UAC - what does it mean in simple terms?

O/S Vista Home Basic 32 bit. I had some IE problems which were also
interferring with my printer causing it not to print. MS/MVP, PA Bear,
helped me solve the IE problem in the IE group, which in turn solved the
printer not working problem. Now I just have 1 little glitch. The printer
will NOT print as long as UAC is enabled but WILL print when UAC is turned
off. I did post this question in the printer group 4 days ago but have had
no responses.
So my question now is this: Is it important for me to have UAC enabled? In
the household there is only 1 computer & 1 printer (both wireless) & I am
the only one who knows how to use the computer. I am not worried about
people tampering around with my computer in my home. I'm a little foggy as
to exactly what UAC controls but from what I can make out it seems it only
involves preventing someone from making unauthorized changes to my computer.
Thus----do I need to worry so much about it?

"tryingtolearn" <tryingtolearn@discussions.microsoft.com> wrote in
message news:AA457177-7EFD-4EBE-AD98-F8E30D79916D@microsoft.com...
> O/S Vista Home Basic 32 bit. I had some IE problems which were also
> interferring with my printer causing it not to print. MS/MVP, PA Bear,
> helped me solve the IE problem in the IE group, which in turn solved
> the printer not working problem. Now I just have 1 little glitch. The
> printer will NOT print as long as UAC is enabled but WILL print when
> UAC is turned off. I did post this question in the printer group 4
> days ago but have had no responses.
> So my question now is this: Is it important for me to have UAC
> enabled? In the household there is only 1 computer & 1 printer (both
> wireless) & I am the only one who knows how to use the computer. I am
> not worried about people tampering around with my computer in my home.
> I'm a little foggy as to exactly what UAC controls but from what I can
> make out it seems it only involves preventing someone from making
> unauthorized changes to my computer. Thus----do I need to worry so
> much about it?

Turn the useless aggravating thing off and enjoy your computer.
--
Helroy

"tryingtolearn" <tryingtolearn@discussions.microsoft.com> wrote in
message news:AA457177-7EFD-4EBE-AD98-F8E30D79916D@microsoft.com...
> O/S Vista Home Basic 32 bit. I had some IE problems which were also
> interferring with my printer causing it not to print. MS/MVP, PA Bear,
> helped me solve the IE problem in the IE group, which in turn solved
> the printer not working problem. Now I just have 1 little glitch. The
> printer will NOT print as long as UAC is enabled but WILL print when
> UAC is turned off. I did post this question in the printer group 4
> days ago but have had no responses.
> So my question now is this: Is it important for me to have UAC
> enabled?

Only you can answer that. Do you do timely backups of both system and
user data and programs? If you have a good recovery plan, then it should
be less important to you to have the protection offered by implementing
limited user accounts.

> In the household there is only 1 computer & 1 printer (both wireless)
> & I am the only one who knows how to use the computer.

Do you run as administrator all of the time, or did you create a limited
user account for your daily activities?

> I am not worried about people tampering around with my computer in my
> home. I'm a little foggy as to exactly what UAC controls...

Actually, UAC enables a limited user easy access to the administrator
account's elevated security token. Most of the complaints stem from
user's inability to settle for limited user rights in their day to day
operations.

> but from what I can make out it seems it only involves preventing
> someone from making unauthorized changes to my computer. Thus----do I
> need to worry so much about it?

Those "unauthorized changes" can be programmatic as well as by physical
access. A program a user runs has the privileges of that user. Running a
malware program from an administrator level account is *much* worse than
running it from a limited user account (in most cases).

"Helroy" <helroy@127.0.0.1> wrote in message
news:ONpEBuJQKHA.220@TK2MSFTNGP02.phx.gbl...
>
> Turn the useless aggravating thing off and enjoy your computer.


Which is one reason why the internet is awash with viruses, trojans and all
sorts of malware because people like you are totally oblivious to computer
security.
All the SECURE operating systems such as Unix, MAC and Linux, ALL have a
form of UAC......

NOTE: Please see my inline replies.....tryingtolearn....

