Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Running Windows Without Administrator Privs? 239

Posted by Cliff from the got-root-but-don't-want-it dept.
javacowboy asks: "For a while now, I've been advising friends who run Windows to try running as a regular user, as opposed to running as administrator, which is the default setting. However, I switched to Mac a year and a half ago and I haven't run Windows since, so I'm probably not the best person to be giving this advice. Still, on a philosophical level, *trying* to run Windows as a non-admin, given the prevalence of viruses, worms, trojans, and spy-ware, seems to make sense. Have any of you tried to run Windows as a non-admin, and how did it work out for you? Are there certain tasks or certain software you need to be admin to run? How realistic is it to expect a Windows user to run their OS as non-root?"
This discussion has been archived. No new comments can be posted.

Running Windows Without Administrator Privs? More

Running Windows Without Administrator Privs?

Comments Filter:

  • one experience (Score:5, Informative)

    by yagu ( 721525 ) * <yayagu@[ ]il.com ['gma' in gap]> on Tuesday May 23, 2006 @02:52AM (#15385180) Journal

    A friend's computer shared by the entire household was unendingly compromised. We restored XP many times from scratch but the result was always the same, within a month XP was toes up again.

    We did manage to trace the culprit pretty certainly to one of the kid's AOL sessions. No emphasis and teaching was enough to stop a trusting click to wreak trojan horse havoc. (I don't blame the kid, she was using in good faith and only talked to friends, and only clicked when she was assured they were "being good". Unfortunately, in the world of XP running with admin privelege, this is not enough.)

    We finally bought a separate computer with discrete accounts, and only one had admin access. The kids' accounts were non-admin. This new machine remains uncompromised, but with a price.

    The non-admin accounts, while unable as expected to install software, have random and mysterious failures. I've been able to track some down to exactly what I (and most) feared -- applications which expect to have admin access. Not one example was legitimate in the sense the failure point was performing work requiring admin access, it was just presumptive development by the application. (Interestingly, one of the applications that works fine in admin access but not in non-admin access is Windows Media Player 10.)

    Unfortunately this turns out to be a common symptom running non-admin in XP. Lots of applications will work fine. Lots won't.

    The machine remains partitioned as described, but the ultimate result has been the kids gravitating back to the unprotected computer for unfettered access. I expect that machine will continue to need its periodic re-imaging.

    These problems in XP aren't rare and are artifacts of an infrastructure with security tacked on in ugly layers again and again, all as afterthoughts. I hope Vista proves better at this, but wonder how many applications will continue as problematic because of a murky and muddled and shifting security architecture.

    For the record, I'm simply amazed Microsoft has gotten away with this for so long... it's ample empirical evidence more deals on shop architectures are being made on the golf course and not around the white boards.

    And, also for the record, Microsoft has the money and power to fix this once and for all. I'm sure some will defend Microsoft's incremental work on this, but for too many years my observation has been Micosoft using their money to buy additional fingers with which they point at others to blame rather than work to solve comprehensively the security and system integrity problems.

    • Bottom line:
    I still recommend PC owners create separate non-admin accounts with only one admin account. Applications that won't/can't play nice I recommend they uninstall and ask for their money back. This isn't optimal, but it keeps the machine healthy longer.

    Sigh.

    • Re:one experience (Score:3, Informative)

      by exKingZog ( 847868 )
      We run all our staff accounts as limited users at work. We have two pieces of software that don't like running under regular accounts, and in both cases the solution is to give users modify access on that app's folder in %program files%. Also, I'm puzzled by WMP 10 not working - works fine for our staff, and my girlfriend's account on my PC, and the guest account I set up for a friend once.

      The main culprit is almost always always programs trying to store data in their installation folder rather than th

      • Re:one experience (Score:3, Interesting)

        by Jaruzel ( 804522 )
        However, modifying %ProgramFiles% is fine for us SysAdmins, but your average Joe User isn't going to have a clue on how to do it - The application will barf, and Mr Dad will say 'Sod it. I'll give myself Admin', because life is simply too short to faff about with these things.

        Vista's approach, while not perfect does redress problem somewhat. If an app needs admin, Vista pops up a dialog asking for User/Pass of an admin account (a bit like an automatic SU) - I'm not sure if Vista knows each app and what it n
        • Now, the real question is, why can't MS add that functionality to XP ?

          It *is* in XP; at least in PRO. I know it works when one is connected to a domain, however, I've never run my own machine as anything but "admin", so I don't know if it does the same when not connected to a domain.

