Beyond Disabling UAC: Enable Networkable Admin Access

by Jon Davis 6. February 2008 12:34

Windows Vista and Windows Server 2008 both disable administrative access when accessing via a network. So all those administrative things you're used to doing, like accessing an administrative share (\\machinename\D$) have to be thrown out when you use Vista or Server 2008.

However, you can bring it back, Windows XP / 2003 style. The key is in the registry, at KHLM\Software\Microsoft\Windows\CurrentVersion\Policies\System. Add a DWORD value named LocalAccountTokenFilterPolicy with a value of 1. Reboot.

Currently rated 1.4 by 9 people

  • Currently 1.444444/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: , , , ,

Microsoft Windows

Beyond Disabling UAC: Disable Virtual Store

by Jon Davis 5. February 2008 07:22

Something I like about Windows Server 2008 x64 is that it (finally) gives the user the benefit of a doubt when disabling the advanced security options in Internet Explorer. Now it automatically prompts me to install ActiveX controls, for instance, and when I download files from the Internet I no longer have to right-click the file, choose Properties, and "Unlock" before I can use them without security warnings (this being something I've been habitually doing on all file downloads since IE7 was released).

But all is not trusting. I was tinkering with the recent release of the the new OS when I noticed as I was saving stuff to my Program Files directory in a new subdirectory that the new subdirectory didn't exist. Namely, I downloaded Notepad2 and attempted to create a new directory at C:\Program Files (x86)\ called "Notepad2" where I would save the file, then open the directory up in Windows [File] Explorer to unlock and extract the .zip file. Lo and behold, my Internet Explorer "Save As..." dialogue box told me I was looking right at C:\Program Files (x86)\Notepad2, but Windows Explorer insisted that no Notepad2 directory exists in C:\Program Files (x86). Could it be a bug?

Directory virtualization, perhaps? Indeed, I've seen Microsoft do this more and more lately. I knew where to look: C:\Users\jdavis\ ... hmm that's right, Local Settings got moved to AppSettings\Local. VirtualStore? Yes! There it is! "Program Files (x86)", and in there, a "Notepad2" directory, all by itself.

I don't want this. I REALLY don't like this. Microsoft implemented this virtualization feature to work around insecure design bugs in software. Whose software, though? Theirs? Ours? Third parties?

I mean, come on, Microsoft, if you're going to virtualize the Program Files directory like this, go all the way with it and do it in Windows Explorer and the command prompt as well. Heck, do it at the kernel level so that any app running in user space sees this thing where it really is.

Or not. I don't like virtualized paths. It's an administrative nightmare. Let's disable this thing.

So, after turning off UAC from the User Accounts control panel, which I hadn't done yet to this point, I rebooted and still had this problem. Then I tried disabling Local Security Policy -> Security Settings -> Local Policies -> Security Options -> User Account Control: Virtualize file and registry write failures to per-user locations. I think this fixed it. I'll update this blog entry if I find otherwise.

I realize why Microsoft implemented this file path virtualization thing, but IMO it's a crutch and does NOT demonstrate good computing practices despite what some IT folks would proclaim. This is the kind of stuff that just makes computing all the more confusing and difficult to work with. While the intentions were valid, we don't need anymore unexpected twists and turns in our computing experiences.

UPDATE (1/17/2009): This HORRIBLE "feature" ended up in Windows 7 as well!! To fix it now you need to open "Security Configuration Management" where you'll find Local Policies -> Security Options -> "Virtualize file and registry write failures to per-user locations" and disable the thing.

Currently rated 4.6 by 26 people

  • Currently 4.615385/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Tags: , , ,

Microsoft Windows


 

Powered by BlogEngine.NET 1.4.5.0
Theme by Mads Kristensen

About the author

Jon Davis (aka "stimpy77") has been a programmer, developer, and consultant for web and Windows software solutions professionally since 1997, with experience ranging from OS and hardware support to DHTML programming to IIS/ASP web apps to Java network programming to Visual Basic applications to C# desktop apps.
 
Software in all forms is also his sole hobby, whether playing PC games or tinkering with programming them. "I was playing Defender on the Commodore 64," he reminisces, "when I decided at the age of 12 or so that I want to be a computer programmer when I grow up."

Jon was previously employed as a senior .NET developer at a very well-known Internet services company whom you're more likely than not to have directly done business with. However, this blog and all of jondavis.net have no affiliation with, and are not representative of, his former employer in any way.

Contact Me 


Tag cloud

Calendar

<<  October 2018  >>
MoTuWeThFrSaSu
24252627282930
1234567
891011121314
15161718192021
22232425262728
2930311234

View posts in large calendar