Dear Microsoft –

Well, my old ThinkPad laptop finally got too long in the tooth to be useful, so I bought my first PC with Windows 7 installed.  Wow, what a difference.  Now I finally understand those “Windows 7 – it was my idea!” ads you were running awhile back.

I sell a software system I designed to law firms, so I was already aware of some of the fabulous Windows 7 features.  I want to thank you for those, because they keep me busy.  Once my clients started switching to Windows 7, I went from almost never receiving tech-support calls to receiving them on a regular basis.  That’s when first discovered that you had incorporated one of my favorite ideas:

When an installation program creates a new folder and writes files to that folder, the files should all default to being read-only with permissions denied to everyone.

“This is Tom Naughton, may I help you?”

“Yes, I’m trying to attach the database, and I know I’m doing it exactly like you showed in the tutorial, but I keep getting an access-denied message.”

“Hmm, let’s fire up TeamViewer so I can see your system.  Okay, the database files are in the correct folder … the script is pointing to that folder … what the? … Let me look at the permissions … Oh, boy, everything is set to read-only and permissions are denied to everybody.  You have to manually grant yourself permissions on the database files.”

“I have to give myself permission to use the database files I installed on my own PC?”

“Yes.”

“I have no idea how to do that.”

“Well, you right-click the files, then choose Properties, then Security, then you have to click the Continue button, then … ah, never mind, I’ll do it for you.  Let me take control for a few minutes.”

I never got that call when my clients were using Windows XP, and I have to tell you, it’s great to get to actually talk to so many of them on the phone.  With email and Facebook and Twitter and all that, people just don’t spend enough time actually talking.

Here’s another one of my ideas I already knew you had incorporated:

Some common folders should be automatically marked read-only, and when users de-select the read-only option, the folder should remain read-only even after they click the Apply button — with no warning that the read-only setting wasn’t removed, of course.

I learned about that terrific feature when I started hearing from clients that they could no longer use the mail-merge feature of my software.  As per your instructions, my software installs itself in the Program Files directory.  It’s been doing that for several years without creating any problems.

So you can imagine my surprise when (after several hours of detective work) I realized the mail-merges were failing because sub-folders created within the Program Files directory are read-only and – this is the fun part – that setting can’t be changed by anyone!  Since my software could no longer create a mail-merge data file in a permanently read-only folder, the merges failed.

Brilliant!  What kind of crazy software program would ever need to write a data file inside one of its own folders?  You must have had countless software vendors beg for that read-only feature – because again, that gives us the opportunity to spend time on the phone with our clients as we walk them through moving a program out of the Program Files folder.

But I didn’t realize just how many great ideas you incorporated into Windows 7 until I bought my own Windows 7 PC and started trying to install software.  I know from working in corporate environments that the corporate IT people in charge of PC security believe the ideal computer is one that doesn’t allow anyone to actually do anything (we all stay out of trouble that way), but I didn’t expect you’d apply that philosophy to an operating system with “HOME” in the version name.  Pure genius.

I really appreciate the multiple warnings whenever I try to do something that would make the computer useful.  For example, I double-click an installation program, select “I agree” on the license-agreement screen, enter my serial number, and then – BANG! – up pops a dialog box:

A program is attempting to make changes to your computer.  Do you want to allow this?

Thank goodness for that feature.  I can’t tell you how many times I’ve accidentally double-clicked an installation file, agreed to a license and entered a serial number, only to discover to my great horror that this series of inadvertent mouse-clicks and keystrokes was about to make changes to my computer.  Always being given another chance to correct this situation was my idea.

And I especially appreciate the constant warnings that only an Administrator can do whatever it is I’m about to do.  Sure, I made myself an all-powerful Administrator on the PC immediately, but the ego-boost was disappointly brief.  So I enjoy being reminded of my lofty position when I’m presented with frequent dialog boxes that say, in effect:

Only someone in the powerful role you already occupy can do this.  Click OK to continue, Oh Mighty One.