"FromTheRafters" <erratic @nomail.afraid.org> wrote in message
news:%23jEuCAKQKHA.1796@TK2MSFTNGP02.phx.gbl...
> "tryingtolearn" <tryingtolearn@discussions.microsoft.com> wrote in message
> news:AA457177-7EFD-4EBE-AD98-F8E30D79916D@microsoft.com...
>> O/S Vista Home Basic 32 bit. I had some IE problems which were also
>> interferring with my printer causing it not to print. MS/MVP, PA Bear,
>> helped me solve the IE problem in the IE group, which in turn solved the
>> printer not working problem. Now I just have 1 little glitch. The printer
>> will NOT print as long as UAC is enabled but WILL print when UAC is
>> turned off. I did post this question in the printer group 4 days ago but
>> have had no responses.
>> So my question now is this: Is it important for me to have UAC enabled?
>
> Only you can answer that. Do you do timely backups of both system and user
> data and programs? If you have a good recovery plan, then it should be
> less important to you to have the protection offered by implementing
> limited user accounts.

>>>Yes, I have an Iomega eGo portable external hard drive which I do backups
>>>on. I do this at least once a month---or when some program is added or
>>>removed or when big changes take place.
>
>> In the household there is only 1 computer & 1 printer (both wireless) & I
>> am the only one who knows how to use the computer.
>
> Do you run as administrator all of the time, or did you create a limited
> user account for your daily activities?

>>> I run as administrator ALL the time. I never change this. As I said, I
>>> am the only one who uses the computer. There is just myself & my husband
>>> & he can't operate the computer. No kids or grandkids. There are no
>>> other users with any access levels, limited or otherwise.
>
>> I am not worried about people tampering around with my computer in my
>> home. I'm a little foggy as to exactly what UAC controls...
>
> Actually, UAC enables a limited user easy access to the administrator
> account's elevated security token. Most of the complaints stem from user's
> inability to settle for limited user rights in their day to day
> operations.

>>> See my notation in above blurb.
>
>> but from what I can make out it seems it only involves preventing someone
>> from making unauthorized changes to my computer. Thus----do I need to
>> worry so much about it?
>
> Those "unauthorized changes" can be programmatic as well as by physical
> access. A program a user runs has the privileges of that user. Running a
> malware program from an administrator level account is *much* worse than
> running it from a limited user account (in most cases).

>>> Okay, now you sort of lost me. Are you saying that a windows update or a
>>> printer (if I added another) or camera software could run a malware
>>> program on the computer? I'm also a little foggy on what exactly
>>> constitutes malware.

>>> I thank you for your assistance thus far and would appreciate if you
>>> could/would explain a tad more if you have the time & inclination.
>>> Ann.....still....tryingtolearn.
>
>

"tryingtolearn" <tryingtolearn@discussions.microsoft.com> wrote in message
news:21B9C32F-B494-4127-A977-92460D891B48@microsoft.com...
> NOTE: Please see my inline replies.....tryingtolearn....
>

You need to create a space to type your replies. It's very difficult to see
your replies because everything is prefixed with ">"

In reply to your comment that you always run as an administrator I would say
this:

Please be aware that it is considered bad practice to use an Administrator
account on a day-to-day basis. Certainly with Vista and Windows 7 there is
no need to do so, and in fact if you had had experience with 'nix flavours
of operating systems you would know that users almost NEVER run as root (aka
"administrator"). That is one reason why those OS's are considerably more
secure than the Windows varieties.
Running as an administrator constantly /could/ allow nasty things to act on
your computer without you knowing anything about it.
I suggest you create a new Administrator account, call it Tech" or "Admin"
or something like that, (NOT "administrator"), give it a good strong
password, and then convert your normal account to a Standard User account.

"tryingtolearn" <tryingtolearn@discussions.microsoft.com> wrote in
message news:21B9C32F-B494-4127-A977-92460D891B48@microsoft.com...
> NOTE: Please see my inline replies.....tryingtolearn....

Usually, inline replies don't get prefixed with >>>>

However, I was able to find your inline replies despite the
irregularities. )

>>[... timely backups ...]

>Yes, I have an Iomega eGo portable external hard drive which I do
>backups on. I do this at least once a month---or when some program is
>added or removed or when big changes take place.

That is good, at least where your ability to recover is concerned.
Still, malware can do damage to a user that is non-reversible.

[...]

>> Do you run as administrator all of the time, or did you create a
>> limited user account for your daily activities?

> I run as administrator ALL the time. I never change this. As I said, I
> am the only one who uses the computer. There is just myself & my
> husband & he can't operate the computer. No kids or grandkids. There
> are no other users with any access levels, limited or otherwise.

