Nuisance or Necessity? UAC and VMS

By Sarit Williams, Published May 27, 2013, 12:00am EDT (Info+)

User Access Control (aka UAC) is Windows' attempt at thinking for and proactively protecting users. However, this can become a nuisance and a time hog when this feature works against you, especially when installing VMS software. Network administrators and IT departments are notorious for locking down an environment making it difficult to do your job. In this note, we explain why UAC is implemented, how it impacts VMS and what to do about it.

Background of UAC

**** ****** ********* ** ***** ******** ******* ********* on * ****** ** ******* ********* Systems ** ****** ******* **** **; it *** ********* ********** ** ***** (and *** **** **** ** ******?) and *** ** ***** ** ******* 7, *, *** ****** ****. **** feature ** ****** ** ** ******* and ******** ***-************** **** ********** *** software ** ****** *** ******* ** the ** **** *** ********** *** security. ** ** *******, *** ***** IT *********** *** ******* ************** ** lock **** ***** ******* *** ****** people *** *** ********** *****, ******* messenger, ***.

UAC's ****** ** *****

*** *** “*******” ** *** ********* System ***** ** ****** ** **/*** switch **** ****** ** ******** ******* to *** ******** [**** ** ****** available]. **** ** ********* ******* ****, if ****** ************ ******* ***** ********* ** ***** some ***** ** *** ******** ** the *********** ********* ******** ** **** as ******* ** ** ********* ******* after * ******.

**** ********** *** ********, *** ******** should ** **********, ****** *** *** vendor *** ********* ***** ************* ***** in ***** *********. *** ****** ** that *** ******** ****** ******* ***** user ******** ******** (**** ** ****** behavior, **** *****, **** ********* **************, etc) ** *** ******** ** *** machine.

**** ** *** ** ******** ******** of *** *** ****** *** ************ of *** *** ******** ******. ** order *** ******** ******** *** *** application ***** ** ** ***** ** the ******** ****** ************ *** **** must **** *********** ** ** ****. UAC ****** ****.

*******, **** ******** **** ** *******, **** to ******** ***** *** ****** ***** are ****** ** *** ********. **** does *** ******* ***, *** **** need ******** ************* ***** *********** (********* provided ** **** ** *** *****).

*** *** ******

** *** *** ******** ************ ** attempted ******* ******* *** *** ******* pop-up ******** ****** *** ************ ******* will ******. ******** **** “****** ** write *****.***” ** ********* ******* ** an ********** *** ********* ** *** able ** ***** *** ***** ******. Additionally, *** ***-*** **** ***** *** user *** ******* **  ****, ******, or *** *****, *** **** ** these ******* *** ***********. **** ****** ignore *** ***** ** **** ********* files **** ***** ********* ******* *** software ** *** ********.

*** *** ******

** ****** ********, ** *** **** may **** **** **** **** ***** VMS ****** ** ******** ***** ***** settings (*** *******, * **** ** servers) *** *******. **** ** ******* indication **** *** ** ** ** the **** ****** ** ** *** machine ** *** ** ************* ******* in ***** *** *** **** ** servers ** ** ***** ** ******** access ** ****** *** ********.

What ** **

***** ********* *** ******* **** *** options:

  • *** *** ******* *************: **** **** have ** ***** ***** ******** **** time *** **** ** ******* *** configure *** ********.
  • *** **** ******* ************* ** **** off *** ** ****** **** *** an ************* ***** ****** ** ***** point *** *** **** *** *** yourself.

****'* *** ** **** *** ***:

  • *** ** ** * ***** ************* user.
  • ** *** ****** *****, **** ***.
  • ****** *** “****** **** ******* ******* Settings”
  • ***** *** ****** **** ****** ****** to ***** ******
  • ***** **
  • ******* *** ******* *** ******* ** take ******

**** ***** ***** ** ** ******:

**********

** * *********, ** ** *********** that *** ** *********** ****** *** completely ***** ** ********* *** ************ process **** **** *** *** ***** a ***** ************* **** *****. ********** the *** ******* ******** *********** **** ensure *** ******** ****** *** ********* registry **** **  ***** ****** ******** and **** ****** *** ******** ********* as ********. ******, **** *** *** software ** *********, ** *** *** disabled, **** **** ** **-****** **.

 

Comments (3)

Michael Peele

05/30/13 04:35pm

VMS and other programs should not store settings in the registry. Setting should be stored in the database (which may be shared among multiple servers, multiple users, multiple clients, etc.).

Sarit Williams

05/31/13 04:43am

Thanks Michael, valid point indeed. It is not uncommon to have a VMS store user settings in the registry. One possible reasoning is that storing in the database would cause the end user's client application to lose all favorite settings in case of a database failure or maybe a sub LAN connection loss to the database server itself.

Moreover, general settings for the (thick) client application such as data connection string to the database and VMS server must be stored in the registry. Creating a VMS with this architecture in mind allows the client to operate with minimal feature loss in some cases. Keep in mind though that this is certainly not the best design and probably a good indicator the software was created using an older technology or developer skill. For example, if using .config or XML settings file it would reduce the registry dependency which is also a huge security issue if not done properly.

Seth Everson

06/04/13 01:15pm
As for VMS software storing data, that's a different issue than what UAC is trying to address. VMS clients and potentially server software will need to store data in the registry, like window sizes, user settings, etc.. If your VMS triggers UAC during normal use, it is poorly written software. Windows added UAC as a major security measure against malicious software altering Windows settings without permission. This includes trojans, worms, and viruses. Turning off UAC is a bad practice. If you disable it, you hamstring an important tool in the fight against these security threats. Be sure it is enabled. Even during installation, if you have to turn it off, that's a red flag. Make sure you use the context menu option of Run As Administrator when installing software. It will elevate your privileges to install the software. Keep in mind that UAC is a clone of the Unix su command, and imitates that function. It took Microsoft until Vista to realize how important it is to not run everything as administrator all the time.
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports