Dana wants us to run as non-admin

I don’t run as admin on my box when I’m developing, and I encourage my team to do the same. It’s a PITA every so often, but not nearly as bad as one might expect.

That is great news for pay-as-you go suport sites and a nightmare for service desks everywhere. Microsoft has to figure out to stop virus’s from installing themselves first. As a user I want to do what ever I feel like. I don’t want be an Admin to install a Flashplayer or run an Excel macro…yeah Microsoft, go ahead lead the way…when pigs fly!

I run as non-Admin, except when I’m developing COM objects (its hard to debug something if you’re not allowed to register it.) A few things are painful, but I believe its worth it.

I think one of the points that Dana makes that you didn’t key off is that it shouldn’t be painful. If MS developers were forced to run as non-Admin, and experinced all of the pain, you’d come up with a better way of doing it.

I think there are good ideas about this in Vista; by default users are asked to confirm when they are about to take system actions; similar to the dialog that pops up on Mac (or needing to “sudo” in *nix environments).

However, it is quite annoying when Windows Defender gets a bit too ambitious and starts making you confirm everytime you want to just open Control Panel… I hope they find the right balance before Vista goes Beta 2

As another idea – this is how I’d recommend things be run. Create an alternate, NON normal user account with admin privileges for the rare times you need to do something with admin privileges. Otherwise, run in “User” mode the entire time. On unix/OS X, you can do an “su” and on NT systems, you can do “runas” to execute things as an admin, when needed. This lets the person still do installs of software and other admin tasks but keeps them from using an admin account on a normal basis.

A person should NEVER by default login with an admin account, unless specifically doing admin tasks, and then logout as soon as those specific tasks are done.

Dana Epp makes very clear the fact that, on a limited user rights environment, you can install and run a virus as long as you install it in the C:\document and settings\ profile folder instead of the default C:\program files.

So all I can say about Microsoft and security is, it’s such a joke to put the two in the same sentence.

back in my openvms days it had the facility to have authorized privs, default prics, and of course, active privs. there was also a priv [setprv] to allow changing privs. there were many mistake made by cocky developers who ran with the ‘safety’s off’. by setting all ‘off’ and needing the concsious action of ‘turning them on’ – i saved my bacon more than once… something else to be snarfed out of the vms design approach for microsoft…

So Robert have you heard anything about this, fround via TechMeme:
Microsoft considers taking admin rights from employees
http://www.zdnet.com.au/news/security/soa/Microsoft_considers_taking_admin_rights_from_employees/0,2000061744,39257228,00.htm

My Windows is extremely rusty these days, but doesn’t WinNT and derivatives have a ‘sudo’ equivalent – a way to temporarily, with permission, elevate privileges? There’s really no reason running as a normal user should be any hardship at all.

The solution is a social one. Ban admin rights for everyone, even the developers, BUT: make it easy, simple and painless for them to get a helpdesk wally to log in and install stuff they need, WITHOUT having to run the gauntlet of change requests and business cases. I can do nearly everything I need on my locked-down work box, thanks to the fact that Apache and MySQL are written to work in non-root environments, and especially thanks to the the reg command in MSDOS; but if I hadn’t found a tame helpdesk guy here to modify my /System32/Drivers/etc/hosts file, for example, then I’d've been stuck. Other things I don’t even try, because the tameness of the helpdesk only stretches a little way.

Summary: if you have to put an obstacle in a user’s way for valid reasons, trying removing other obstacles to compensate.

I agree that running admin is bad however currently developing with SharePoint on Windows 2003 is impossible to debug web parts as anything but. For regular development, you can pull it off on an XP box with everything local. Luckily when Vista finally comes along this will be the same, but until then I’m stuck being the uber user that I am.

I’ve got an idea (Oh frabjous day, calloo, callay! he chortled in his joy ;^) – starting from the ground up.

There aren’t any user-mode games on MS Windows to the best of my knowledge – all such games _must_ be run as Admin. What that means is if little Johnny can’t play his games because the system’s locked down, family dynamics usually mean he’ll get to play his games anyway – and security be damned.

Get MS Windows absolutely rocksolid with running games as user instead of Admin, and you’ll be a good part of the way there already. Ignore this piece of advice and you wind up eating your dogsh** – very highly processed dogfood – instead.

Too much doesn’t RUN as non-Admin, major apps and corporate apps serious, plus lottsa games.

One fine mess.

The whole IE thing spawned the DOJ kickout and security hell, Microsoft’s biggest blunder, paranoia run wild, in the ‘Netscape as platform’ era, and it still haunts them. No easy answers.

I agree in principle. In Linux, you get shunned for doing so, and many things won’t run or give you warnings. If you join IRC as root, you normally get kicked for being dumb (unless you hack your ident).

Now as a developer, no, its anoying, Windows isn’t ready. As a user yes, all users need too.

“It’s time to step up and do this, no matter how painful it is.”

What painful?

You do realise that any modern UNIX/Linux/OSX user BY DEFAULT runs as non-admin? Do you think that is painful?

All the users in my company have been set up as USERS for a long time now. I’ve set up a local admin account for them as well that they can use when having to install stuff, because I am not a total bastard and I understand notebook/traveling users sometimes have to install a printer or camera.
I rarely have problems, and the users understand. They can work fine. No pain there my friend.

SPunds like people are clamoring for the “Only log in as Administrator” if we say it’s ok. I am telling you the first PITA that pops up, people, ME, will continue to run with administrator priveledges. One thing I liked about my Mac before OS10, was that I could install a program and all of it’s parts were neatly contained in one folder, and a preference file was installed on the machine. How about a DMZ where one could install all the software needed, if the software turned into Malware or perhaps a virus it could be uninstalled by deleting the folder.

Nothing drives me insane more than windows telling me I don’t have permissions to delete a folder. If the folder is in the DMZ you can delete it.

Programs -DMZ Folder or Partition
Files – Documents Folder
System – System Folder (Changes only allowed as escalated user)

Lose the Registry, yeah I know you had the Registry guy on channel Nine exalting the registry. There has to be a better way!

Ok, so how many times during a normal session does your Windows Vista Beta ask you to confirm that you really need to do something. Change a network setting, modify a file. It is really too far. Computers and programs are supposed to enhance and enable ever greater levels of production and productivity. Vista is not easier. How many clicks does it take to change your network settings? How many dialogue boxes and “oks” do you need to go through?

Microsoft needs to get a book on unix user concepts and read it.

Then they can add this (decade plus old) technology as their own innovative feature and sell it as an upgrade.

Well dang, gave up, couldn’t get it on this laptop, and sick of trying, and no I am not just gonna try this or that. I am done. Lordy be. I will wait for final, what in 1Q 2008, maybe?

I’ve been running Vista for a very long time on my dev box at work. Months longer than others on my team.

I need to keep a log so I have some facts, but I don’t remember needing to do any administrator confirmation dialogs at all today. Once you get your machine setup, it’s really not bad.

The problem is, is that Windows was never designed for the very demanding environments that the millions of users around the globe expect it to remain solid in. Unlike Linux/*BSD (which got it the first time round), Windows has always been a single-user, single-system operating system, even with the nasty kludges in Windows 98 which let you configure multiple “user accounts” (really the same default environment in different guises). Windows XP does nothing to better the 20+ year old design flaws, and Vista may well add it’s very own problems to an already explosive mix. Windows Vista will be another classic example of Microsoft’s commitment to recycling years of bodged garbage, and placing yet another frilly facade on top. Can’t wait to see what lovely security flaws Microsoft has cooking in Vista, meanwhile I’m using Linux, and enjoying every moment