Windows 7's redesigned User Account Control (UAC) is little more than a superficial tweak aimed at consumers that will do nothing to solve the practical problems for businesses using the technology, a software company has claimed once again.

The company making the assertion has a vested interest - BeyondTrust markets its own Privilege Manager software for controlling and managing admin rights on Windows PCs - but perhaps the company's second blast at the technology in a year makes a valid point.

From Vista onwards, companies have had to decide whether users are given admin rights or whether their ability to perform actions is limited to ‘standard' mode, that is to say heavily restricted. The problem has been that the restricted user mode makes it difficult to perform certain everyday actions, while even in admin mode users can be barraged with nagging prompts.

Windows 7 has modified UAC's design by introducing a slider control that allows two steps in between the two extremes of admin and standard user. According to BeyondTrust, however, the fundamental design remains the same; users either have rights or they don't.

Windows 7 UAC will cut the number of prompts for consumers with admin rights, but businesses will still face the problem of how much control to offer users.

"The core problem remains that there are things that users need to do that require admin privileges," says BeyondTrust's CTO, Eric Voskuil, who coincidentally spent time at Microsoft working on areas related to UAC.

According to Voskuil, this particularly affects the growing number of independent laptop users, who find it impossible with standard user accounts to perform simple tasks such as loading printer drivers or even installing line-of-business ActiveX controls. "It doesn't work. You can't take permissions away from users."

The new level of control being offered to standard users was of little real significance, and covered actions such as defragging the hard drive or the ability to alter the time zone of a PC, he said.

In certain environments such as government, compliance forces admins to turn all users into standard users with ‘least privileges', creating a problem that Windows 7 cannot solve.

BeyondTrusts' Privilege Manager gives companies a way to refine the level of security privileges down to individual users in a more refined way, a set of features Microsoft will probably have to offer in some form in future versions of Windows.
The disadvantage is that Privilege Manager is yet another layer of software for managing users and group policies using Active Directory, the advantage that it can unify user security for all versions of Windows, from Windows 2000, XP, Vista and 7.