Linked by Eugenia Loli on Wed 8th Aug 2007 22:37 UTC, submitted by mikemuch
Windows Got a computer that's shared by the whole family? Or a computer in an office that has to support more than one user? Vista has a much stronger user accounts feature than XP. Here's how to set up Windows Vista so that everybody's happy.
Thread beginning with comment 261909
To read all comments associated with this story, please click here.
Is this any different?
by sonic2000gr on Wed 8th Aug 2007 23:18 UTC
sonic2000gr
Member since:
2007-05-20

Without discussing Parental controls (I have never used this stuff, don't know much about it), how is the information in this article any different from XP? What is so different in Vista plain user accounts, other than they are discussed a lot because of the UAC and the "administrator who is not really an administrator" thing?

The ability to create standard user accounts was already there in XP and no (home) user probably used it. Why? 1. Ignorance (the user is never prompted during setup to create a standard account for everyday use, and neither is reminded afterwards. It seems XP shows a lot of annoying "balloons" but never the right ones) 2. Most programs will not work without administrative rights. Why? Microsoft tolerated this behaviour from third party developers. This was exaggerated by the fact previous 9x version had no concept of user accounts with different rights. Developers just continued on this 'default' model.Users quickly found out they would be in trouble by standard user accounts.

So how is this different in Vista? Unless the policy is changed at the developer level, we will not see much improvement. Sure, Office works, Explorer works and a few other programs work. But a FEW.

IMHO the UAC thing is Microsoft's way of signaling the industry there is a change coming in the user management and the default model of user accounts. UAC itself is ugly and pretty much useless after a while (everybody simply clicks) but it is a sign for the things to come. Vista is an in between version, guess Microsoft will have it right by the next version.

The *NIX crowd got this right from the beginning. Microsoft is plagued by initial bad design and the ugly backwards compatibility...

Reply Score: 4

RE: Is this any different?
by JonathanBThompson on Wed 8th Aug 2007 23:42 in reply to "Is this any different?"
JonathanBThompson Member since:
2006-05-26

Indeed, options on accounts have always existed, with fine-grain details, on all Win32 systems that were derived from the NT codebase, which includes NT 3.1-4.0, Windows 2000, Windows XP, Windows 2003 Server and Vista. It's correct that Microsoft didn't enforce that developers take care of using security-aware installations and regular modes of running, and that's true as well for software that never ran on the Win9x codebase (Windows 95-ME) I suspect largely because Win9x was the majority of buyers of Win32, where most applications that might not run in a work environment that needs to be controlled were run. If you developed for something NT-based, and then wanted to use that for 9x, where the NT-based stuff had proper security modes setup, it simply wouldn't work as-is on 9x, and thus, in a lot of cases, the lowest functional common denominator (9x, which ignores all API things that use security keys) ruled.

Thus, we have the mess we have today: a pattern where most users and software pointedly ignore the existence of XP-provided security, because people previously also used their software on 9x-based systems, or still are, and that base of 9x-based machines still represents a fairly large userbase that's in use. I know my oldest brother is still sufficiently happy using Windows 98 on his system, and since his needs haven't changed, neither has his OS.

In that respect, Apple had a big help with the major transition from OS 9 to OS X, because there simply wasn't that much backwards compatibility, and simultaneous compatibility for software to aim for, where people expected things to be notably different, and so did developers.

Reply Parent Score: 5

RE[2]: Is this any different?
by Havin_it on Thu 9th Aug 2007 10:23 in reply to "RE: Is this any different?"
Havin_it Member since:
2006-03-10

Exactly right. I admin two XP PCs at work and when I took the job on, I went non-admin with them. For most apps this wasn't a problem, but there were two that gave me massive headaches:

1) Office 97. Okay, this is pretty excusable; Win NT was pretty much only marketed for servers and enterprise workstations (with a hard-workin' enterprise admin) back when this came out. Until the office decide to invest in a this-century office suite, every time we reinstall these boxes I refer to two pages' worth of hack notes to get MSO97 working for non-admin users.

2) Norton Internet Security (2006). Most of the app was OK (the massive resource hogging notwithstanding), but LiveUpdate not so. I tried every trick in the book to get it to run as a startup task with Admin privileges, but everything failed. I (or other Admin-level person) wouldn't be available at the start of every day to login and get updates, so Norton had to go.

A good list of other offenders is here:
http://www.pluralsight.com/wiki/default.aspx/Keith.HallOfShame

Edited 2007-08-09 10:25

Reply Parent Score: 2

RE: Is this any different?
by google_ninja on Thu 9th Aug 2007 03:15 in reply to "Is this any different?"
google_ninja Member since:
2006-02-05

The sign of things to come was the old NT user accounts you were talking about. UAC is what came, albeit with some clunkyness and rough edges.

If you actually read up on it, it is an incredably well designed system. The problem is, as you mentioned, with 1-3 alerts per admin action you want to take, people will simply dismiss it.

It will get better as soon as windows developers start using the APIs that have been available since win2k instead of the legacy single user stuff. And I hope and pray MS will work on not getting in your face so much in later versions.

Until then, I use TweakUAC(http://www.tweak-uac.com/), which turns off most of the prompts for the admin user, while still having the rest of UAC enabled (the service policies, safe mode for ie7, etc)

Reply Parent Score: 4