          If anything, that functionality is directly from XP (only possibly modified to work when not connected to a domain, if in fact it works only when connected to a domain).

    • Re:one experience (Score:4, Informative)

      by skinfitz ( 564041 ) on Tuesday May 23, 2006 @03:10AM (#15385296) Journal
      applications which expect to have admin access

      ...don't want to sound like a Windows fanboy at all but there are many *NIX apps that expect to have root - ethereal for example. Sure they are usually system admin related, but it doesn't mean that you have to run the entire session as root because you can simply use su.

      In Windows you can use the runas command similar to su to give elevated privs to individual apps. You can also use a switch to cache credentials (like chown +x root) that the admin can use to give users the ability to work with awkward apps so it's not really a big deal for the odd application if the machine is set up correctly.
      • I take your point, but I think the GPP was groaning more about the apps that expect admin access but don't really need it, not just the fact they expect to have admin access. Kodak Easyshare is one example I have come across - why should a photo album manager need admin privileges to my box? I run as a regular user all the time, using Administrator account only to install/upgrade software, and the Easyshare program came up EVERY TIME with a WARNING!!!! THIS PROGRAM MAY NOT FUNCTION CORRECTLY blahblah BEC

        • Re:one experience (Score:2, Insightful)

          by Bert64 ( 520050 )
          Programs which check for updates like that are incredibly annoying...
          Having a whole heap of programs looking in different places for updates is horrendously stupid. The OS should provide a centralised place from which you can update the entire OS and all your apps in a centralised and consistent manner.
          • Amen to that - my personal pet hates are 'Install Shield Update Manager' and JAVA that constantly tries to update itself.

            Where is yum for Windows!
          • Why would MS have the time or inclination to spend resources supporting and checking out update patches for every piece of software on the planet?

            We'd have a field day if they let Commander_Keen_2.1 go live and it was really a goat porn trojan.
        • Oh I agree totally; I've seen lots of Windows programs that warn about admin rights but in most cases I think it's just poorly written software by lazy programmers who couldn't be bothered spending time actually working out what permissions to set or just thought they'd keep files they need to write to constantly somewhere where the user really should not be able to write to such as under the Windows folder.

          Easyshare sounds like a crappy piece of software so in my situation I'd simply find an alternative

        • Re:one experience (Score:2, Interesting)

          by OhHellWithIt ( 756826 )

          Kodak Easyshare is one example I have come across - why should a photo album manager need admin privileges to my box?

          Well, can't blame British Rail -- I mean, Microsoft -- for that! (And I try to blame nearly everything on Microsoft.) I'd like to say it's people who accept software that requires admin access to run, but unfortunately, it's just like with the unfair software licenses that are so common -- you feel like you have no choice. "What do you mean, I spent $500 for this digital camera, and I c

        • Re:one experience (Score:3, Interesting)

          by harrkev ( 623093 )
          I should also like to point out that I tried the user vs. admin thing. The software that made me switch back was Winamp (they should know better) and Logitech's driver for the Quickcam Chat (they should definately know better).

          Winamp was annoying, but I suppose that I could ask for a refund of every penny that I paid for it, which was nothing.

          Logitech, on the other hand, was more annoying. I paid good money for that product, and a company that size should check for this sort of stuff. The problem is that
          • 1) Don't use Winamp. Use foobar2000. Works properly with multiple/non-privledged users... plugins for everything under the sun.

            2) There are other programs besides the Logitech tool that can take pictures with your camera. Try any other PTP supporting application (like the Windows XP Camera wizard). In general bundled software that comes with any hardware is likely to be crap... not just Logitechs'.

      • Re:one experience (Score:3, Informative)

        by Bert64 ( 520050 )
        Ethereal only requires root if you want to actively sniff the interface with it (as opposed to reading logs you captured earlier), there are obvious reasons why non root users can't sniff network traffic especially on a system which was designed to be multi user rather than having multi-user support kludged in as an afterthought.

        In many unixes nowadays you can use capabilities, to give a program that normally would require root, whatever access it requires without giving it full root (such as raw socket cap
      • Yes, but the difference is ethereal requires root to get low level access to network devices. Why does Windows Media Player 10 need to be run as admin?

      • Re:one experience (Score:3, Informative)

        by cortana ( 588495 )
        If you run ethereal as root then you're asking to be compromised.

        You should be capturing packets with tcpdump (as root), and opening the file it creates with ethereal as an unpriviliged user.

      • Re:one experience (Score:3, Interesting)

        by jimfrost ( 58153 ) *
        ..don't want to sound like a Windows fanboy at all but there are many *NIX apps that expect to have root - ethereal for example.

