I’ve just finished making my complete move to Windows 7. I’ve been running Windows 7 for a while on a number of machines but with the RC I thought I’d move lock-stock-and-barrel to Windows 7.
One of the first things that hit me was around the UAC options. I’ve always left UAC switched on but I’ve generally configured it so that it doesn’t use the secure desktop.
Now, I realise that this is slightly less secure than the default but I do it for a reason and that’s because I do a lot of demos on projectors and if you leave the secure desktop switched on then the screen tends to go dark when the UAC prompt fires up and the room goes a bit dark and the audience gets a bit of a “shock” 🙂
So, I usually switch off the secure desktop aspect – that is, in the local security policy I disable the middle on of these three;
but then today I ran Task Manager and I asked it to “show processes from all users” and I was a bit surprised because I didn’t get a UAC prompt (I’m running as administrator on my machine but UAC is switched on).
Now, you’ll know if you’ve been following along that a process is either elevated or its not and it cannot change that elevation status after it has run and that’s why Task Manager has to go away and come back but how is it coming back elevated on Windows 7 without prompting? Well…there’s a new setting in the Windows 7 local security policy;
which means that Task Manager (being a Windows binary) gets away with not prompting for consent when it runs elevated because it’s part of Windows – at least, I notice that if I toggle this setting then Task Manager goes back to its behaviour on Vista and prompts as it shuts itself down and re-runs itself elevated.