That was definitely my idea … as was this one:

When people logged into the PC as an Administrator copy files from a backup drive, they should have to go through several steps to grant themselves permission to use the files before actually using them.

Again, even with an operating system clearly named as the “HOME” version, you can’t be too cautious about security.  Just because you’re an all-powerful Administrator, that doesn’t mean you should start accessing files willy-nilly without having to take a moment and reconsider whether or not you want to give yourself permission to do so.  You may just decide you’re not trustworthy and refuse to grant yourself access.

It was also my idea to keep Administrators on their toes by making them consciously run installation programs as an Administrator even though they’re already logged in as an Administrator.  You’d be surprised how often Administrators get lackadaisical about this.

Just today, for example, I was attempting to install a package of programming tools, only to see the installation roll back time after time after the progress bar had reached 90%.  So I had to get on the phone and call a tech-support person (who no doubt appreciated the opportunity to talk to someone for a change).

“Oh, in Windows 7 you have to install that package using Administrator privileges, or it will fail.”

“But I am an Administrator.”

“Yes, but if you just double-click the .exe, you’re not installing it with Administrator privileges.”

“Say what?  I am the Administrator.”

“I know, but instead of double-clicking the .exe you have to right-click it and choose Run As Administrator.”

“So I’m the Administrator, I’m logged in as the Administrator, but if I just run the installation program, I’m not installing it as an Administrator?”

“That’s right.  You have to choose to do that by right-clicking and then clicking Run As Administrator.  Otherwise you’re not installing as an Administrator.”

“Even though I am the Administrator?”

“That’s right.”

“Who the @#$% thought that was a good idea?”

Then I remembered:  I did.

Windows 7 … it was my idea.

Thank you, Microsoft.

  • Facebook
  • Twitter
  • Share/Bookmark
10 Responses to “Windows 7 Was My Idea”
  1. Sam Mackrill says:

    Tom, looks like you have been ignoring Microsoft best practices! Now Windows-7 has decided to bite back :)

    http://stackoverflow.com/questions/946420/allow-access-permission-to-write-in-program-files-of-windows-7

    Microsoft is slowly turning into IBM, deciding they know what’s best and created hurdles for others to jump. I can understand blocking writing a file to the root drive, designated system drives, etc., but blocking writing a text file to my own software’s program folder? Ridiculous. And this whole hyper-security issue with Administrators having to grant themselves permission to do anything — on a HOME version of Windows — is just stupid.

  2. As an end user, there are quite a few things about Windows 7 I like. As a software developer, I’d convert the entire free world to Linux in a heartbeat if I had my way.

    I’ve never used Linux, but Windows is really starting to annoy me as a developer.

  3. John Hunter says:

    Well, at least you didn’t come up with vista.

    I heard the horror stories and avoided Vista.

  4. Elenor says:

    I wish I could laugh…. but having struggled with all these things… (and do tech support for my 89-yr-old mom across the continent {wince}), I feel your pain Tom!

    Microsoft is trying to become the nanny-”state” of the world, by requiring us to pay regular taxes (buy upgrades); do things their way (legal and illegal, and no sense to either) and their way ONLY (no more customization); and keep up or be marginalized in an unsupported environment (yes, my netbook still runs WinXP). (Heck, my late husband’s business machine still runs on Win 98! And I can’t change it because his accounting program is so old.) (My new accting program, on my machine, runs in Win7.)

    I DO (finally, usually but not always) love Win7. So, now, of course, I am looking at Win8 with great trepidation and dismay: there is NO WAY I will ever be using a touch screen on a desktop! (Can you imagine having to reach up from the keyboard to touch stuff on the monitor?!? We thought we had backaches and carpal tunnel before!!)

    But I’ve had to ‘bolt-on’ several “fixes” to make some of WIn7 work the way I want. (old XP-style start menu… love that!) Have you run across the stupidity in Windows Explorer — where when you close an external drive or MP3 player, Explorer closes itself — cause you could never want to look at any other folder after having looked on an external drive… (ARGH!) Or the idiotic “folders” view down the left pane — which does NOT go to the folder you’re looking at in the right pane?!? Oh well, at least the Windows world doesn’t call their internal tech support folks “geniuses.”