        While there is some truth to this, it's not the case that, say, "larn" or "hack" needs root access.

        But it is the case that many (all of the ones I've tried) of those Disney game programs require administrator privileges. These are basically flash games, and they're being sold for children to use. But they simply will not operate without administrator privileges.

        (This isn't

      • but there are many *NIX apps that expect to have root - ethereal for example.

        Uh, no? I generate the dumps with tcpdump and load them into a ethereal running as non-root all the time. ... they are usually system admin related ...

        Which I think is the critical difference. Microsoft Outlook has _zero_ to do with system administration. Palm Desktop has _zero_ to do with system administration.

        In Windows you can use the runas command similar to su to give elevated privs to individual apps.

        Well, you might say that
        • but there are many *NIX apps that expect to have root - ethereal for example.

          Uh, no? I generate the dumps with tcpdump and load them into a ethereal running as non-root all the time. ... they are usually system admin related ...

          I, like many people, like capturing with ethereal rather than tcpdump because it's more convenient. To do this it asks for the root password.

          Which I think is the critical difference. Microsoft Outlook has _zero_ to do with system administration. Palm Desktop has _zero_ to d

    • Re:one experience (Score:3, Insightful)

      by drsmithy ( 35869 )
      (Interestingly, one of the applications that works fine in admin access but not in non-admin access is Windows Media Player 10.)

      What problems did you have ? Because while I don't use WMP frequently, I've never had a problem using it in a non-admin account.

      These problems in XP aren't rare and are artifacts of an infrastructure with security tacked on in ugly layers again and again, all as afterthoughts.

      The security infrastructure in NT (ie: XP) has been there from the get-go and certainly wasn't "tacked

      • Re:one experience (Score:3, Insightful)

        by Bert64 ( 520050 )
        The security infrastructure in the (NT) kernel was there from the start, but the frontend interface that most people interact with comes from win3.1/9x which most certainly has no concept of security.

        When merging the 2 together, they decided that a consistent (ish) interface was more important than security, so the underlying security features got bypassed or papered over.

        • Probably more of a case of "backwards compatibility" (something MS have shot themselves in the foot to preserve before), but yes. NT has a completely capable security system — a modern and functional one — but as you point out it is quite simply not used on the default home installation.

          It's a bit of a sad situation really. The biggest problem is applications which aren't written to work in unprivileged user mode, though, and hopefully those will be largely fixed after Vista is released. No gua

      • For some unknown reason I had several issues with WMP using a non-admin account every time you tried to play something from the network. ( webradio, ... even without DRM )

        However, after a fresh install (still non-admin), it was working fine.

        The concept of UserRights made its way very slowly in Windows development expecially for cross-platform applications designed to run on WinMe and Win2000.
        And the Windows API didn't made thinks easy, with some duplicated functions or parameters ignored on Win9x, ... Even
        • The concept of UserRights made its way very slowly in Windows development expecially for cross-platform applications designed to run on WinMe and Win2000.

          Microsoft have been telling developers to write LUA-friendly applications since about 1998.

          And the Windows API didn't made thinks easy, with some duplicated functions or parameters ignored on Win9x, ... Even if the security design of WinNT was ok Microsoft could have done something to ease the pain of cross-platform ( Win9x-WinNT ) development ! Like I

          • Microsoft does share the blame, and in fact they have _most_ of the blame.

            Certainly this problem happens because of lazy developers, but the market forces at work imply that developers would do the least work necessary to market their program to the majority of users.

            Furthermore, no developer has central control over "all programs" - the direction of development of "all programs" rests squarely with MS. We aren't talking about a minimal set of back actors here.

            So the fault lies with M$ for shipping an OS t

      • Re:one experience (Score:2, Insightful)

        by sharkey ( 16670 )
        How do you propose Microsoft "fix" it ? By writing everyone's applications for them ?

        Seems lik there are a couple items they could do to start off:

        • Deny Windows Logo branding to any user app that does not run 100% in userland, and market the hell out of the whys and wheretofores of Windows Logo testing, requirements and consumer benefits.
        • Implement warnings when running apps in a priveledged account. Maybe a "System Administrator" level of Windows Logo to bypass the warnings?

    • Give the kids a VM (Score:2, Interesting)

      by Anonymous Coward
      www.vmware.com

      Back it up when it's in a pristine state, then anytime they mess it up, delete it, restore from the backup.
    • WMP does not require admin priveleges. You are probably just trying to read media files, or have your entire library stored, in a folder that the non-admin user does not have access to. Put the files in the My Documents (or Shared Documents) tree, or grant permissions to the folder you are already using.
    • This isn't (or even mostly) Microsoft's fault.

