More on running as non-admin

As folks who follow my blog already know, I've been trying to set a good example by running my main computer on a day-to-day basis with a plain vanilla user account, with no administrative privileges, in order to reduce the risk of providing elevated privileges to malicious code I might somehow accidentally run, as well as to ensure that any code I write installs and executes without requiring elevated privileges.

While for the most part this effort has gone fairly smoothly, there are days (like today) when I just want to pull my hair out. The reason in this case? Microsoft ActiveSync.

I recently purchased a new PocketPC, Phone Edition device from T-Mobile (currently available from CompUSA for $299 after rebates). I managed to get the device set up and synchronized OK, but soon discovered that I was having difficulty getting any new software to install onto the device. Since I'd originally installed ActiveSync before downgrading my day-to-day account to a non-admin account, I guessed that perhaps a mismatch in permissions might be the problem, so I decided to remove and reinstall ActiveSync. Bad idea...removing was no problem. But ActiveSync refused to install for my base user account (not sure whether this was a permissions issue or not, as the error message I got was not permissions-related, and was essentially useless). Of course, when I used the Run As... feature to run the install from an Admin account, the setup program configured ActiveSync for that account. Since the administrative account did not have an Outlook profile set up, this meant that it was impossible to synchronize contacts, mail, etc.

In the end, I had to add my day-to-day account back into the Administrators group long enough to reinstall ActiveSync, and then remove it again. I have a feeling there may be a better solution, but I wasn't able to find it in the Microsoft Knowledge Base, and I usually have pretty good luck finding what I'm looking for there. The realm of connecting/synchronizing mobile devices is an area where Microsoft really needs to improve things, both from an ease-of-use standpoint, and to address any elevated privilege requirements. If someone like me, who has been developing software and tinkering with hardware for years, has this much trouble with ActiveSync, what chance does the average person have? If Microsoft wants to sell PocketPCs and PocketPC Phones to folks like my mom and dad, they need to make this much easier.

That said, I love my PocketPC phone. I've had an iPaq for a couple of years now, and while I still sometimes carry it, I got very tired of carrying two different devices (cell phone and PDA) all the time. Being able to use just one device, especially with the level of integration of phone and PDA this device pulls off, is something I've been waiting for for awhile. And now that the price is right...

[Listening to: Symphony No,9 in E Minor, Op.95 - Mvt. II - Antonín Dvorák - New World Symphony (12:30)]

3 Comments

  • I've been having the same problems with my PocketPC PDA, since I downgraded my account yesterday. Did the reinstall fix the problem with writing to the device?



    I was trying to see if I could find a way for the local admin to set up permissions to the mobile device, but sadly I couldn't find anything.

  • Milbertus,



    The only way I was able to get ActiveSync to work properly was to temporarily add my user account to the Administrators group, then use Run As... (because the shell still has the non-admin credentials) to install ActiveSync. The same procedure is necessary for installing PPC software. Don't forget to remove your account from the Administrators group when you're done.

  • I have a QTek S100 and I want to be able to connect it to the computers in school, but to install the drivers for PocketPC on WinXP you need administrator priv, which I dont have.

    Anyone know a work-a-round for this?
    Been talking to the tech's and got the answer "It would be to much for us to do to enable that for the users" so I'm quite stuck...

Comments have been disabled for this content.