This is a very bad idea. If by chance you *do* execute malware, it will
have 'the keys to the kingdom' and can thoroughly infest your system.
Malware executing in a limited user account has less power to completely
hose your system - making it a much better idea to run limited
'day-to-day'.

>>> I am not worried about people tampering around with my computer in
>>> my home. I'm a little foggy as to exactly what UAC controls...

>> Actually, UAC enables a limited user easy access to the administrator
>> account's elevated security token. Most of the complaints stem from
>> user's inability to settle for limited user rights in their day to
>> day operations.

> See my notation in above blurb.

It is not just about a 'multiuser' system and having passworded
accounts, it is about doing inherently risky things (web browsing) as an
administrator when such things should be done from 'userland' (i.e.
limited user). Sure, there are malware programs that exploit flaws in
programming that allow 'userland' programs to escalate privileges - but
these are usually addressed by the faulty software's vendor in the form
of 'patches'. Running as administrator all the time completely
circumvents this scenario.

Win9x/ME didn't have this ability - everyone was admin - and is most of
the reason it is less secure on the whole than it's contemporaries.

[...]

>> Those "unauthorized changes" can be programmatic as well as by
>> physical access. A program a user runs has the privileges of that
>> user. Running a malware program from an administrator level account
>> is *much* worse than running it from a limited user account (in most
>> cases).

> Okay, now you sort of lost me. Are you saying that a windows update or
> a printer (if I added another) or camera software could run a malware
> program on the computer?

Yes, as these are all "programs" - and "programs" can be "trojanized" or
otherwise "infected" (as with a virus for instance). *If* you ran such a
program as a limited user, it might not have enough privileges to make
systemwide changes. Where running it from an admin account would give it
a way to 'sink its claws' in very deeply.

> I'm also a little foggy on what exactly constitutes malware.

In some cases it is very subjective - basically, it is software that
does things against your wishes - to such an extent that you would call
those actions "malicious" (MALicious softWARE). Sometimes their not
really *malicious* - and some refer to "badware" as these unwanted and
yet not actually malicious programs.

Some may not agree with my definitions for various *ware - yet I'll
wager they *all* will disagree with much of what is defined on various
"authoritative" websites - as do I.

> I thank you for your assistance thus far and would appreciate if you
> could/would explain a tad more if you have the time & inclination.
> Ann.....still....tryingtolearn.

This is a security newsgroup, and computer security *still* involves
user education. Less so, now that OSes have started *enforcing* many
"best practices" to the irritation of those not familiar with operating
under them by choice. So - ask away ... and if my rather general
knowledge isn't enough, there are real experts hereabouts volunteering
their time.

Correction "They're" - not "their" in my last post.

....you know ware

)

Gordon and "FromTheRafters": Sorry about all the >>> in my previous in line
posting. Chalk it up to "newbeeness". ;-) But thanks for bringing it to my
attention. Lesson learned --- and I consider that a good thing!

Thank you both for helping me. Sincerely.
FromTheRafters, your explanations in your last post hit the mark with me and
I now have a much better understanding of these things. You did a good job
of explaining things on a level I could relate to. I finally "get it". I am
no longer going to run day to day as administrator. Am as Gordon suggested
creating a limited user account. Funny how so many terms in computerland
seem to mean just the opposite of what they appear to mean. Thanks for
hanging in there with me! I have much yet to learn but I have learned a few
more things. Once again my thanks to you. Ann --- tryingtolearn

