, it's only useful when your regular user is in the Administrators group. See, that's the strange thing, UAC is only useful if you are an admin, but for REAL security you should NOT be an admin, you should be a regular user. UAC is Microsoft saying "Ok, we give up, everyone should be an admin, we'll just patch it up with UAC." In Windows 10 (and possibly for Win 8) you cannot run "Store Apps" unless UAC is enabled, and since in Win10 the start menu itself is a store app, you're kinda stuck, you have to enable UAC... Best Regards, -- ! _\|/_ Sylvain / ! (o o) Member-+-David-Suzuki-Fdn/EFF/Red+Cross/Planetary-Society-+- oO-( )-Oo Objects on screen are closer than they appear... |
#7
|
|||
|
|||
"Administrative" necessary?
| See, that's the strange thing, UAC
| is only useful if you are an admin, but for REAL security you should NOT | be an admin, you should be a regular user. UAC is Microsoft saying "Ok, | we give up, everyone should be an admin, we'll just patch it up with UAC." | Why do you see it as a risk when it's giving you the option? As Admin you have an option to elevate. As a normal user you don't. You don't trust yourself to have the option? |
#8
|
|||
|
|||
"Administrative" necessary?
On Fri, 22 Jan 2016 20:41:17 -0500, B00ze wrote:
On 2016-01-21 20:18, Char Jackson wrote: On Thu, 21 Jan 2016 19:24:37 -0500, B00ze wrote: Good day. On 2016-01-21 02:19, Paul wrote: masonc wrote: I am annoyed by repeated demands that I be in Administrative mode to do simple things such as move a file. Disable UAC would prevent being prompted for permission. Read the caveats, before you do this! What caveats? Security? Malware writers have long ago switched their approach so that their crap runs in the USER context and does not bring-up UAC at all, I know, 3 times a client of mine got CryptoWall and not a beep on UAC. I also got infected with a fake A/V (using IE @ work) and no UAC prompt. UAC is completely useless on Windows 7 (unfortunately and beyond belief, you HAVE to turn it on with Win8+ because MS are braindead and stuff doesn't work without it). On both 7 and 8.x, one of the very first things I do on a new install is to disable UAC completely. I also disable System Restore and enable file extension visibility, but those aren't relevant. Do you have an example of a situation where you needed UAC enabled in order for something to work? Not in Windows 7. I have "Administrator" and "Me" users, and I want badly to run "Me" as a standard user, but for now I decided to add "Me" to the admin group because I constantly have to tweak the built-in firewall and I can't do that as a normal user. If I finally try and end-up using "Private Firewall" then I will probably make "Me" a simple user. But UAC will remain disabled, it's only useful when your regular user is in the Administrators group. See, that's the strange thing, UAC is only useful if you are an admin, but for REAL security you should NOT be an admin, you should be a regular user. UAC is Microsoft saying "Ok, we give up, everyone should be an admin, we'll just patch it up with UAC." In Windows 10 (and possibly for Win 8) you cannot run "Store Apps" unless UAC is enabled, and since in Win10 the start menu itself is a store app, you're kinda stuck, you have to enable UAC... When the very first Win10 build came out, I loaded it in a VM and almost immediately disabled UAC. The start menu didn't seem to be affected, or at least I didn't notice any difference. I doubt that I could fire that VM up again now, since it's probably expired. -- Char Jackson |
#9
|
|||
|
|||
"Administrative" necessary?
On 2016-01-23 12:09, Char Jackson wrote:
In Windows 10 (and possibly for Win 8) you cannot run "Store Apps" unless UAC is enabled, and since in Win10 the start menu itself is a store app, you're kinda stuck, you have to enable UAC... When the very first Win10 build came out, I loaded it in a VM and almost immediately disabled UAC. The start menu didn't seem to be affected, or at least I didn't notice any difference. I doubt that I could fire that VM up again now, since it's probably expired. Ah, I was led to believe the start menu would not work with UAC disabled, or when using the built-in Administrator account. I could be wrong, I haven't tried 10 yet, just 8.1. I'll stop spreading lies, lol :-) -- ! _\|/_ Sylvain / ! (o o) Member-+-David-Suzuki-Fdn/EFF/Red+Cross/Planetary-Society-+- oO-( )-Oo You klingon sons, you've killed my *******... No, wait... |
#10
|
|||
|
|||
"Administrative" necessary?
On 2016-01-22 22:02, Mayayana wrote:
| See, that's the strange thing, UAC | is only useful if you are an admin, but for REAL security you should NOT | be an admin, you should be a regular user. UAC is Microsoft saying "Ok, | we give up, everyone should be an admin, we'll just patch it up with UAC." | Why do you see it as a risk when it's giving you the option? As Admin you have an option to elevate. As a normal user you don't. You don't trust yourself to have the option? If UAC told me exactly what triggered it, then I would use it, but right now all it says is "do you trust this app?" and that's not enough for me (trust the app to do WHAT exactly?). I prefer running as a standard user, let the app get a permission error and handle it correctly, or fail. When I need to elevate, I RunAs :-) I don't know, I feel safer as a regular user. Hmmmm, now you're making me re-think, tsk tsk tsk - Maybe I could place "Me" in the admin group and enable UAC, possibly then "Windows Firewall Notifier" can make changes to the firewall that way, provided it triggers a UAC prompt. But UAC comes with so many caveats, like not being able to create files in ROOT of C etc, which I don't have to deal with when it's off. Hmmm, I still feel UAC is like M$ giving-up (we should all be running a Micro Kernel by now, with every single process running in user space, but I digress, Linux doesn't have that either, only GNU)... Best Regards, -- ! _\|/_ Sylvain / ! (o o) Member-+-David-Suzuki-Fdn/EFF/Red+Cross/Planetary-Society-+- oO-( )-Oo Okay, I pulled the pin, now what? Hey, where U going? |
Thread Tools | |
Display Modes | Rate This Thread |
|
|