When Windows Vista was first released for retail purchase at the beginning of 2007, one of the most common complaints from new Vista users was that UAC (User Access Control) was a real hassle. Some users were really annoyed that Vista kept prompting them for the admin password, or for permission, when they tried to run a program (ex. Acrobat Reader) or perform some common system-related task (ex. view the event logs). I was one of those people who found it to be annoying, but I didn't resort to the drastic kneejerk solution that many Vista users did: turning off UAC.

Instead, I just read up on UAC, in articles like this TechNet article entitled "Achieve the Non-Admin Dream with User Account Control", and in "User Account Control Overview", "Getting Started with User Account Control on Windows Vista", and "Understanding and Configuring User Account Control in Windows Vista". I of course came to the conclusion that UAC had real merit, and was most likely not the work of the devil.

For the next seven months, I left UAC enabled on my Vista R&D box. Note that every box I have is an "R&D box", because even when not officially working - when I'm just surfing the web instead - I'm still playing with malware, checking out phishing sites, browsing through various server and firewall logs, etc. In other words, my Vista box has gigs of malware stored on it, and I've used it to check out thousands of phishing sites, and even evil sites like Robert's ha.ckers.org that "breach browser security" (thanks for the laugh, Robert). I am of course careful to run malware and browsers in a sandbox (so I don't have to reinstall Vista every day). During the course of the past seven months, I was able to tweak UAC, and some of the software that kept generating those annoying "permission" pop-ups, and finally got to the point where the remaining UAC pop-ups were almost bearable.

During those seven months though, as I installed more and more software on what had been a fresh Vista install in January 2007, I found that my box was running slower and slower, and taking longer to boot up ... and those UAC permission pop-ups were becoming more annoying. Note that this Vista box is running an overclocked AMD FX-55, 2GB of Corsair XLL XMS, and an overclocked X800-XT card - hardware that is good for a Windows Experience Index base score of 4.3. Some of the software I use was made back in the Win2k and WinXP days, and doesn't play well with UAC. Last weekend, when I finally got to the point where bootup and system speeds were so annoyingly slow that I was considering going back to XP for basic Windows R&D work, or buying a quad core Intel proc (and consequently 4GB of DDR2 800, a new motherboard, and a pair of 8800 series video cards), I knew that I had to take drastic measures. I went through seven months of Vista UAC event logs, and seven months of memories, and could not find or remember a single instance of UAC saving me from a malware disaster. Consequently, instead of going back to XP, I decided to just gut Vista (or at least the last few features and services I had not already turned off) by disabling all of the stuff I didn't _need_. When I first installed Vista, I disabled things like the Tablet PC, Fax, Offline Files, RDC, Meeting Space, etc services. This time around though, I replaced my already stripped down Aero theme with Windows Classic, turned off Windows Search Indexing and Windows Search ... and disabled UAC.

The end result of my seven month UAC experience is that UAC is simply an annoyance for me that I can safely disable. The rest of my family and friends though (i.e. everybody I grudgingly provide free PC support to) will definitely continue to run UAC. IF you are considering disabling UAC, I strongly recommend that you first read Mark Russinovich's "Inside Windows Vista User Account Control" article in the June 2007 issue of TechNet Magazine, and Jesper Johansson's "The Long-Term Impact of User Account Control" article in the September 2007 issue of TechNet Magazine. The bottom line is that UAC is a very valuable new feature in Windows because it does a pretty good job of finally allowing Windows PC users to do what we've been doing for many years on UNIX and Linux based systems: forcing (or "enabling" as MS likes to say) system users to work in a non-privileged environment.