      It's the fault of application developers that can't or won't fix their applications to behave, or that aren't installed correctly.

      Users install the app, and it doesn't work. They call the vendor. The vendor wants to get them off the phone because phone support costs money. Running the app as Administrator is a quick and easy fix that only takes a minute, so that's what they tell them to do.

      It's all a legacy of the DOS mindset, where any program could do anyth

      • Re:one experience (Score:2, Interesting)

        by NewWorldDan ( 899800 )
        I used to run a computer lab several years ago (Windows 2000 based) and one of the problems I found on more than one occasion was programs that would try to reregister all of their .DLLs when the program was started. The programmer was probably trying to make sure that their program didn't end up in .DLL hell, but I had to make sure all the requisite registry keys were writeable for all users. That's a real pain in the ass to do without opening the system up across the board. A lot of programs have gotte
    • WMP requires admin privs to install codec, in some cases. I think this could explain the descripted behavior.

  • Aaron Margolis (Score:5, Informative)

    by BSDevil ( 301159 ) on Tuesday May 23, 2006 @02:53AM (#15385183) Journal
    Runs "The Non-Admin Blog" - one of the most useful resources for this. He's a Microsoft staff consultant, and often has tips for it you won't find elsewhere.

    Check it out at http://blogs.msdn.com/aaron_margosis/ [msdn.com]
    • Probably the most important utility on his site is the MakeMeAdmin [msdn.com] script. It's can raise your priviledges for one session (say of CMD.EXE), somewhat like SU. It differs from RunAs in that you retain the non-admin user profile, so file ownership, permissions, home directories etc are set to more useful values than with RunAs.

  • I have always used the NT, 2k and XP as non-admin. It works somewhat in my experience, but not as good as in Mac OS X.

    Microsoft Office works as it should and with Visual Studio you would maybe want to add your user to the Debuggers-group (or something like that). Otherwise Microsoft's own apps works in my experience.

    To me most problems occur with large (non-Micorsoft) commercial applications, especially games. You have to hack around to get it running as non-admin, and when you finally get it running

  • Some advice (Score:5, Informative)

    by VGPowerlord ( 621254 ) on Tuesday May 23, 2006 @02:54AM (#15385189)
    I'm running Windows XP Pro as a Limited User right now. The important thing to remember is that some programs, games in particular, don't like it if you don't change the file (and sometimes, registry) permissions.

    Registry permissions can be set using reged32.

    Installers are also a problem. Since Windows program like making a mess (i.e. putting DLL files in the system and system32 directories), you usually need to run then as Administrator. The "Run As..." menu item can be used to elevate priviliges for a single program. This appears in context (right-click) menus by default, unless you're in the Control Panel. In that case, hold down shift when right-clicking.

    Windows Explorer can be started as a different user, if you set the option to run Explorer Windows in a separate thread. This option needs to be turned on for the user you're changing to, not for the current user. You can find this option in Control Panel (Classic View), Folder Options..., View tab, Launch folder windows in a separate process.

    Here's a few sources to consult:

    I'm sure I missed some things, but other posters will point them out.

    • http://nonadmin.editme.com/ [editme.com]

      Thought you probably would have found that via Aaron Morgosis' Blog.

      I have my wife setup as non-admin, and she doesn't really notice. I run as non-admin at home and its fine. Sometimes it gets messy during development when you need to attach a debugger to a system process (IIS), but there are ways to resolve each issue, and they are documented at the above sites.
    • I'm sure I missed some things, but other posters will point them out.

      Actually yeah, the BEST way to find out how to get an application to install/run with reduced privileges is to instead search for how to install it in a Domain. The procedures are the same, but in the example of Palm Desktop- one will tell you how to do it and the other will not.

  • I could hear it now.... (Score:4, Funny)

    by Zanth_ ( 157695 ) on Tuesday May 23, 2006 @02:55AM (#15385197)
    Considering most users like to install the latest kitchy program, I would assume it would be quite a trial in the current format, to have a user run without admin access. I could only imagine the calls the local techy friend would get, instead of "can you pleeeeease come and fix my malwared/spywared/virused/trojanned/fubar'd computer" it will now be "can you pleeeease come and install happybloggeryp2pdownloadmeforfreeporntoday.exe"
  • By all means read Aaron Margosis's blog, get used to Run As, and be prepared to debug apps that don't want to run in a normal account (often it's just a few files or registry keys. Edit the ACLs for them and it may fix things).

