Understanding How UAC Affects Maintenance Tasks

When working with Windows Server 2008, you often see the User Account Control (UAC) dialog box appear, which asks whether you really intend to perform a particular action. Although this dialog box can become quite annoying, it serves a useful purpose in alerting you of actions from viruses and other nefarious applications. Whenever you see the UAC dialog box and know that you've started a particular action, simply click Continue, and Windows Server 2008 continues the action (assuming that you have the proper rights).

The UAC features of Windows serve to increase security by reducing the chance that an application can perform any act on the user's behalf, without the user's knowledge. Windows Server 2008 assumes that all users - even administrators - are standard users. If you have an administrator account, you must elevate your privileges from standard user to administrator to perform many tasks. In most cases, this means clicking Continue when the UAC dialog box asks whether you really mean to perform a particular task.

Let's just say that the feature is incredibly annoying for anyone who spends the day performing administrative tasks, but it does serve a useful purpose and you may want to keep it enabled when your server has access to the Internet. Used correctly, UAC ensures that no one can perform an action on your behalf without your knowledge. Given that administrators have considerable power, this feature is especially useful to administrators who might become targets of nefarious individuals. After all, you don't want to suffer the embarrassment of being the source of viruses, adware, or spyware on the very network that you're supposed to protect.

However, UAC goes much further than simply asking whether you want to perform a particular task. In some cases, it can actually prevent you from performing tasks, despite your having an administrator account. For example, you'll find that Windows Server 2008 severely hampers your access to the Windows and System32 folders even with an administrator account. Windows Server 2008 meets any attempt to change anything in the folders with disapproval that is seemingly impossible to overcome. The same holds true for the root directory of the boot drive. Network drives are nearly impossible to access as well. In fact, except for your personal data folders, Windows Server 2008 is locked down so tight that many administrative tasks are all but impossible to perform, even with an administrator account. The bottom line is that Windows Server 2008 is all about security. Microsoft has thrown backward compatibility out the window to achieve some level of additional security.

Adding and Removing Standard Applications

Windows Server 2008 takes a different approach when it comes to applications than previous versions of the operating system. If you want to add or remove a Windows Server 2008 role or feature, use the Server Manager. However, when you want to work with third-party applications, you open the Programs and Features applet in the Control Panel.

Of course, you install the third-party product using the setup application provided by the vendor, just as you always have. The display shown for managing the application. Whenever you select an application in the list, the toolbar changes to show actions you can perform with the application. In this case, you can either change or uninstall the program.

The Tasks list includes three entries for other activities you can perform. When you click View Installed Updates, the list shown changes to show the Windows updates you have installed. You can use this display to manage your updates, much as you manage third-party applications.