Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

UAC question

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 12-06-2007
Toad
 

Posts: n/a
UAC question
Does anyone know of a way to control which administrator users appear
in the UAC dialog ? It would be nice to have administrator accounts
that cannot be used by a limited user for UAC. Of course, they would
have to know the password for them anyway but the idea is more cosmetic
to just keep the list small in the dialog.

Also, is there a way to select which user in the UAC dialog is the
default chosen one (or the one at the top of the list) ?

Another interesting point - create a group called somegroup, create a
user and add it to the somegroup, and add somegroup to the
administrators group. Log in using a different limited user account and
do a run as administrator, the UAC dialog appears saying to enter a
password, but NO accounts are listed (inluding those directly in the
administrators group) and only the cancel button is available. I was
sort of hoping the was a solution to my first question in that UAC
wouln't traverse nested groups, but it seems to just break it...

Toad


--

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 12-07-2007
Jesper
 

Posts: n/a
RE: UAC question
Unfortunately, there is no way to control what shows up in that dialog.
Normally, on a stand-alone computer it enumerates the local admins and shows
them in the dialog.

On a domain-joined computer it does not and requires you to enter the
username and password, but there is no way to control which dialog you get
other than domain-joining the computer.

Your scenario is interesting and appears to break the elevation altogether.
How did you manage to add a local group to another local group? The GUI
definitely won't let you do that. It is only on the command line that you
can, and doing so is unsupported as far as I know.
---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"Toad" wrote:

> Does anyone know of a way to control which administrator users appear
> in the UAC dialog ? It would be nice to have administrator accounts
> that cannot be used by a limited user for UAC. Of course, they would
> have to know the password for them anyway but the idea is more cosmetic
> to just keep the list small in the dialog.
>
> Also, is there a way to select which user in the UAC dialog is the
> default chosen one (or the one at the top of the list) ?
>
> Another interesting point - create a group called somegroup, create a
> user and add it to the somegroup, and add somegroup to the
> administrators group. Log in using a different limited user account and
> do a run as administrator, the UAC dialog appears saying to enter a
> password, but NO accounts are listed (inluding those directly in the
> administrators group) and only the cancel button is available. I was
> sort of hoping the was a solution to my first question in that UAC
> wouln't traverse nested groups, but it seems to just break it...
>
> Toad
>
>
> --
>
>

Reply With Quote
  #3 (permalink)  
Old 12-10-2007
Toad
 

Posts: n/a
Re: UAC question
Jesper wrote:

> Unfortunately, there is no way to control what shows up in that
> dialog. Normally, on a stand-alone computer it enumerates the local
> admins and shows them in the dialog.
>
> On a domain-joined computer it does not and requires you to enter the
> username and password, but there is no way to control which dialog
> you get other than domain-joining the computer.
>
> Your scenario is interesting and appears to break the elevation
> altogether. How did you manage to add a local group to another local
> group? The GUI definitely won't let you do that. It is only on the
> command line that you can, and doing so is unsupported as far as I
> know. ---
> Your question may already be answered in Windows Vista Security:
> http://www.amazon.com/gp/product/047...protectyourwi-
> 20
>
>
> "Toad" wrote:
>
> > Does anyone know of a way to control which administrator users
> > appear in the UAC dialog ? It would be nice to have administrator
> > accounts that cannot be used by a limited user for UAC. Of course,
> > they would have to know the password for them anyway but the idea
> > is more cosmetic to just keep the list small in the dialog.
> >
> > Also, is there a way to select which user in the UAC dialog is the
> > default chosen one (or the one at the top of the list) ?
> >
> > Another interesting point - create a group called somegroup, create
> > a user and add it to the somegroup, and add somegroup to the
> > administrators group. Log in using a different limited user account
> > and do a run as administrator, the UAC dialog appears saying to
> > enter a password, but NO accounts are listed (inluding those
> > directly in the administrators group) and only the cancel button is
> > available. I was sort of hoping the was a solution to my first
> > question in that UAC wouln't traverse nested groups, but it seems
> > to just break it...
> >
> > Toad
> >
> >
> > --
> >
> >


Thanks, yes did the second part via command line. Of course, this works
better in a domain it seems (groups vs. distribution lists perhaps).
Also, XPSP2 did prevent this group in a group via the net command...

Toad

--

Reply With Quote
  #4 (permalink)  
Old 12-10-2007
Jesper
 

Posts: n/a
Re: UAC question
> > Your scenario is interesting and appears to break the elevation
> > altogether. How did you manage to add a local group to another local
> > group? The GUI definitely won't let you do that. It is only on the
> > command line that you can, and doing so is unsupported as far as I
> > know. ---


> > > Another interesting point - create a group called somegroup, create
> > > a user and add it to the somegroup, and add somegroup to the
> > > administrators group. Log in using a different limited user account
> > > and do a run as administrator, the UAC dialog appears saying to
> > > enter a password, but NO accounts are listed (inluding those
> > > directly in the administrators group) and only the cancel button is
> > > available. I was sort of hoping the was a solution to my first
> > > question in that UAC wouln't traverse nested groups, but it seems
> > > to just break it...


I were able to repro this. Yes, that seems like a bug to me. I submitted it
to Microsoft as a Vista SP1 bug. We'll see if they do anything about it.

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Question about UAC Nate microsoft.public.windows.vista.security 9 10-23-2007 16:31
Question: UAC Chad Harris microsoft.public.windows.vista.general 6 08-27-2007 17:40
UAC and File Compatability Question. John microsoft.public.windows.vista.security 0 07-10-2007 21:05
UAC - one question Rafal Kubiak microsoft.public.windows.vista.general 10 03-17-2007 19:46
Another UAC question =?Utf-8?B?Um9i?= microsoft.public.windows.vista.general 12 03-01-2007 03:00




All times are GMT +1. The time now is 12:55.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120