UAC Policy Settings

The new UAC blog (formerly LUA, formerly UAP) has up a good post on the six security policy settings that have been introduced to control how UAC works.  As the Vista betas start coming out and people can start to play with UAC, knowing that some of these knobs are available can certainly be helpful.

I've been spending time lately driving putting UAC manifests in all of the CLR tools, so I've got a bit of experience with this feature.  It's certainly much easier to use than running as non-admin today, and is something that I can see being able to teach non-techie people how to use properly.  From my experience, I think the security setting that's going to be most interesting is number six, "Virtualize file and registry write failures to per-user locations".

I'm sure the UAC blog is going to have future posts on virtuilization and how it works, and not being on that team I'm not going to cover those details.  However, virtuilization can have some interesting and unexpected side effects, so if you've found that the applications that work on your machine can run without virtuilization it might be one option to consider turning it off.