Just as the title asks, do those of you using Windows 7 (or even Vista) with SageTV just disable UAC or do you deal with it's intricacies of file access and such?

I've made the switch to W7 on my server and am probably going to disable UAC on it unless I hear from others who give me a compelling reason to not disable it.

There are ways to keep sage and not deal with the UAC complications. First, you can create the Program Files\SageTV Folder prior to install, and change it's permissions to allow Authenticated Users full rights. This will prevent windows from redirecting 'unauthorized' changes to the VirtualStore. Alternatively, you can install Sage in it's own Folder (C:\SageTV or such) outside the protected Program Files structure.

For me it's just easier to get it out of the way. I've disabled it since it came out. Both on Vista and Win 7. I was careful enough not to need it for Win XP so I don't see me needing it now. If you do disable it you need to do it before you install any applications. If something were to happen and a rogue process from malware or a virus started up it should be simple enough to just enable it again to help start the cleanup process.

Gerry

just enable it again to help start the cleanup process.

It really doesn't work that way. If anything, enabling it after malware is on there, might actually make it HARDER to clear up, as it will assume everything is valid, and prevent you from messing with valid programs. The REAL solution would be for Sage (and all other apps) to follow windows programming guidance, and have all plugins and configuration options in user space.

I left it on. Didn't cause any problems.

This is how I'm currently working around it and leaving it on.

http://forums.sagetv.com/forums/showthread.php?t=45142

I don't think it's a good idea to disable UAC, unless you're strictly using that system as a DVR and/or local media player only. Once you're using it for online access, it's better to keep UAC. As mentioned above there are workarounds to keep everything in one folder, if that's desired.

Too much of a hassle to get things to work correctly.

It really doesn't get in the way of anything, just install sage in it's own folder. No tweaks or anything.

Can you disable it while you're configuring your PC and then enable it again once you're done, or would that be a problem?

no, that wouldn't be a problem, but as said, I can't think of any configuration it would conflict with, if you simply change the install directory

Personally, I like Fuzzy's approach... or just turn it off.

I can't seem to find anything that indicates that it makes the system any more secure.... other than a security via obscurity... and in most cases, it just seems to confuse the hell of people. I'm not sure what MS wanted when the came out with UAC, but I'm can't imagine that they've gotten right.... yet. I think it would have made more sense to just not allow a regular user to write to the program files area after the application was installed, since that what this is trying to accomplish in a very over complicated, non useful, ms way.

But, using Fuzzy's idea, which i'll probably start using as well, I don't have to worry about windows magically and virtually storing my writes to some other location, other than the one that I intended.

Why I just disable UAC altogether:

http://www.dailytech.com/article.aspx?newsid=16725

All UAC does is split up your login token so that when you log in to the desktop even if you're in the Administrators Group you are logged in as a typical user with only those permissions. UAC's only job is to prevent processes from running at the Administrator level on your box. It doesn't stop or prevent antivirus or malware from infecting your PC. You'll can still get infected but it will reduce the damage done by it. It just prevents administrator-level writing from occuring to any folder under Program Files and redirects it. That is why it is not a big deal to disable it. Only your "run as administrator" menu command truly runs as the administrator. Without UAC it runs like it did in previous versions of Windows. And it makes it easier to troubleshoot any issues you may have. Perform your due diligence and just pay attention to what you're running on your SageTV server and you'll be fine.

Gerry

Only your "run as administrator" menu command truly runs as the administrator. Without UAC it runs like it did in previous versions of Windows. And it makes it easier to troubleshoot any issues you may have. Perform your due diligence and just pay attention to what you're running on your SageTV server and you'll be fine.

Gerry

Unless your account is an admin. In that case you run everything with admin rights, if you disable UAC. But yes, it really depends on what you're planning to do with that system.

Unless your account is an admin. In that case you run everything with admin rights, if you disable UAC. But yes, it really depends on what you're planning to do with that system.

Correct. The safest way to run a system is to disable the Administrator account and create a different named one. Your normal log in ID should only be a typical user, not an administrator. Microsoft is just forcing the issue with UAC.

