I personally don't believe that Vista/Windows 7's UAC is "enough" for the default setup. You know: the one where there's a single user account on the computer, and maybe the owner bothered to set a password.
See, I think UAC is awesome; no software gets free license to do whatever it wants without the user saying OK first. (We only had the "I hate Vista's UAC" stupidity because no software developers bothered to follow Microsoft's guidelines up until that point and took the "everyone's an admin" easy-way-out.) The problem is that most people will still setup their user account as an admin, and the UAC dialog only asks a Yes/No question for administrators.
It's the same problem we've had for years. What's the average user going to answer when they're trying to do something (watch a funny video, enter a site a friend told them about, etc.), and something else bugs them with a "You can't continue to do what you wanted to do without telling me 'yes' here"? They're going to say "Yes" almost every time. Everyone gets in that "busy mode" where they don't want to be distracted, they just want to get it done.
But what if the dialog made them type in their password? I think it would be sufficiently extra annoying that it would make them lose focus on what they're in the middle of; they'd think, "why do I have to type in my Windows password to do this? I didn't want to install anything.". It's the inconvenience of it that makes people pay attention. Granted, there are still those people who think it's beneath them to pay such attention to a computer, but that's another rant.
Personally, I think there's another way to go about this that would serve the same goal. Microsoft could do the same thing that Firefox does when you go to install an add-on. It puts a count-down timer on the "Yes" button and doesn't enable it until the timer gets to zero. The only thing better would be to include something on or around the button (during the count-down) to further encourage the user to actually READ the dialog box instead of focusing on the count-down itself (hovering over the button waiting to click it).
Wait. I remembered another idea. Remember back when people used WinZip in its shareware mode? Each time you launched it, it would give you a dialog about buying it. The "OK" vs "Buy" buttons would appear in a random order each time so you had to actually think before clicking. I always thought that was a perfect little nuance to get people to "notice" the dialog they were clicking through.
Anyhow, TL;DR...
Making Windows Vista & Windows 7 force an admin account to type in a password ( http://technet.microsoft.com/en-us/library/cc709691%28WS.10%29.aspx#BKMK_S3 )
To change the elevation prompt behavior for administrators
See, I think UAC is awesome; no software gets free license to do whatever it wants without the user saying OK first. (We only had the "I hate Vista's UAC" stupidity because no software developers bothered to follow Microsoft's guidelines up until that point and took the "everyone's an admin" easy-way-out.) The problem is that most people will still setup their user account as an admin, and the UAC dialog only asks a Yes/No question for administrators.
It's the same problem we've had for years. What's the average user going to answer when they're trying to do something (watch a funny video, enter a site a friend told them about, etc.), and something else bugs them with a "You can't continue to do what you wanted to do without telling me 'yes' here"? They're going to say "Yes" almost every time. Everyone gets in that "busy mode" where they don't want to be distracted, they just want to get it done.
But what if the dialog made them type in their password? I think it would be sufficiently extra annoying that it would make them lose focus on what they're in the middle of; they'd think, "why do I have to type in my Windows password to do this? I didn't want to install anything.". It's the inconvenience of it that makes people pay attention. Granted, there are still those people who think it's beneath them to pay such attention to a computer, but that's another rant.
Personally, I think there's another way to go about this that would serve the same goal. Microsoft could do the same thing that Firefox does when you go to install an add-on. It puts a count-down timer on the "Yes" button and doesn't enable it until the timer gets to zero. The only thing better would be to include something on or around the button (during the count-down) to further encourage the user to actually READ the dialog box instead of focusing on the count-down itself (hovering over the button waiting to click it).
Wait. I remembered another idea. Remember back when people used WinZip in its shareware mode? Each time you launched it, it would give you a dialog about buying it. The "OK" vs "Buy" buttons would appear in a random order each time so you had to actually think before clicking. I always thought that was a perfect little nuance to get people to "notice" the dialog they were clicking through.
Anyhow, TL;DR...
Making Windows Vista & Windows 7 force an admin account to type in a password ( http://technet.microsoft.com/en-us/library/cc709691%28WS.10%29.aspx#BKMK_S3 )
To change the elevation prompt behavior for administrators
-
Click Start, click Accessories, click Run, type secpol.msc in the Open box, and then click OK.
-
From the Local Security Settings console tree, click Local Policies, and then Security Options.
-
Scroll down to and double-click User Account Control: Behavior of the elevation prompt for administrators.
-
From the drop-down menu, select one of the following settings:
- Elevate without prompting (tasks requesting elevation will automatically run as elevated without prompting the administrator)
- Prompt for credentials (this setting requires user name and password input before an application or task will run as elevated)
- Prompt for consent (default setting for administrators)
- Elevate without prompting (tasks requesting elevation will automatically run as elevated without prompting the administrator)
-
Click OK.
-
Close the Local Security Settings window.
Comments