Sign in with
Sign up | Sign in
Your question

"You need permission to perform this action"

Tags:
Last response: in Windows 7
Share
December 26, 2010 12:38:03 AM

I tried to move a file to another folder and then I got that message. I find out that Windows 7 has implemented additional securities which is absolutely ridiculous! This does not benefit me at all, it actually makes everything very difficult. Why should I have to grant myself permission in the first place?

Is there a way how I can use my computer as a permanent Administrator? It's nonsense to go over each folder individually and grant myself permission.

Or can I just disable this useless feature?
a b $ Windows 7
December 26, 2010 2:52:34 AM

You can change or disable User Control Settings from the Control Panel's Action Center to stop notifying you, not recomended.
m
0
l
December 27, 2010 2:54:57 PM

Here is why User Account Control is so important:

Most operating systems have two or three different user modes. The highest level of which is known as "Super User". The super user can make any changes he/she wants to the system. When a person or program enters super user mode, it has access to every single setting and file in the machine. Without super user privileges, however, the program or person is subject to the security policies and permissions set forth by the system administrator and can be prevented from doing any serious damage. This is the very reason why Linux is so secure. In Linux, when a program or person wants to access a feature only available in super user mode, the system administrator is required to not only acknowledge the access, but enter his/her password as authentication for this feature.

When a virus attacks your computer, one of the most common types of attack is to enter super user mode and have its way with your computer. So, Microsoft decided to mimic the super user feature in Linux and develop UAC. UAC is also one of the biggest reasons why 7 is so much more secure than XP. In XP, any program running while an admin is logged in has super user access. This is why it was such a hotbed for viruses and other security vulnerabilites.

In Vista, UAC was introduced, but not refined. Users would often diable UAC because of the frequency of notifications, etc. However, in 7, this feature is much more refined and does a wonderful job of preventing malware infection in and of itself.

By disabling UAC, you are effectively stripping Windows 7 of at least 50% of it's security measures, if not more. You are allowing every single program or person to do anything they like to your system without your knowledge.

I myself have UAC set to the very highest setting on my desktop and have caught several applications/malware trying to modify things that they shouldn't be.
m
0
l
Related resources
December 27, 2010 5:27:39 PM

Psychoteddy said:
Here is why User Account Control is so important:

Most operating systems have two or three different user modes. The highest level of which is known as "Super User". The super user can make any changes he/she wants to the system. When a person or program enters super user mode, it has access to every single setting and file in the machine. Without super user privileges, however, the program or person is subject to the security policies and permissions set forth by the system administrator and can be prevented from doing any serious damage. This is the very reason why Linux is so secure. In Linux, when a program or person wants to access a feature only available in super user mode, the system administrator is required to not only acknowledge the access, but enter his/her password as authentication for this feature.

When a virus attacks your computer, one of the most common types of attack is to enter super user mode and have its way with your computer. So, Microsoft decided to mimic the super user feature in Linux and develop UAC. UAC is also one of the biggest reasons why 7 is so much more secure than XP. In XP, any program running while an admin is logged in has super user access. This is why it was such a hotbed for viruses and other security vulnerabilites.

In Vista, UAC was introduced, but not refined. Users would often diable UAC because of the frequency of notifications, etc. However, in 7, this feature is much more refined and does a wonderful job of preventing malware infection in and of itself.

By disabling UAC, you are effectively stripping Windows 7 of at least 50% of it's security measures, if not more. You are allowing every single program or person to do anything they like to your system without your knowledge.

I myself have UAC set to the very highest setting on my desktop and have caught several applications/malware trying to modify things that they shouldn't be.


Nice explanation, now I understand why it is important.

Can you tell me how I can have the highest level of security but at the same time giving 'myself' easy access to any file on the computer??

thanks!
m
0
l
December 27, 2010 5:46:02 PM

Android18 said:
Nice explanation, now I understand why it is important.

Can you tell me how I can have the highest level of security but at the same time giving 'myself' easy access to any file on the computer??

thanks!


In Windows 7 you can customize UAC to give yourself a user-tailored balance between ease-of-use and security. If you go into the control panel and hunt for UAC settings (I honestly cannot remember where this is) you can tell Windows when to ask you and when to leave you alone. It's all up to you and how you want your computer to operate. Some sacrifices can be made but you want to make sure that you're protected. Keep things such as system settings and program installations as a prompt. Other things like file operations can be left unmanaged if you like.

