Thanks Ben--that is what I was thinking it would do, but I wanted to be sure. In our case, I want to make sure we all at least see the prompts. Most admins here are pretty good about knowing if they ran something, so tacit consent is not what we are looking for--I think we'll leave it on for now.
The scenario below is not a common one, but just something I could think of that might be able to happen. -B -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, July 15, 2009 7:39 PM To: NT System Admin Issues Subject: Re: UAC--argh... On Wed, Jul 15, 2009 at 4:39 PM, Miller Bonnie L.<mille...@mukilteo.wednet.edu> wrote: > So question on disabling AAM-Wouldn't that defeat the "malware protection" > component of UAC ... That assumes that, the unknown admin, having been conditioned to click "Allow" every time it pops up -- because it pops up constantly during admin work -- won't just click "Allow" when the malware triggers the pop-up. Remember: They're logged in as an admin to do admin work; they're expecting AAM prompts. (If you have people who log in as admin when they *aren't* doing admin work, that's a problem, regardless of UAC/AAM. But it doesn't sound like you do that.) > Assuming nothing else catches it (AV, etc), would disabling AAM > allow it to run without consent? Sure. What if the admin unwittingly double-clicks the malware because (s)he thinks it's the executable they want? We can come up with any number of scenarios to defeat any number of counter-measures. At some point, basic competency has to take over. As far as malware via USB drive goes, I strongly recommend blocking AUTORUN.INF, which stops malware from in any way promoting itself. But the operator can still run it the old-fashioned way, by clicking on the malware executable directly. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~