    A few months ago, Windows Update somehow stopped working from Run As. Annoying, but you only need to run it once a month.
    • I attempted to post on this last night, but db maintenance got in my way.

      Not being able to run WindowsUpdate is a major impediment to people being able to run windows with non-admin accounts. This is one of the reasons why I'm happy I switched to a Mac Mini last year, and why I still loath having to support my wife's Windows laptop.

      If there's some way to do it, please let me know - I haven't had time to read through the blog linked in other posts.
  • I'm posting from a limited account on an XP box right now. I've been doing this for a while now in Windows, but it isn't always a pleasant experience. It seems a lot of programmers out there write software that requires admin when there is really no need to do so. I had to get friendly with Run As so I don't need to switch users when I have to run a program with admin priviledges. I can understand my atomic clock sync program needing admin since limited accounts are unable to change the time or date, bu
    • I always run as non-admin on Windows too after a few nasty runins with malware. I feel vulnerable doing anything else, which is how it should be. I seem to remember the analogy that a surgeon doesn't walk around all day holding his scalpels etc.

      Unfortunately, games mostly spoil this situation. Some state that they need admin on the packaging but others just assume that you're running a PC freshly delivered from the local store running XP Home with full rights. This is even worse when our local software out
  • I ran Win2k Pro at home with a non-admin user just fine several years ago. Back then, there were still quite a few day-to-day programs (especially games and burning software) that required elevated privileges. It's not hard to set up a "run as" link for those apps, though.

    I work in a corporate-type environment where almost no one has admin on their machine. Folks here run all sorts of applications, burn CDs, etc with no problems. In fact, we deny everyone write access to the C partition (where the OS and p

  • The info is out there...if you can read German ;-) (Score:3, Informative)

    by D4C5CE ( 578304 ) on Tuesday May 23, 2006 @02:59AM (#15385235)
    The staff at Heise, publishers of c't (one of Europe's major IT mags) have dedicated much time, effort, and a series of extensive articles to this question. [heise.de] Some of them are online for a free read, in particular on the pages subsequent to the above link.

    Learning German is probably an effort on par with trying to replicate their years of work and experience. ;-)

    There was even a database detailing which application caused how much trouble without administrator privileges [archive.org].

    However, in all of this the question comes to mind whether the best way to obtain as much as possible of Mac-like security and ease of use on PCs wouldn't simply be installing Linux in the first place.

  • It just makes sense; on UNIX you wouldn't do non-administrative stuff as root, but I'm not big on gaming, so I'm not sure how gamers would get on as User. But for all the usual non-gaming tasks running in a user account doesn't get in the way at all.

    One thing not many people mention; to get the best out of running as a user you should change the permissions on the drive Windows NT is installed on. On XP users can create folders outside of their home folder by default, but it'll keep things much cleaner a

  • Forget it. (Score:2, Insightful)

    by lukas84 ( 912874 )
    You can Windows as a normal user under the following circumstances:

    a) You are in a company, working with a professional IT environment, with a helpdesk and administrators with knowledge

    b) You are an administrator with knowledge

    Running windows as non-admin is not for the faint of heart. While most Microsoft software runs flawlessly as non-admin, there is a large percentage of third party software which does not. This can be fixed in most circumstances, changing permissions in C:\Program Files\, the HKLM Key

    • Re:Forget it. (Score:4, Insightful)

      by senatorpjt ( 709879 ) on Tuesday May 23, 2006 @06:43AM (#15385897)
      Unforunately, only the people with the knowledge of how to prevent Windows from being compromised by running as Admininstrator in the first place are the only people who know how to set it up to run as a limited user.

      It seems like Windows was set up so that the Administrator uses the Administrator account all the time, and if it's your personal computer, that's you - limited users are for when someone else is the Administrator.

  • I have a friend who hoses his Windows system every now and then. The last time he did it, I reinstalled Windows (and no, he doesn't *want* any other OS on the machine), created a non-admin account and told him to only log in as admin when he needs to install something. So far - about six-seven months running - he's had no problems. It works for him, and that's *very* ok with me. :)

    Personally, I think running as non-admin is a good idea, but I don't really like the way it's implemented in Windows, so I don'

  • How realistic is it to expect a Windows user to run their OS as non-root?

