Apr 16 2007
Vista design mis-features
Windows Vista? Microsoft Windows Vista? Microsoft Vista? What is this operating system’s name? In any case, it still has may niggly or broken features… I’ve noticed several strange behaviors of Vista since installing it to dual-boot on my MacBook Pro.
The first thing that caught me, as I discussed previously, was the way that Vista offered the user no information on why it didn’t want to install if the GUID/EFI Protected partition didn’t cover any other partitions on the installation volume before the one destined for it…. despite the fact that it shows all of the other partitions identically either way!
Not Microsoft’s fault this one, but after installing Vista I tried to start it under MacOS from physical disc using Parallel Desktop’s Boot Camp feature – which looked as if it was working, but then reported that it was unable to mount the Vista volume. I rebooted to Vista itself, and pressed alt+enter on the system drive to bring up the properties panel, and the machine rebooted. Fearing a corrupt installation, I wiped it and started again – but it turns out that, in fact, neither Parallels Desktop nor VMware Fusion are able to boot Vista from Boot Camp yet. Parallels will not allow it (albeit in a none-obvious way) whilst VMware Fusion will make a valiant effort, and propably corrupt the partition in the process.
Interesting point of note here: If you go to the disk properties panel and choose to run the Vista Check Disk utility with UAC enabled, it announces that you are trying to run a “potentially dangerous” “unknown application” from an “unsigned publisher”. For pity’s sake, Microsoft – do try harder!
A crazy piece of mis-deisgn? Vista identifies Wireless networks not by the base-station MAC address – that would be far too sensible. No, instead it uses the Network Name (ESSID) as the unique (cough) identifier. What does this mean? If I change the name at all, but keep everything else the same, I have to re-authenticate. Well, fine – it’s dumb, but I’ll let that one slip. What really frustrates me is that I can never connect to two different networks which just so happen to have the same name but different security settings! I had already saved the details for the (WEP – because that’s the most security that a Nintendo DS can handle) network I installed at my parents’ house. It just so happens that, due to a configuration mistake that wasn’t worth fixing several months ago, both their network and mine at home have the same ESSID. Since my network uses WPA2, though, Vista tells me that “the saved security settings do not match the security requirements of the network”! Argh!
(MacOS handles this without the batting an eyelid, incidentally)
Looking at software, Internet Explorer 7 seems to randomly enable or disable Protected Mode every time it is launched with no rhyme or reason. Beats me as to why.
Related to networks again, I recently booted Vista at work. Being an unrecognised wireless client, my DHCP server allocated it an address in a restricted subnet where it could do little damage. I needed access to a network share, though, and so added the machine’s MAC address to the authorised clients list. Fine – MacOS could see the shares. Vista, however, just would not relinquish the former IP address, despite a reboot and repeatedly repairing the connection. “Fine”, I thought, “I’ll use the old ‘ipconfig /release then ipconfig /registerdns to fix this” (… and yes, I’ve been able to think in teletype for several years now 🙂 ). However, even as a Power User (or whatever the stanard Vista used is called these days) I didn’t have the security access to run either of these. “No problem” I thought, remembering the “runas” command. However, “runas” requires the Administrator account to be enabled, which is isn’t by default. How, exactly, is it possible to run a command-line utility such as this under the Vista security scheme?
Final thought for this evening – Vista is slow. I’m not talking about Aero, which is relatively nippy on the ATi Radeon X1600 in my MacBook… I’m talking that I was copying 4.39Gb(!) of backups from the old XP installation back onto the machine via 100Mb ethernet. … and ….. it ……. crawled. I’d just copied the same data off from MacOS, and the OS speed was totally unaffected and it completed in about 10 minutes. Copying it back via Vista was just painful – I’d started writing this article, and at one point I’d managed to type three lines ahead of what IE had actually managed to render to screen! Plus, the completion gauage rose to about 75% within the first few seconds – at which point the copy dialog said “4 hours remaining”. After doing very little for about 20 minutes (and still at about 75%) the entire window disappeared. Now, it turns out that the copy had completed, apparently successfully – but this was entirely non-obvious, the copy dialog is hideaous inaccurate and totally misleading, and the whole process took at least twice as long as on MacOS!
Bah!
Chris Buckley
17th April 2007 @ 12:21 am
> How, exactly, is it possible to run a command-line utility such as this under
> the Vista security scheme?
Easy! Start > type ‘cmd’ into the search box. Then, right-click – ‘run as administrator’.
Done!
Stuart
17th April 2007 @ 1:08 am
So, hold on – let me get this straight:
If I use the “runas” command under a cmd window, it fails because the Administrator account is disabled, but if I right click on the search-box (or the resulting found icon?) in the start menu (obvious, mais-non?) then I can happily run the entire shell as the (disabled) Administrator user?!
Does that seem sorta crazy to anyone else? It makes my brain hurt.
‘sudo‘s had this down to a tee for years – why does Windows make everything so damned difficult?
Chris Buckley
17th April 2007 @ 10:12 pm
Not wanting to defend Micro$$oft here, but they’re simply following sudo’s approach; whilst the administrator account is disabled, yes, they are allowing you to elevate your privileges (ala sudo) to run a command as administrator (nee root) when you require so.
So, you never need touch the administrator account – you simply escalate your privileges when required using ‘run as administrator’.
Stuart
17th April 2007 @ 11:46 pm
So they now have two different privilege-elevation systems: The graphical “Run as administrator” which works even when the Administrator account is disabled(!) and the “runas” command, which isn’t a great deal of use out-of-the-box, because it (rightly) won’t allow commands to be run against disabled accounts – which is how the Administrator is setup.
It strikes me as another case where they’ve seen something good, tried to copy it, but missed the point: How this should work is that the Adminstrator account is enabled, but that you can’t log in as this account, no matter what. The graphical “Run as Adminstrator” and the command-line “runas” can then function identically (as would make sense), both sensibly using the now-available Administrator account. Indeed, this is exactly how the root account on MacOS works, with access if needed with “sudo”.
The problem with “Run as Administrator” when applied to a command prompt is that it’s not very fine-grained: Firstly, if I want to run one command with root privileges securely then I have to start a new command prompt for it, losing the environment of the one I’ve been working in. Once this new command prompt with elevated privileges is opened, everything run from it has elevated privileges. And finally, I can’t decide half way through a session that I need to do something as Administrator – it’s all or nothing.
Proof, if ever t’were needed, that Windows is really not designed for any amount of none-graphical use… and it appears that it has recieved little testing as such.