Re: Security running as Administrator in XP

From: James H. Fox (NOSPAM_AT_att.net)
Date: 01/04/04 

Date: Sun, 4 Jan 2004 13:19:16 -0500

Peter James wrote:
> Maybe my choice of words was unfortunate. What I meant was, if there
> is a security problem, it's not one that Microsfot publicises.
> Linux/Unix on installation go all the way to ensuring that the user
> sets up an Administrator and User, and ensures that the user is aware
> of the security issues. That doesn't seem to be Microsoft policy on
> this issue.

I have noticed this also. Having set up Win2K/XP many times, I have long
known that you are "Administrator" by default, but Microsoft at no point in
the setup program advises you to switch to a "User" account. My conclusion
is that it makes installing programs too difficult for most people, and MS
does not want to grapple with the support problems.

Now for your other question, you will in many cases have to allow additional
security rights to a program to get it to run in a User account. Just
right-click on the folder in Program Files, and set it with the same rights
as Power User, which works in most cases. Sometimes you have to go into the
registry (using regedt32, not regedit) and grant additional permissions to
the software group in question under either Current User or Local Machine,
if I remember correctly. However, a few utilities may not work at all no
matter what permissions you give, or else work with limited functionality.
In that case, use the "runas" command to run as Administrator each time you
start the program. One little-known trick in WinXP is that you can get
Runas to remember you Administrator password; use the "/savecred" switch. A
comparable effect can be had in Win2K by using the Sanur utility
(http://www.commandline.co.uk/sanur/). You can also run as a service using
FireDaemon (http://www.firedaemon.com/).

I am not a programmer, so I have had to figure these out myself over a
period of time. But if everyone used them, at least 90 percent of the
trojan and virus problems would be solved with no additional software
whatsoever, at zero cost.

Relevant Pages

  • Re: how do I change ownership of and "unknown" owner
    ... > The Administrator you are talking about should be the Administrator of the ... > to do with NT or machine level security. ... > Owner, in all my experience it's been corruption. ... > Microsoft Security Bulletin MS03-026? ...
    (microsoft.public.access.security)
  • Re: how do I change ownership of and "unknown" owner
    ... cases where they are joining to correct MDW file however the owner shows as ... Produced By Microsoft MimeOLE V6.00.2800.1106 ... |> to do with NT or machine level security. ...
    (microsoft.public.access.security)
  • RE: how do I change ownership of and "unknown" owner
    ... The Administrator you are talking about should be the Administrator of the ... to do with NT or machine level security. ... "database recovery", "access" if you can't resort to back up copy. ... Microsoft Access Support ...
    (microsoft.public.access.security)
  • Re: Security running as Administrator in XP
    ... > Just how much of a security risk is running Windows XP as ... > yet Microsoft don't seem to want to admit that there could be a risk ... Administrator him/herself. ... I don't understand where you're coming from with the sentence 'yet Microsoft ...
    (alt.computer.security)
  • Re: RUNAS when a user is just in the user group
    ... Right-click on Internet Explorer, and select runas from the context menu. ... Enter the credentials of the administrator or a user account with ... Microsoft Global Technical Support Center ...
    (microsoft.public.windowsxp.general)