    About two months ago I tried it. It was absolutely fucking horrible, and just a colossal pain in the ass. It may just be because I'm constantly installing/uninstalling both software and hardware, tweaking the system settings, etc. but it was flat out unusable. I've managed to avoid getting any virii, trojans, rootkits, etc. for the past decade - but even if I were to have to do a completely random system wipe once a year (in additio

    • ...but even if I were to have to do a completely random system wipe once a year (in addition to my four quarterly reformats each year) I would still be way, way ahead in productivity compared to running as admin.

      It's simply not worth the hassle.
      --Ryvar

      Wow... you consider reformatting 4 times per year, on purpose, acceptable, yet attempting to run as non-admin in Windows is too much hassle? Now that's saying something. Just attempting to install Windows once and get it to a usable state would be enough

  • My user account (SID) on my x64 windows machine at home isn't in the administrator group, and I occasionally run into problems. Most software works ok, though.

    The typical problem is that the programmer or software architect didn't account for user-specific config settings. Just like on unix, Windows lets you keep user-specific stuff in the user's profile. However, Windows has the ability to synchronize the user's profile across the network -- including the HKEY_CURRENT_USER subkey from the registry, s

    • However, Windows has the ability to synchronize the user's profile across the network -- including the HKEY_CURRENT_USER subkey from the registry, so it's not as simple as just writing a bunch of stuff to a dotfile.

      Er, yes it is. You drop a config file into %USERPROFILE% or write it to HKEY_CURRENT_USER (where you should be putting it *anyway*) and the system takes care of the rest.

      By the way, the poster's use of the word "root" is a little misleading. In Windows terms, "root" is really the LocalSystem

  • Three years ago my girlfriend took her machine to a friend of hers to get it fixed. The guy installed a bootleg copy of XP on the machine, as well as an install of Norton AV.

    When I had to clean the malware off, I noticed that there were no service packs, and the Norton had not been updated in over a year and a half.

    I backed up all the pictures and work documents, then installed a legal version of Win2K Pro, Anti Vir, Clamwin, Firefox, spybot and Ad Aware.

    The hardest part was convincing her to use her newly
  • most places don't give users local admin, including at mine. once in a while you'll find an app that won't work right that way, but most mainstream apps that are written properly work just fine. the biggest complaint i've heard is not being able to double click on the clock to get the calender. users and guests can't do this by default, but this can be enabled in the local security policy. one big perk is that if you aren't logged in as admin, automatic updates will just be downloaded and installed without
    • This dialog says it all:
      http://gallery.ev6.net/v/stupid-doze-crap.png.html [ev6.net]

      Even tho your logged in as non admin, and dont have privilege to reboot the machine, it pops up the dialog telling you about new updates and asking if you want to reboot. Only you can't reboot, nor can you cancel the dialog, it will sit there until someone reboots for you.

      It just shows how the whole interface was never designed with multiple users in mind, it's one big nasty kludge.
  • Even MS itself has admitted that it can't be done. Even its own software forces you to run as admin. Office is the most wellknown example.

    There have been a number of stories about it in the last few years even interviews with MS people in wich this was adressed.

    Basically, it can be done but not easily and not without a lot of hassle. MS knows this and is supposed to be working very hard on this. Vista is supposed to cure it all.

    So for now it seems you are condemned to run with higher privileges then nece

  • First off: the windows administrator account isn't EXACTLY root. The "System" account is the most privileged account. Of course, it is fairly easy to escalate Administrator privileges to do anything that System can (you just have to jump through a few hoops).

    I've run my own machine (when I ran windows) and machines which I have had to support as non-admin. It is completely doable if the workstations have to run only a few programs and/or there are IT people backing up the attempt. Many programs will be
    • First off: the windows administrator account isn't EXACTLY root. The "System" account is the most privileged account. Of course, it is fairly easy to escalate Administrator privileges to do anything that System can (you just have to jump through a few hoops).

      From a technical perspective, Windows doesn't have any equivalent to 'root'.

  • ...but in a corporate setting. At home I wouldn't dare run without admin, too much stuff doesn't work. But in an office setting like that it's very easy to manage without admin.

    My recommendation is setup shortcuts that use runas.exe whenever you have something that needs admin access. Use /env to use the current uesr's profile as this fixes most problems that installers and programs have. As long as you setup things to use admin that need them, you can have a workable system. I've done that for a couple fam
    • Well surely then if it's not suitable for running at home in a safe manner, then it's "Not ready for the desktop".

      People rag on about how difficult they perceive linux to be, but in terms of running the system safely today's linux distributions are much easier than windows.

