I won’t kill you. Truly.

On June 20, 2009, in Security, by

I got this email earlier tonight…..

There are times that UAC on SBS 2008 drives me absolutely crazy.  For a multitude of reasons I need to get access to users’ redirected folders on the server as the administrator.  I just went through this, and after I was first denied access it took me no less than 43 clicks, as well as having to type the user’s username in two separate times (to insure I didn’t break their folder redirection), and wait on somewhere between 3 & 6 separate UAC prompts throughout the process . . .  

And here was my response…

On a server change the security setting to silently elevate.   I won’t kill you. Truly. 

Microsoft has it in their noggin, that as an admin you should not have rights to their folders. I respect that for big server land but down here in the small business space, get real. There are times as an Admin you need access to a user’s folder.  And yes, whenever I click through a process like you just described, it’s not the most wonderful experience at all.  Especially since the person who sent me the email knows what he’s doing, he’s on the server doing adminy stuff, he’s not browsing the Internet, it’s an appropriate choice in this scenerio.

Click on start, Administrative Tools, Local Security Policy, click on Security Settings, Local Policies, Security Options, find the Behavior of the elevation prompt for Administrators.

You can change it to “Elevate without prompting”.

User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode

This security setting determines the behavior of the elevation prompt for administrators

The options are:

• Prompt for consent: An operation that requires elevation of privilege will prompt the Consent Admin to select either Permit or Deny.  If the Consent Admin selects Permit the operation will continue with their highest available privilege.  This option allows users to enter their name and password to perform a privileged task.

• Prompt for credentials: An operation that requires elevation of privilege will prompt the Consent Admin to enter their user name and password.  If the user enters valid credentials the operation will continue with the applicable privilege.

• Elevate without prompting: This option allows the Consent Admin to perform an operation that requires elevation without consent or credentials.  Note: this scenario should only be used in the most constrained environments.

Default: Prompt for consent

Like I said… I won’t kill you


Comments are closed.