So I’m belatedly migrating off of WindowsXP for my main desktop computer - Windows 7 seems really nice so far, but I’m looking for advice:
do people generally leave on UAC or turn it off?
the auto-security/firewall settings are already sort of bugging me - do people generally turn them off? It seems like having that stuff constantly on bogs system resources, although I have a ton of RAM in this computer so maybe that doesn’t matter. I’m just used to stripping out all the unnecessary stuff to streamline my computer and get the most of my resources. Not needed?
any other setup tips, or things I should turn on/off?
I totally disable UAC and System Restore. Otherwise, I don’t change anything. Win 7 does a pretty good job of managing resources and releasing RAM for applications as needed.
I’m the other way around – I not only leave UAC turned on, I run as a non-priveleged user and have to enter a password whenever I want to do admin-ish stuff. But, I’m not exactly typical.
Overall – just leave things be, there’s nothing you need to turn off or on, Win7 pretty much just works straight out of the box.
UAC in Win7 is more configurable than it was in Vista. If you set it one level below maximum (“Annoy me constantly about everything, no matter how insignificant!”) it will only pop up occasionally, like when you are installing a program (after checking, I realized this is the default setting now).
I haven’t really tweaked much in Win7. It’s the first version of Windows that really got a lot of the defaults right (or matching my preferences, anyway).
Lots of people turn off UAC for convenience, but I actually find it handy to keep things from shitting up my program files and system directories unless I specifically want them to. I use the UAC setting of "notify me only when programs try to make changes to my computer (do not dim my desktop), which is one down from the default. If you know what you’re doing, it’s pointless when it prompts you to run elevated-only windows tools, so really you’re just preventing against dangerous files off the internet with the dimming.
The firewall shouldn’t affect the speed of anything at all.
Personally I disable all anti-viruses except when I specifically want them, because those do have a big speed impact, and I never do anything dangerous.
I recommend running Windows 7 like Talisker; leave UAC on with no changes, and remove your user from the Administrator group. (Tip: enable the Administrator-account first, it’s disabled by default. I forgot this, and that caused some extra work, but all tools for fixing it are included with Windows 7). It is slightly annoying being prompted for passwords, but it can really increases the security (and stability) of your system a lot, and I’ve found the peace of mind is worth it. This also means there is a lot less danger in letting someone (children, spoeses) use your account; they can’t really harm the system.
If you do this, and actually consider wether to enter the admin-password when prompted, you do not actually need a virus scanner. (I use one anyway though, and I also limit some operations to virtual machines for added security. I’m probably still not paranoid enough).
Running non privileged actually works really well in Vista and Windows 7. In XP it didn’t really work; several applicaitons, like Window Explorer, had some strange issues when running non privileged. In Vista I did turn off the dimmed desktop, but in Windows 7 it is a lot less jarring, so I’ve just left it on.
I don’t see how removing the main account from the admin group enhances security. UAC already prompts you when any elevated operation is attempted. Malware is either foiled by that or will attempt to bypass such security entirely, not guess at your password.
UAC is bypassable (Microsoft does not consider it a security hole in Win7 if programs are able to do privileged operations without popping up a UAC prompt); not being an Administrator is not bypassable (i.e., if it’s possible, Microsoft considers it a security hole and will put out a patch).
You may very well be correct. And I know this is what Microsoft claims. But I am not convinced that the UAC “speed bumps” are as good as running admin tasks with a separet user account/separate credentials.
RAR decompression has nothing to do with UAC or limited user accounts. You probably tried to write to a protected directory without getting access elevation first.
I am seriously thinking about taking the same journey, but the thought of re-installing everything is causing me to drag my feet. Are there any shortcuts (that actually work), or do I need to just bite the bullet, do my best to find as many of the original disks that I can, and figure on a few days of swapping disks, downloading upgrades, and re-downloading steam, etc. programs?
It saved my butt a few weeks ago when something went haywire and I couldn’t even boot to safe mode. I booted up off of the W7 DVD, picked a backup from 2 weeks prior, and everything was fine again in 5 minutes. I would leave it on.
