I’m putting folks on notice… while I won’t be too pleased that you do this… but I’d rather folks do an alternative setting in group policy controlling the User Account Control prompt than the alternative of shutting it off completely.
Okay step one you need to go buy this book: And then as you read this you’ll begin to understand why it’s important that we understand in Vista that when people say “but I’m running as Administrator” they really are not THE ADMINISTRATOR. They are not the BUILT IN ADMINISTRATOR and thusly things will be different. And while it’s nicer if you are running as a standard user, even if you are running as an administrator (small caps), you are not THE ADMINISTRATOR like you were in XP era.
So if you are a geek and those UAC prompts are driving you nuts first I’m going to ask exactly what are you doing that makes you get them… like are you fiddling with network connections all the time or what? and secondly I will say that I’m sorry they don’t drive me nuts they REMIND me of when I’m up in the “nosebleed” rights area and I should be careful. But IF and ONLY IF you want to be less annoyed, read page 150 of that book and set up a separate Organizational Unit/Group policy and put the geeks of the office that will annoy you in their complaining with Vista the first month or so into a special bucket so they won’t see that secure desktop prompt.
What you need to do is build an OU and change the group policy setting to do this:
Under this section:
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
Now keep in mind you won’t see that up on your SBS box and you’ll need to connect to the group policy from your Vista machine (I’ll do screen shots later). The default is to prompt for credentials… you can set it to “Elevate without prompting” and the elevation to the admin will be silent. Now this is a bad thing because a malware could be designed to hop on that elevation and get up to admin rights… but (and this is a huge but) it’s WAY better than shutting off UAC completely. Setting this setting leaves IE 7 in protected mode which is an EXTREMELY good thing while turning UAC off completely will turn off IE protected mode as well.
You might even consider setting this setting for a month or two after vista machines are first installed so that your users will be able to install and do the things they think they want to do and then a month or so later, take it back to the defaults where it will prompt you.
I’ll bet you that after this first install period of time you won’t see those prompts nearly like you did before.
But I guarantee you I’ll be less apt to beat you over the head with my 2×4 if you change this setting to silently elevate and not use the secure darkened desktop (which is really a screen shot of what you were working on setting up the elevated session) than if you turn off UAC completely.
Give it a try…. and then turn that prompting back on after a while. I’ll betcha you won’t see it much at all after the machine is set up.