Windows8.1

[klownboy]

Sammay, there are some definite differences between Windows 7 and Windows 8 as far as running programs, UAC and elevated privileges. For example, even as sole user and Administrator on my Windows 8.1 machine, I can't run some programs on start-up as I could with Windows 7. I had to resort to using the Task Scheduler with elevated rights or other methods in lieu of simply putting the program in the Startup folder as we always could previously.

Much has been written about these changes in Windows 8 / 8.1. Take a look at this site it has some valuable info on running apps on Windows 8. http://www.neowin.net/forum/topic/11207 ... nistrator/ One method breaks the Microsoft Store apps which I wouldn't recommend.
http://www.eightforums.com/tutorials/55 ... s-8-a.html
http://mywindows8.org/grant-permissions-in-windows-8/

[bdeshi]

Thanks klownboy, checking out the links. Anyway, this major frustration aside, 8 seems pretty fast and modernish to me. But can't wait for better poweruser-friendly intelligence from MS

[bdeshi]

I've settled for a compromise: Checked "Run this program as Administrator" in Compatibilty tab in file properties for the exe's of my most used programs. deleted most of my regular irritations.
For anybody else with the same issue, here's a polished script to do the same from within XY. (Applies to current user account by default.)

This script will set all exe files in selection to always run as admin.

Code: Select all

/* script will set all exe files in selection to always run as admin. */
//apply for all users: first run XY as admin, set $a = "HKLM"; (and if your OS is 64bits, set $b = ' /reg:64';)
 $selitms = get("SelectedItemsPathNames", '|');
 $a = "HKCU"; $b = '';
 foreach($itm, "$selitms", '|'){
  if ((exists("$itm") == 1) && (getpathcomponent($itm, ext) == "exe")){
    run "reg.exe add ""$a\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers"" /v ""$itm"" /d ""~ RUNASADMIN"" /f$b",0 , 0;
  }
 }
 msg "Script completed. Check file's Properties->Compatibility to determine success.";

[/size]
Just remember to do it again if any of these exe's are moved to a different location.

[PeterH]

I know and always used the "Administrator" account on xp and 7, but it didn't have limitations. Until win8 came up: appstore restricted. Of course app store it didn't even exist before, but my idea of admin is somebody who has full access to the os, generally speaking.
The store is the big attraction of 8, I want to use it without giving up administrative freedom!

I'm afraid many people always worked as administrator ( ) and MS thought they had to be protected. Now we all have to explicitely allow administrative functions for the administrator

[Filehero]

Now we all have to explicitely allow administrative functions for the administrator

I'm not an expert, but is that approach not vital/central to all unix-like operating systems. At least I remember, I had to "sudo" every non standard action ...

Btw, in the long run I consider those changes a tremendeous improvement for general technical security.


Cheers,
Filehero

[bdeshi]

Yes, but one can argue that administrators don't need to be restrained because they're supposed to know all about technical security. Compare with the root user of linuxes.

[Filehero]

Hi Sammay,

I see where you're coming from. I for myself was sailing the net for years with my default XP admin account.

But I have to object to this

Yes, but one can argue that administrators don't need to be restrained because they're supposed to know all about technical security.

because after 15 years in enterprise IT I clearly know that

... because they're supposed to know ALL about technical security...

is simply untrue, an assumption which is by no means valid - including me. Even in my "best" windows days I was really happy not to be supposed to "approve" any single instance of svchost.exe.

UAC-full-up is my security swiss-knife. If the elevation request pops up w/o me being "asking" for prior to I know the hunt is on... Yes, the downside is increased annoyances - but for me it's worth it.


Cheers,
Filehero

[bdeshi]

I see where you're coming from. I for myself was sailing the net for years with my default XP admin account.

... because they're supposed to know ALL about technical security...

is simply untrue, an assumption which is by no means valid - including me. Even in my "best" windows days I was really happy not to be supposed to "approve" any single instance of svchost.exe.

That's true, I mixed up words. I meant something like, Administrators are considered the supremest users (you can't have a higher account at all!), therefore they should not be restrained.

[nerdweed]

They are not restrained, but just prompted. An exe that you run which you expect to show "Hello world" if prompts for admin rights, it rings the bell.

The success of UAC isn't the nagging prompts, but the suspicious prompts. You already took care run to the exe, its just another click.

[PeterH]

They are not restrained, but just prompted. An exe that you run which you expect to show "Hello world" if prompts for admin rights, it rings the bell.

The success of UAC isn't the nagging prompts, but the suspicious prompts. You already took care run to the exe, its just another click.

I think I don't get it...

If all people would run "hello world" and all those programs not needing admin rights as a normal user, you would be noticed for bad-ware just by a denial message. No need for UAC here.

And if you only start programs needing admin rights as an admin, you would expect and allow admin access every time. Every UAC prompt will be a 'false positive' - and unneccessary.

But as long as people insist on 'always work as admin', UAC is neccessary, and people only doing admin jobs as administrator are disappointed.

As, time ago, MS couldn't convince people of differentiating between normal and admin users, they created the present named UAC - and we all should be happy

[Filehero]

If all people would run "hello world" and all those programs not needing admin rights as a normal user, you would be noticed for bad-ware just by a denial message. No need for UAC here.

Well, I think generating that message requires UAC.

And if you only start programs needing admin rights as an admin, you would expect and allow admin access every time. Every UAC prompt will be a 'false positive' - and unneccessary.

Now, that is something I don't get now.

My standard account is a non-admin one, but regularily I need to run some programs as an admin. So I'm both an administrator and a dumb user, which is perfectly fine since one individual does cover more than one role in real life. For instance, some of my plugs need the host to be run as admin to allow for successful authorization/registration, others - where there's still no portable around - need admin rights for every update etc..
That's why I am happy with UAC. I don't have to switch the account anymore just to update software (which can causes annoyances) - and as an welcome add-on I have some sort of evil sensor** for free.
Yes, I too think there are cases where this concept goes way beyond sanity/common sense (e.g. Speedfan does always need elevation to access the system temperature sensores for readout), but overall I'm satisfied because I think it is an improvement on my side.

**: Also including the "new & modern" evils called Autoupdaters which don't even offer any chance for a prior backup.

Now I hope, I didn't misunderstand you.


Cheers,
Filehero