We've just upgraded to Windows 2008 server, and I'm already getting really sick of approving dozens of UAC messages. I normally disable UAC on my personal Vista machines, but I'm reluctant to do this on our server. Is there any particular reason I should leave it on?
SnapOverflow
It shouldn't be bothering you too much because you shouldn't be working directly on the server computer's desktop all that much for it to be an issue. You should be installing the admin. tools on a client computer, logging-on with a non-administrative account on that client computer for day-to-day work, and running the admin. tools with "Run As" and an administrative account.
It sounds painful, but it's the best strategy for keeping server computers secure from unwanted malicious software or accidental damage.
If this is just your personal machine then turn UAC off. It's a business machine, leave UAC on and stop using the server's desktop.
It's easy to say it's a bad idea to turn it off, but if you run tons of 3rd party custom apps like we do through a citrix environment, UAC steps all over program's ability to run properly.
Yes diabling UAC is a bad idea. You should not disable it on your personal machines or your servers. It's a minor inconvienience with a sizeable payoff. The UAC on the server should be annoying as a reminder that everythig you are doing should and could be done without being logged onto the servers desktop.
Added safety, to be simple. If users aren't regularly installing software on the server, it's probably best to leave it on there.
In an ideal world you could just turn UAC off and everything would hum along fine with no isues. It's not an ideal world, and UAC exists for a reason - to warn you that an application you're using is about to make some potentially serious changes or do some deep-down OS-level stuff that might make your system unhappy IF the app is in any way malicious or plain-old-fashioned badly-written.
I'd be seriously concerned about the kind of apps you're running on your server if you're generating a lot of UAC prompts. On the other hand, if it's something like Lotus Domino that might just be the way things have got to be (we don't all have nice clean servers that only require the MS admin tools to manage...)
We found that we are not able to assign Microsoft SQL Server Reportin Services Report Manager roles to NT Groups unless the User Access Control is turned off. This is a Microsoft application that does not work well with their own security settings. Since we are using Groups in role assignment to implement security, having this security setting prevent it is an oxymoron. It depends on why you want to disable UAC.
It depends on your environment really. I'd say if you consider yourself a decent admin with a secure environment, then it's probably safe to turn off. I've turned it off on a few of our boxes partly due to my ignorance of forgetting to run things as an admin. It saves me time and hassle. And honestly some of these boxes are so protected and locked down already, I'm not missing much if I turn it off.
In short: Yes!
Per this.
(This question here is old.)
our monitoring software need WMI to run the types of windows reports we want instead of SNMP...but of course UAC is not allowing it access. Seems a no brainer to turn it off!