      On the other hand you have OSX, which is about the only OS that really is "Ready for the desktop".
  • The problem with not running as Administrator constantly for most Windows users is they value their own laziness over security. As if the security flaws in the Windows codebase itself weren't bad enough, it also has to compound the problem by encouraging everyone to run as Administrator by 1) making it the default and 2) not providing "Run as user..." in places you might realistically need to run as root, such as control panels instead of the current situation of only arbitrary binaries getting that option
  • Some software vendors haven't bothered much to make their product running _well_ in a multi user environment. Configuration files should not be stored in the application directory, but rather in the user profile.

    Other thing to consider would be to run the browser as other (totally unprivileged) user, I guess the next incarnation of Windows has something like this onboard.
  • I have separate user accounts that my kids use and about 1/2 of their games don't work. So when I let them log in on an account with admin priv to run their games they invariably exit the game and do "web stuff" later on and the next day I sit down to do work and there's all sorts of crud installed.

    Recent games (the last couple of years) are behaving better eg World's of Warcraft runs as a regular user but previous Blizzard games didn't. The Sims2 runs as a user but puts multi 100 megs of files in each user
  • Ever since I switched to NT4 back in '96.

    Back then it was a bit of a pain, as some maintenace tasks actually required logging in as an Administrator and didn't work with "Run As". Plus, "Run As" required you to actually download and install a PowerToy, rather than being part of the context menu by default.

    Nowadays pretty much everything necessary is doable via "Run As" - and the few things that aren't XP users can simply use Fast User Switching to bounce into an Adminstrator account (I use Win2k3 on my d

  • But for the most apps this is not a problem. Some apps have issues running out of the "Program Files" directory in user mode. But there are simple ways around that.
  • As a user, what's the most painful thing a virus could delete or steal? Delete: my files that aren't backed up recently (or for home users, ever). Steal: my CC and similar info, which is either in said files, web caches, or even email for some.

    What's the common thread for all of those? Right, you as the non-admin user still have full privs over them.
    • Which puts the security of *YOUR* details in *YOUR* hands...
      If a machine has multiple users, I don't want other stupid users getting owned and exposing MY details, what they do with their own files is their own problem however.

      Also when your the one expected to fix someone'e totally screwed machine, it's better if the system as a whole won't get shafted, it's much easier to reset their user account to defaults.

      And finally if something is running in userspace it can't really hide itself, it can't hook into t
  • Apart from programmer/developpers, you'd be surprised at how many people in medium to large corporations run as non-priveliged users.

    Once you make users non-priveliged, a *HUGE* number of support problems go away. Before I handed off desktop support to an assistant, people would often come to me and ask for admin privs. Everyone who asks for admin priveliges will swear upon everything that they find holy that *they* would never cause any problems. Like prisoners, they're *all* innocent. And yet, without
    • Amen brother! I inherited a network of public-IP desktops with all users running as admin. I was ghosting at least one machine a week. I ended up setting up a NAT firewall and an Active Directory domain. Now everyone runs as just a user. Since we are still on Windows 2000, I have also installed VNC on every machine. I hardly ever have to leave my desk for desktop support anymore.
  • I've been running XP (and 2000) as non-admin for a while now. Most tasks are fine, with the usual problems being post-installation for new apps and games after you've logged out as admin and actually want to use them.
    The most common problems I encounter are Registry-related, apps trying to open HKLM keys in read/write mode for example, and are primarily due to the software developers running as admin on their own machines and never testing with lesser-privilaged accounts.
    I usually contact the developers wit

  • The biggest problem I had with this was when I ran WinNT (and I'm assuming it still holds for later versions). Certain programs would require administrator access to install correctly, so I'd log in as administrator to do the install. Once I was back on my non-admin account, the security permissions in the registry (for keys created by the install) didn't allow me to access those keys--and the program wouldn't run correctly.

    If I recall correctly, XP has a feature whereby you can allow a program to run as

  • You really want to be safe? Don't allow the regular users write access to WINNT and Program Files. WINNT proved not to be a problem. But when you block write access to Program Files, about half of the programs I use simply do not work. Another handful work, but don't retain settings. Its not really the fault of Windows, but the fault of the application creators. For all of the inconsistencies in Unicies, you know that you store user data in dot files in ~, and temporary files in /tmp. Windows has Documents
  • I've been doing this at home on my WinXP Pro computer and it works fine for me. The only time I bump into problems is when I need to install software, which is rarely now that I have finished setting up the system. I also use Firefox for web browsing and I use web based email, so two of Windows biggest problems (Internet Explorer and Outlook Express) are never used.

