Running as Admin

Monday, March 31, 2003

Over the weekend, I blogged about a variety of topics, including the practice of running as admin in one's day-to-day work, a practice which I had to admit I still was guilty of (with the exception of my development work). I've since pulled my regular login from the Administrators group, and while the process hasn't been painless, it's not been painfull either. Here are some of the things I've run into:

Installing the samples for the latest revision of my book requires admin rights (something I've discussed with my publisher in hopes of eventually resolving).
Modifying the options for Norton Antivirus requires administrator rights (why that should be, I'm baffled, unless it's installed by an administrator who chooses to lock it down...for the average user this is a stupid requirement, IMO. BTW - my install is an OEM version on my Dell laptop). In fact, when running as a normal user, the options button doesn't even show up.
As mentioned in my earlier blogs on the subject, if you need to do something in Explorer that requires elevated rights (such as changing ACLs), that can be a PITA.

But the benefit of the above is that I don't have to worry as much about the possibility of rogue code running with full admin rights if I'm careless and open the wrong email, or if someone I trust sends me an Office doc with a macro virus, etc. And more importantly, I won't be writing software examples that require admin permissions to run, so I won't be perpetuating this bad habit of always running as admin.

In the blog listed above, I also asked folks to comment on whether or not they run as admin on a regular basis. So far, it looks to be about 2-1 in favor of running as admin, which is not encouraging. Microsoft, especially in the person of Michael Howard, is trying to get the message out about the principle of least privilege, but it would seem that the message has not yet seeped deeply enough into the developer's conscience.

So here's my challenge: Run for a week as a non-admin account, and blog (or comment on this blog, if you like) about the challenges you faced. I'll respond to the challenges listed in the comments on my blog, offering solutions (where I have them) to try to make this process easier for folks. Let's try to start setting a good example here, folks. :-)

No Comments