Re: Domain users members of local administrator

I do not distinguish between enterprise, small business, or home/family when
it comes to this.

At the end of the day, if you keep silent and keep buying the @#%&* , then
the vendor has no reason/motivation to change.

For example, I have been running as non-admin user for several years now,
and I constantly complain and file bugs against every single Microsoft
product (internal or external) that I install and does not work as
non-admin. Although I often don't get my wish the very first time, I usually
get it the second time - so many of the productivity programs I use will run
perfectly fine as non-admin user. Of course, this has taken a few years to
take effect, and I don't have it for every MS product, but overall, I am
pretty happy with the improvements to run as non-admin.

Vista is not going to magically solve any of this. Vista just forces the
issue in the vendor's face by making more users run as non-admin by default.
I think it is a gutsy move by Microsoft because when those legacy
applications break on Vista, do you think the users will:
A. complain that the application vendors foisted insecure software on them
in the past
B. complain that Microsoft took steps backwards with Windows Vista and broke
compatibility


Viewed another way -- for years, the customer has failed to push the vendors
to improve quality when it comes to security. Microsoft is making a gutsy
push on the security front and probably will get complaints from Customers
and Vendors... even though the move is the right one to make... and the
customer failed to make the right move for years. Now, who says that
customers are always right? ;-)

--
//David
IIS
http://blogs.msdn.com/David.Wang
This posting is provided "AS IS" with no warranties, and confers no rights.
//

"Kerry Brown" <kerry@xxxxxxxxxxxxxxxxxxx*a*m> wrote in message
news:eh%23vJT8RGHA.5900@xxxxxxxxxxxxxxxxxxxxxxx
David Wang [Msft] wrote:
Let me clarify my point:

My setup allows the technically proficient to run as a secured,
normal user but still easily do all the advanced things with little
trouble
For the non-technical users, you simply remove the RUNAS and admin
command prompt and it should work. Why?

Because most non-technical users do a fixed (not as technical and
dynamically changing) set of actions on the computer. Once you have
that all set up, they simply do not need to run as administrator.

For example, when XPSP2 came out, I reinstalled my family's various
PCs with XPRTM + XPSP2 patch, then I had them declare and install any
apps they depend on, after which I silently moved their login
accounts out of Administrators, setup Windows update to auto-update,
locked up their local administrator account to a password only I
know, and they haven't come back with viruses, malware, spyware, nor
complain that they can't do what they want.

I think that's the way things should be even as it scales larger.



From an enterprise perspective that's acceptable. From a small business
perspective it's not. Try running some popular small business accounting
packages or contact management packages as a regular user. I would love to
be able to set up customers as regular users rather than admins but with
XP it only generates ill will from my customers and they start calling
someone else. I am looking forward to Vista.

Kerry




.

Relevant Pages

  • Re: CHALLENGER SYNDICATESHIPS LIMITED
    ... addition to the act you mentioned there are 3 other potential areas's ... argued, that if they fall short of a customers expectations, or fail ... the chance to make that request, I feel it's reasonable to call back, ... outside the bounds of a reasonable right to complain. ...
    (uk.rec.waterways)
  • Windows XP to be phased out by years end despite customer demand
    ... Windows XP to be phased out by year's end despite customer demand ... OEM by the end of this year, despite consumer resistance to Vista and its ... seeing plenty of demand from customers for systems preloaded with XP, ...
    (uk.people.silversurfers)
  • Re: VS2005 NOT Compatiblke with Vista? Are you serious?!
    ... on Vista when you had agreed to do so previously is niether good for the ... that is what sells things to many customers. ... to run XP and thier old apps). ... I don't want something (McAfee and Norton) that scans every single ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Vista SP1 and GPMC problem
    ... Exporting the GPO from my own environment and importing it in the destination environment works fine. ... I really can't afford consuming server resources to install VS and spending customer money for a Vista licence just to be able to change some obscure firewall settings twice a year. ... For a couple of customers the only Vista systems available are the company managers laptops. ...
    (microsoft.public.windows.server.sbs)
  • Re: VS2005 NOT Compatiblke with Vista? Are you serious?!
    ... you should try a different news server. ... Or maybe you're censoring yourself. ... Communities newsgroup servers and Windows Mail on a Vista Ultimate PC ... been working with customers on compatability for a couple of years now. ...
    (microsoft.public.dotnet.languages.csharp)
Loading