Me, personally, I don't mind taking the extra couple seconds to click the yes or no button if it means that I know exactly what is being changed on my system at all times. I'm kind of a security nut :p 

I'm so glad that you took what I said into consideration. There are not very many people who will listen to an explanation like that and actually listen. You get five bouncies:

:bounce:  :bounce:  :bounce:  :bounce:  :bounce: 
m
0
l
a c 209 $ Windows 7
December 27, 2010 5:57:19 PM

Android18 said:
Can you tell me how I can have the highest level of security but at the same time giving 'myself' easy access to any file on the computer??
You can't have both. "Any file on the computer" includes critical operating system libraries and drivers which could be replaced by viruses. "myself" includes any program that runs in your context, including stuff activated as a result of clicking web pages, opening emails, etc.

You shouldn't have access to critical system files from the account you normally use, otherwise you're asking for trouble. You don't need to deal with those files on a normal basis, on the odd occasion where you might need to do something with them then just sign onto a different account with administrative privileges.

If you need to access non-system files in a folder that's owned by another account, then just sign on to the other account and change the folder permissions to allow you "full control" access. After that you'll be able to do anything you want with them from your account.
m
0
l
December 27, 2010 7:05:35 PM

sminlal said:
You can't have both. "Any file on the computer" includes critical operating system libraries and drivers which could be replaced by viruses. "myself" includes any program that runs in your context, including stuff activated as a result of clicking web pages, opening emails, etc.

You shouldn't have access to critical system files from the account you normally use, otherwise you're asking for trouble. You don't need to deal with those files on a normal basis, on the odd occasion where you might need to do something with them then just sign onto a different account with administrative privileges.

If you need to access non-system files in a folder that's owned by another account, then just sign on to the other account and change the folder permissions to allow you "full control" access. After that you'll be able to do anything you want with them from your account.


You're then, however, defeating the purpose of disabling UAC. What you proposed is kind of a round about way of UAC.
m
0
l
a c 209 $ Windows 7
December 27, 2010 9:15:14 PM

Psychoteddy said:
You're then, however, defeating the purpose of disabling UAC. What you proposed is kind of a round about way of UAC.
I'm not sure what you're referring to. The occasional use of an administrative account when necessary? That's minimal exposure if you don't do risky activities like web surfing from that account. Changing the permissions of folders for another account? That's not a risk if they're not system folders (unless the other account that uses those folders normally runs with privileges).
m
0
l
December 28, 2010 11:51:22 AM

sminlal said:
I'm not sure what you're referring to. The occasional use of an administrative account when necessary? That's minimal exposure if you don't do risky activities like web surfing from that account. Changing the permissions of folders for another account? That's not a risk if they're not system folders (unless the other account that uses those folders normally runs with privileges).


Maybe I'm misunderstanding you. What I think you're saying is that this person should setup an administrator's account on the system and use the limited account for everyday use. What this does is effectively makes a very complicated form of UAC, whereby the user has to login to the administrator's account to make any changes to the system. UAC eliminates this necessity by keeping administrator accounts in a limited state until they need to make changes, hence the prompt. So, even though the account has administrator rights, the account does not have administrative capability until you accept the UAC prompt.
m
0
l
a c 209 $ Windows 7
December 28, 2010 3:23:19 PM

Yes, you're quite right that with UAC activated you can do pretty much everything you need to through UAC elevation. I still tend to use an admin account when installing software, though - a habit left over from my long days with XP.
m
0
l
December 28, 2010 4:08:56 PM

sminlal said:
Yes, you're quite right that with UAC activated you can do pretty much everything you need to through UAC elevation. I still tend to use an admin account when installing software, though - a habit left over from my long days with XP.


A good habit to have back in those days ;) 
m
0
l
a c 209 $ Windows 7
December 29, 2010 3:35:41 AM

Quote:
i still have to relog to administrator ( built in user ) to use cmd command powercfg -h off option ( to disable hyberfil.sys file )
That's because the Command Prompt window doesn't auto-elevate itself to obtain administrative privileges (neither does PowerShell). You need to:

-> Click Start, type "cmd" in the search box,
-> Right-click the "cmd.exe" shortcut and then click "Run as Administrator".

...then you should be able to use the powercfg command.
m
0
l
December 29, 2010 11:04:20 AM

sminlal said:
That's because the Command Prompt window doesn't auto-elevate itself to obtain administrative privileges (neither does PowerShell). You need to:

-> Click Start, type "cmd" in the search box,
-> Right-click the "cmd.exe" shortcut and then click "Run as Administrator".

...then you should be able to use the powercfg command.

Can has sudo? :p 
m
0
l
December 29, 2010 12:01:36 PM

I would rather have a windows7 warning then let something bad have it's way with my PC without knowing it....
m
0
l
a c 209 $ Windows 7
December 29, 2010 3:43:41 PM

Psychoteddy said:
Can has sudo? :p 
In Windows, the "RunAs" command in a command prompt window does what "sudo" does.

Off-topic, some sudo humour: http://xkcd.com/838/
m
0
l
!