    I’m running across those issues, plus I discovered a new one: My Windows 7 PC can’t see my XP machines on the network and vice-versa. Apparently Microsoft decided no one would ever want to keep an XP machine around after getting one with Windows 7.

  5. Jason says:

    You can still see machines that are on your network – you have to make sure that they are all in the same homegroup in order for them to associate with each other. It’s always been this way, but the default homegroup name has changed since XP.

    Windows 7 has a lot of new features which actually does make development quite a bit easier, but by far the best is their virtualization support. It’s never been so easy to switch between test environments for your programs.

    I have always found that it’s meaningless to add UAC warning messages that you need to be an administrator to perform certain tasks. A skilled administrator usually knows which programs will cause changes to their machine, and will avoid using malware regardless of these warnings. A less-savvy user ends up getting used to just allowing access to whatever asks for it, and as such grants malware permissions when it asks just as a matter of course. It’s one of those loud features that make it appear like Microsoft cares about enhancing security, without actually helping anything.

    I can’t seem to add an XP machine to a homegroup, which as far as I can tell can only include Windows 7 machines. I was able to add them all to a Workgroup, they saw each other on the network for awhile, then stopped. By contrast, my Mac Pro simply recognized all my Windows machines (XP and 7) on the same network without me doing anything.

  6. Underground says:

    But, but, it’s a FEATURE. Thank you microsoft.

    There are some things I really like about developing on the microsoft stack, but there are constantly stupid things like that pissing me off too. As a company they seem to be in a constant battle with themselves to *almost* get it right. I’ve disabled many of those win 7 “features” that I’m able to.

    More like apple every freakin’ day.

    I’d say more like IBM.

  7. Richard says:

    Oh that annoying UAC (at least they improved it since vista)

    in win7 any admin has two user tokens, a admin token and a plain user token.

    BTW if you use SQL w/ managment tools you have to run as admin if you want the managment tools to properly auth with the DB unless you explicitly grant that user account access (ie if you just grant the local admins group sql admin rights (as I offten do) then a user thats in the group but running it as a plain user can’t auth with the DB via windows auth)

    Oh the two auth token thing gets very annoying, the upside is in theory it would stop a virus (in theory)

    BTW if its to annoying UAC can easily be turned off, or turned to max (win7 default is one below max)

  8. Richard says:

    For win7 computers and win XP computers to easily co-habitate on a network you’ll want to do the following

    1. Ensure the “computer browser” service is set to auto and is running (on win7 it might not be but its been awhile since I looked at a stock install)

    2. Match workgroup name

    3. set the windows firewall to off for home network

    4. ensure matching usernames and passwords (that one burned someone I work with for awhile) also ensure there is a password

    And just because its annoying turn off UAC

    btw while the “pretty” areo stuff may not be something you care about if its disabled it’ll move hte rendering from the GPU to the CPU (ie a bad thing)

    Thank you, I’ll give it a shot.

  9. Gerard says:

    The issue with XP (and it is my favorite Windows OS) is that everything runs as admin if you login as an admin account.

    One time this very site had malware buffer overrun on it and I was sheilded from it simply because I got one of those “firefox is trying to do some crap do you approve”…. I kept clicking no. It is a handy feature to have approval escalation because if you see those windows kernel warnings and your NOT doing something like installing a program…..

    Then again im a UNIX nerd and prefer to run all my apps with out the ability to do much with out explicity telling them they can….. and how much malware is there for UNIX based operating systems as a result – think of Mac (BSD Unix)…. and every flavour of Linux. Malware doesn’t spread because it generally doesn’t have the privlidges to do so.

    Saying all that for my parents who always got malware I just set there accounts up as non admins for XP and team viewer in every time they need to install stuff. Got sick of them coming down with crap of which I had to come in a fix.

  10. Ryan says:

    Bahahaha…thanks Tom.

    downloading Fedora 7 as I type.

  11.  
Leave a Reply