Gerry

I'm about to move my server to Windows 7 also, just to update the OS and possibility of using SageMCTuner whenever its ready. I plan to run it with UAC off. Are there any other issues I should be anticipating?

I have an HDHR and HD-PVR, plus firewire channel changing to a Motorola QIP-7100 from Verizon FiOS. I run stock STV and PlayOn, thats about it.

Probably your firewire channel changing may be the one with the most issues. It will also depend if you're moving to 32 bit or 64 bit. With 64bit giving you the most driver issues. UAC off will not create any issues for you. Firewaire issues are based on some posts I've seen from other users that have made the move to Win 7. Playon I have running on Win 7 64 bit. HDHR and HD-PVR all have 64bit drivers.

Gerry

Gerry

I'm going with Win7 64bit.

Thanks for the info. I'll have to look into the firewire issue. Is the FirewireSTB 64bit driver simply not available?

AFAIK there isn't a 64bit firewire driver. So that is the main issue.

Gerry

hmm, makes me rethink it, probably 32bit is the better choice.

Personally, I like Fuzzy's approach... or just turn it off.

I can't seem to find anything that indicates that it makes the system any more secure.... other than a security via obscurity... and in most cases, it just seems to confuse the hell of people. I'm not sure what MS wanted when the came out with UAC, but I'm can't imagine that they've gotten right.... yet. I think it would have made more sense to just not allow a regular user to write to the program files area after the application was installed, since that what this is trying to accomplish in a very over complicated, non useful, ms way.

But, using Fuzzy's idea, which i'll probably start using as well, I don't have to worry about windows magically and virtually storing my writes to some other location, other than the one that I intended.

UAC is an artifact of MS's desire to provide backwards compatibility and provide a more controlled system for accessing "protected" resources. It's not perfect by any measure, but having a restricted token w/ explicit opt in for administrative tasks is better than nothing.

Sage (and other applications) shouldn't be storing config files in the executable files store (ProgramFiles), they should be using ProgramData. If an application has issues w/ UAC it's because that application doesn't follow the rules. That said, MS is partially to blame for creating the environment where the rules could be ignored easily (default user in XP was an admin).

Personally, after installing Sage but before starting the service I change the permissions on "%ProgramFiles%\SageTV" to allow Users full control. Then start the service.

If Sage wanted to, they could include this step in the install script and save us all the trouble.

...Personally, after installing Sage but before starting the service I change the permissions on "%ProgramFiles%\SageTV" to allow Users full control. Then start the service.

If Sage wanted to, they could include this step in the install script and save us all the trouble.

That is a very good idea. Matter of fact I think I'll mention that in a request to SageTV devs.



Thanks to all for the advice!!! This thread shows how many different ways you can deal with it.

Microsoft admits that UAC isn't a real security fix, http://blogs.msdn.com/e7/archive/2009/02/05/update-on-uac.aspx

Basically if your running as a non-admin user, your safe. If your an admin, and UAC is not cranked all the way up, your not safe. Yes it's extreme but any halfway decent script kiddie can get around UAC unless it is cranked all the way up. So if you're an admin, and you don't have it cranked all the way up, you mine as well turn it off.

Microsoft admits that UAC isn't a real security fix, http://blogs.msdn.com/e7/archive/2009/02/05/update-on-uac.aspx


FWIW, that only applies to the implementation of UAC in Windows 7.


Basically if your running as a non-admin user, your safe. If your an admin, and UAC is not cranked all the way up, your not safe. Yes it's extreme but any halfway decent script kiddie can get around UAC unless it is cranked all the way up. So if you're an admin, and you don't have it cranked all the way up, you mine as well turn it off.

You're never completely "safe" in any scenario running sw that you didn't write (only speaking re. malware not self inflicted bad programming ;)) or that is connected to a network. That said, in any scenario the biggest security hole is the user.

If you can run as a restricted user, that is the best but difficult for normal people. I did this on XP, but you need to be pretty handy w/ regmon and filemon to make it work. Running w/ UAC (cranked up all the way in 7) is a decent alternative because at the very least you get redirection so the non-rule-following applications [generally] don't crash and burn.

IMO MS shouldn't have created the middle options and excluded their own binaries from explicit elevation, but I understand why they did.