Errm...you don't have to do that at all, normal practise is to run certain files in admin mode giving you the necessary permissions. Nothing there at all about disabling Windoze protection at all
The selectable admin setting is purely there to prevent some sausage fingered biff deleting half of Windows when he comes back from the pub on a Saturday night for a few games of online poker...
Yes, lots of (bad) install processes will require you to go through a UAC rights escalation challenge because the Program Files directory is protected (and for good reason since a lot of automation is allowed from those directories). Windows manages all of this on its own and it's part of the protection layer that ensures program integrity is maintained. A well-handled UAC integration means that the challenge screen pops up, asking you to confirm an alteration, and then you will not see it again. If the situation is so poorly handled that the screen does not pop up, or becomes so persistent that it
never stops popping up, your program is flawed and you need to alter it to integrate with UAC properly.
What they're describing in that post is how you disable that integrity protection — seemingly as a work-around to how the UAC challenge does not trigger and instead just, entirely correctly, disallows all the changes the launcher is trying to make — a process that leaves all your programs open to any and all alterations from your, from the original developer, or from third parties. On top of that, the reasons they state for doing any of that are just outright
factually wrong — they're making claims about what you can and can't do that directly contradict reality.
There is
never any reason to disable any part of UAC or to mess with directory permissions and ownership of core windows folders — any requirement to do so is at the very least utter incompetence, and even borderline dangerous. It harkens back to the Windows 98 era when users had the right to do anything anywhere, but over the last two decades, even Windows has implemented a security model that disallows that and yet lets program developers interact with the permissions system in a way that keeps everything neat and tidy. If the developer does not know how to work with UAC, they are not qualified for making Windows applications — it's really as simple as that. The whole hubbub surrounding UAC back in the Vista days was exactly that: good protection was finally in place, but Windows programmers were to stupid to work in a protected-mode environment and blamed MS for their own incompetence.
Turning UAC off, changing permissions on the Program Files folder, changing ownership of the Program Files folder — these are signs of complete stupidity, ignorance, incompetence, and an absolute disregard for the safety of the target system. It is nothing short of idiotic.
In that “tech support” page, CIG are telling you to turn off UAC, change ownership on the Program Files folder, and changing the permissions for that folder. They're explicitly telling their users to create a critical security flaw in their system. There is no simply no excuse, nor any hiding what this tells us about CIG's programming chops.
Jesus bleeping christ, I knew CIG were filled to the brim with rank amateurs but this kind of braindeadness just goes beyond the pale — it's borderline malicious.
support.robertsspaceindustries.com
