Nuisance or Necessity? UAC and VMS

User Access Control (aka UAC) is Windows' attempt at thinking for and proactively protecting users. However, this can become a nuisance and a time hog when this feature works against you, especially when installing VMS software. Network administrators and IT departments are notorious for locking down an environment making it difficult to do your job. In this note, we explain why UAC is implemented, how it impacts VMS and what to do about it.

Background of UAC

User Access Control is an added security feature available on a myriad of Windows Operating Systems to better protect your PC; it was initially introduced in Vista (and who uses that OS anyway?) and can be found in Windows 7, 8, and Server 2008. This feature is turned on by default and prevents non-administrators from installing new software or making any changes to the PC that may compromise its security. So in essence, UAC helps IT departments and network administrators to lock down their network and ensure people are not installing Skype, instant messenger, etc.

UAC's Impact on VMSes

The UAC “feature” at the Operating System layer is simply an ON/OFF switch that allows or prevents changes to the registry [link no longer available]. This is important because most, if not all applications require their installer to write some files to the registry so the application functions properly as well as remains as an available program after a reboot.

When installing VMS software, UAC settings should be considered, unless the VMS vendor has automated these configuration steps in their installer. The reason is that the software itself usually saves user specific settings (such as Layout behavior, Auto Login, User Interface customizations, etc) in the Registry of the machine.

This is not an inherent function of UAC but rather the architecture of the VMS Software itself. In order for software settings and the application files to be saved to the computer during installation the user must have permissions to do that. UAC blocks many.

However, some settings such as cameras, path to recorded video and motion zones are stored in the database. This does not require UAC, but does need database administrator level credentials (typically provided as part of the setup).

The VMS Server

If the VMS software installation is attempted without turning off UAC cryptic pop-up messages during the installation process will appear. Messages like “Unable to write iac32.dll” or something similar is an indication the installer is not able to apply the files needed. Additionally, the pop-ups will offer the user the ability to  Skip, Ignore, or Try Again, but none of these options are recommended. They simply ignore the issue or skip important files from being installed causing the software to not function.

The VMS Client

On client machines, an end user may find that each time their VMS client is launched their prior settings (for example, a list of servers) are missing. This is another indication that UAC is on OR the user logged in to the machine is not an administrator because in order for the list of servers to be saved it requires access to modify the registry.

What To Do

Those deploying VMS servers have two options:

• Get the Network Administrator: They will have to enter their password each time you need to install and configure new software.
• Ask your Network administrator to turn off UAC or simply give you an administrator level access at which point you can turn off UAC yourself.

Here's how to turn UAC off:

• Log in as a local Administrator user.
• In the search field, type UAC.
• Select the “Change User Account Control Settings”
• Lower the slider from Always Notify to Never Notify
• Click OK
• Restart the machine for changes to take effect

This video shows it in action:

Conclusion

As a guideline, it is recommended that UAC is temporarily turned off completely prior to beginning the installation process even when you are using a local administrator user login. Installing the VMS without security constraints will ensure the software writes the necessary registry keys to  their proper location and will ensure the software functions as intended. Lastly, once the VMS software is installed, if UAC was disabled, make sure to re-enable it.