Admin By Request 7 is about re-thinking the user experience based on the feedback we have gotten from our customers. As a systems administrator, the end user is your customer. The end user has to be happy and not feel taking a away admin rights is a pain. Therefore, we have focused on making the user experience even better and faster than before. To some users, the user experience is even better than when they had admin rights. Read on to learn what our thinking is, what we changed and why.
The first thing you will notice is a significant performance improvement. Because of this, the splash screen you were used to seeing with the previous versions no longer appears. It will appear in the lower right corner as a system notification only, if the operation takes longer than 3 seconds. You will most likely never see it.
User Account Control
One of the most common feedback is that it is annoying to users that frequently invoke Admin By Request (such as developers) that they have to enter credentials every time. This was originally a design choice, because with the yes/no option, you cannot be sure that the person you see in your Auditlog actually is the user it says, because the end user can always argue that someone else did it on an unlocked screen. This potentially represents a legal problem in case the Auditlog has to be used in a legal matter. However, in the real world, it is annoying to frequent users. You can now define in your setting, whether you want UAC to use a confirm or credentials pop-up, controllable through sub-settings. This means you can have the default global settings as credentials and sub-settings for trusted staff (such as IT) as confirmation.
That said – we had about 100 customers testing the beta version and we learned that most that participated intend to use the “Confirm” option for all staff. Therefore, the “Confirm” option was decided to be the default. This is also consistent with the Windows default, when you have full local admin rights.
We have also modernized the user experience to use latest Windows 10 design guides. Previous versions also had a skin option (default or black), but it now follows the user’s preference, unless you decide otherwise in your settings. The default is auto-detect based on user’s default Windows mode and therefore the default is now Black, as this is Windows default:
Here you can see the difference in a UAC confirmation box.
Branding is important to all our customers. The main reason is usually not so much that the logo and name go on user interfaces, but it adds trust to the end user. Here a logo was used in the web settings.
The two other User Account Control screens are the PIN code and reason screens. The reason screen is a two-in-one to save user’s time as the confirmation box does not appear first.
Admin By Request logo recognition
Another customer feedback is that it would be helpful to users and support personnel helping end users if it was more recognizable when Admin By Request is in effect and when it’s not. For this reason, the desktop icon for Administrator Sessions is no longer the UAC standard icon, but the Admin By Request logo:
When you work with Admin By Request, the logo is clearly recognizable as you work with it:
If you go to the App Store or Google Play an update is now also available to the mobile apps, where the icon is changed to the same one for consistency. The major news in these versions is support for widgets, which means you can now have your Auditlog or Requests on your phone background.
It is very common to pre-approve applications, especially if “Request approval” is enabled in your settings. Another common feedback is that a pre-approved application is already approved by IT, so there is no reason it doesn’t just start with administrator privileges without confirmation. There is now an option in pre-approved application that decides, whether there is a confirm box or not. If you do not use the confirm box, a small notification will appear in the system tray for 3 seconds to tell the end user that Admin By Request is in force.
A developer that had admin rights before will then see Admin By Request as an improvement in their daily work if you disable the confirmation, because with admin rights, they had to confirm every time Visual Studio (or similar) was started with admin rights. Now, if you pre-approve visual studio without user confirmation, they can just start using “Run As Administrator” and they don’t even have to confirm. Your developers is your bread-and-buffer staff and this will be a welcome change for them.
If you use credentials verification, the same notification will be visible to the end user, so they know that Admin By Request is in force. If you use the “Require reason” or “Require approval”, the notification does not appear, as the reason screen will be shown before the credentials prompt.