    Personally, I would like to see more Windows software support drag and drop installation, like most Mac OS X software does.
  • The Unix crowd gets excited about non-Administrators in Windows every now and then. In fact, it's fairly pointless. The root user was designed for multi-user systems (hence the administrator). Single-user systems don't need it. On a single-user system, the most important thing is not the system files: those can be recovered from the factory install disk—it's the user files.

    There are a lot of advantages that Linux and Mac security have over Windows. It's sad that anyone thinks that their most useless
    • Wow, there are real security people?

      Every one I've ever encountered are the *Monkey Noise* "Ooh lookie! BugTraq sent out a new 'sploit!! Oooh oooh!!" *Monkey Noise* *Monkey Noise* types.

      They always say 'sploit cause they think it makes them sound cool.

      One of them grew a big orange beard because he doesn't have a chin.
  • Comment removed based on user account deletion
  • I have tried to move a number of my family, friends, and clients to this.

    We always create the first account with the name "Install Software" and password protect it. That way other family members, children, etc. can't get in there and cause problems.

    I always try to make them do everything they would normally do while I am there to assist with creating the limited accounts, password protecting any that need it, and setting up software. Invariably within a day or two I get a phone call/visit due to some

  • Some tips... (Score:4, Informative)

    by pla ( 258480 ) on Tuesday May 23, 2006 @09:51AM (#15386647) Journal
    As someone who runs as a non-admin, I'll share a few tips I've learned on how best to make everything work...

    1) Download CPAU [joeware.net], which works somewhat like RunAs but will let you create "job" files so you don't need to type a password each time.

    2) Make three accounts, a "guest" (don't use the built-in guest account for this) user, a "poweruser", and an "admin" (don't use the built-in admin account for this). For the rest of this post, I'll call your real account "fred", the lower-permissioned account "barney", and the higher-permissioned account "gazoo".

    3) Set the root of all drives to explicitly "deny" all permissions to "gazoo". This wouldn't even slow down an interactive attacker, but few hostile programs expect to need to take ownership and change permissions from an account already having admin privs.

    4) Give "fred" write permission on "Documents and Settings\barney". Give "barney" read permission on "Documents and Settings\fred". Give "fred" read permission on "Documents and Settings\gazoo". That alone will solve 99% of permission problems you'll have.

    5) Use CPAU to set up job files to run all your networking programs (browser, email, IM, etc) as "barney". Do the same for all programs that legitimately need admin access (many CD/DVD rippers, for example) to run as "gazoo".

    6) To install most software (even well-behaved software that doesn't require admin to run), log in as admin (the real one, not "gazoo") and create its directory under Program Files, giving "fred" (or "barney" if it will run with reduced permissions) write permission to that dir. Then, install it while logged in as "fred" (or, again, as "barney" if applicable). Also, some pesky software will work best if you install it first as the user it will run as, and then as "fred". Firefox and Thunderbird fall into this category, because of the way they handle user profiles (Using the highly-recommended "Portable [portableapps.com]" versions of both will completely avoid this problem, btw).


    The above will take care of most common problems you might have. Other problems will still pop up, however.

    For example, good luck printing from your web browser - you can use Microsoft's TweakUI to edit the relevant ACLs, but that seems like about a 50/50 shot of working. I curently have two machines at home set up more-or-less as described above, and basically identical. One of them can print from "barney" and one can't. Wierd.

    Also, get used to using UNC names. Mapped drives, even if mapped under all three accounts, will not show up for programs running as anyone but the currently logged-in user.



    And some "experts" wonder why so many Windows users still run as admin.
  • I'm a mac user (at home) too, - and at work, I generally run as Admin on WinXP because Rational ClearCase has been a very tough nut to crack.

    Generally;
    Running as a User is fine - unless you're going to need to access any control panels, or mess with system areas of the file-system.

    But this alone is not really enough to provide real security. You've got to also set some restrictions on file-system and registry permissions. An Excellent guide can be obtained as a pdf file from the NSA.gov website: Guide to
  • Reading all this stuff I've come a conclusion. In order to "properly" use Windows, there is just as much mucking around with admin tasks as when using Linux. All these people say how difficult linux is as a user experience, but then you realise that windows users are essentially ignoring or working-around security, something that jsut isn't done by default in linux. There are repeated remarks here about having to change file and registry permissions and using "RunAs" in order to PROPERLY use windows as a n

Slashdot Top Deals

The Tao is like a glob pattern: used but never used up. It is like the extern void: filled with infinite possibilities.

Close