Topics:
Digital Life : Microsoft
Microsoft Endorses A Fix For Something It Insists Isn't A Problem
That sentence in quotes turned up in my e-mail from a PR guy touting BeyondTrust's BeyondTrust Privilege Manager 3.5. Privilege Manager enhances Microsoft policy management, and this new version is designed to let corporate IT managers run their users in a "least privilege" environment by eliminating most of the UAC prompts they might see when running Windows Vista. Is BeyondTrust maybe stretching the truth a little when it uses that word "endorsing"? Not really. Here's the money quote in the announcement press release, from Austin Wilson, director, Windows Client Security Product Management at Microsoft: Microsoft recognizes that to help create a secure, auditable and compliant enterprise environment all users should be Standard Users and ideally not have administrative privileges or access to administrator passwords. . . . I am pleased to see third-party security vendors such as BeyondTrust improve what is already our most secure business client OS, Windows Vista. The combination of elevating approved applications transparently with Privilege Manager and running UAC in no prompt mode with Internet Explorer in protected mode provides a best of breed solution to the least privilege problem. Am I the only guy who translates that as, "Microsoft admits UAC is broken. Privilege Manager 3.5 fixes it"? Apparently not -- see, for example, Betanews.com's story, Microsoft Endorses Product That Turns Off Vista UAC Nags. Scott Fulton's thorough piece includes a similar quote from another Microsoft employee, Mark Russinovich, Technical Fellow and one of the most widely respected Windows experts in this quadrant of the galaxy. Russinovich isn't down on UAC per se, but he's concerned about the kind of on-the-fly escalation of privileges that UAC both requires and enables. As for me, I'm not as far into the philosophy of Vista security as Rossinovich is, I'm just annoyed by the nagging (see Don't Shut Off Vista UAC, There's A Better Way). I'm glad there's a fix like BeyondTrust Privilege Manager that may help those of you who are corporate IT types, but I'm my own help desk, and for me a "least privilege" environment is not a solution, it's the problem Vista is forcing on me. Recently a commenter posted what looks like a good tip to one of previous blog entries, suggesting a free utility called TweakUAC that you can download from a Web site that includes an interesting take on what UAC does -- and doesn't do. « Is The Google Phone Ready To Launch In India In Two Weeks? | Main | Aggregate Knowledge Aims To Be A Mind Reader On The Web » |
| Sign Up Now For InformationWeek News Alerts |
This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