"FromTheRafters" <erratic @nomail.afraid.org> wrote in message
news:uIq4dvVQKHA.1372@TK2MSFTNGP02.phx.gbl...
> "tryingtolearn" <tryingtolearn@discussions.microsoft.com> wrote in message
> news:21B9C32F-B494-4127-A977-92460D891B48@microsoft.com...
>> NOTE: Please see my inline replies.....tryingtolearn....
>
> Usually, inline replies don't get prefixed with >>>>
>
> However, I was able to find your inline replies despite the
> irregularities. )
>
>>>[... timely backups ...]
>
>>Yes, I have an Iomega eGo portable external hard drive which I do backups
>>on. I do this at least once a month---or when some program is added or
>>removed or when big changes take place.
>
> That is good, at least where your ability to recover is concerned. Still,
> malware can do damage to a user that is non-reversible.
>
> [...]
>
>>> Do you run as administrator all of the time, or did you create a limited
>>> user account for your daily activities?
>
>> I run as administrator ALL the time. I never change this. As I said, I am
>> the only one who uses the computer. There is just myself & my husband &
>> he can't operate the computer. No kids or grandkids. There are no other
>> users with any access levels, limited or otherwise.
>
> This is a very bad idea. If by chance you *do* execute malware, it will
> have 'the keys to the kingdom' and can thoroughly infest your system.
> Malware executing in a limited user account has less power to completely
> hose your system - making it a much better idea to run limited
> 'day-to-day'.
>
>>>> I am not worried about people tampering around with my computer in my
>>>> home. I'm a little foggy as to exactly what UAC controls...
>
>>> Actually, UAC enables a limited user easy access to the administrator
>>> account's elevated security token. Most of the complaints stem from
>>> user's inability to settle for limited user rights in their day to day
>>> operations.
>
>> See my notation in above blurb.
>
> It is not just about a 'multiuser' system and having passworded accounts,
> it is about doing inherently risky things (web browsing) as an
> administrator when such things should be done from 'userland' (i.e.
> limited user). Sure, there are malware programs that exploit flaws in
> programming that allow 'userland' programs to escalate privileges - but
> these are usually addressed by the faulty software's vendor in the form of
> 'patches'. Running as administrator all the time completely circumvents
> this scenario.
>
> Win9x/ME didn't have this ability - everyone was admin - and is most of
> the reason it is less secure on the whole than it's contemporaries.
>
> [...]
>
>>> Those "unauthorized changes" can be programmatic as well as by physical
>>> access. A program a user runs has the privileges of that user. Running a
>>> malware program from an administrator level account is *much* worse than
>>> running it from a limited user account (in most cases).
>
>> Okay, now you sort of lost me. Are you saying that a windows update or a
>> printer (if I added another) or camera software could run a malware
>> program on the computer?
>
> Yes, as these are all "programs" - and "programs" can be "trojanized" or
> otherwise "infected" (as with a virus for instance). *If* you ran such a
> program as a limited user, it might not have enough privileges to make
> systemwide changes. Where running it from an admin account would give it a
> way to 'sink its claws' in very deeply.
>
>> I'm also a little foggy on what exactly constitutes malware.
>
> In some cases it is very subjective - basically, it is software that does
> things against your wishes - to such an extent that you would call those
> actions "malicious" (MALicious softWARE). Sometimes their not really
> *malicious* - and some refer to "badware" as these unwanted and yet not
> actually malicious programs.
>
> Some may not agree with my definitions for various *ware - yet I'll wager
> they *all* will disagree with much of what is defined on various
> "authoritative" websites - as do I.
>
>> I thank you for your assistance thus far and would appreciate if you
>> could/would explain a tad more if you have the time & inclination.
>> Ann.....still....tryingtolearn.
>
> This is a security newsgroup, and computer security *still* involves user
> education. Less so, now that OSes have started *enforcing* many "best
> practices" to the irritation of those not familiar with operating under
> them by choice. So - ask away ... and if my rather general knowledge isn't
> enough, there are real experts hereabouts volunteering their time.
>
>
>
>
>

"tryingtolearn" <tryingtolearn@discussions.microsoft.com> wrote in message
news:81B5D0A2-FD83-43CC-8884-E24709F9F375@microsoft.com...
> Gordon and "FromTheRafters": Sorry about all the >>> in my previous in
> line posting. Chalk it up to "newbeeness". ;-) But thanks for bringing
> it to my attention. Lesson learned --- and I consider that a good thing!
>
> Thank you both for helping me. Sincerely.
> FromTheRafters, your explanations in your last post hit the mark with me
> and I now have a much better understanding of these things. You did a good
> job of explaining things on a level I could relate to. I finally "get it".
> I am no longer going to run day to day as administrator. Am as Gordon
> suggested creating a limited user account. Funny how so many terms in
> computerland seem to mean just the opposite of what they appear to mean.
> Thanks for hanging in there with me! I have much yet to learn but I have
> learned a few more things. Once again my thanks to you. Ann ---
> tryingtolearn
>

Hey you're welcome! We all have to start somewhere. Enjoy your exploration
and learning - it's a great world out there!