Microsoft earns a B+ from us for what it has achieved in smartly streamlining UAC while preserving security. It was clear that the software giant could do better, and that's why earlier Computerworld articles were critical, even when the product was still an immature Beta 2. The danger with UAC overprompting is that users will become numb and just click OK on every permissions box and warning, without giving it much thought. That effectively has the opposite of Microsoft's intended effect -- not to mention the fact that the user experience is eroded, too.

The file-permissions frontier

Despite improvements to UAC in several areas, there is one aspect that still needs deep consideration by Microsoft.

File permissions in Windows XP are a nightmare, especially on small, trusted networks such as small business and large home peer networks. When you have the NTFS file system installed, and you disable "User Simple File Sharing" in the Folder Options Control Panel, you're left to guess at how to properly configure protected folder sharing for special folders like your whole hard drive, your desktop and you Program Files folder -- unless you follow Microsoft's protect-you-from-yourself file- and folder-sharing defaults. If that's the case, you might as well stick with Simple File Sharing.

Vista's approach to user data complicates this. For security and other reasons, Microsoft is prescribing specific folders for specific types of data. This is probably preferable in buttoned-up enterprise environments -- although it will require many IT shops to think about how to roll out Vista. That's because if you set up user data outside of these prescribed folders (especially on dual-boot or Vista upgraded machines), you can sometimes find yourself having to approve a UAC prompt every time you try to access those folders. In some cases, you'll even be denied access.