Get rid of "Run as administrator"

By Cosmin
in Microsoft (Windows)

 Share

Recommended Posts

Rising Star

gregrocker

Posted
Posted

The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Then log off and log back in as Administrator.

Then go to User Accounts>Manage another Account to delete your named account.

The reason to do this when you first install is it will otherwise put your files on the desktop to redistribute, as it builds you a whole new desktop and User account as Admin.

But you will never be bothered by second guessing everything you do again. Just be sure of what you want to do.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

Grand Master

devHead

Posted
Posted
The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

But Greg, this user may not know what he's doing (sorry, but the fact that he's running TuneUp Utilities in Win7 kinda shows that) and could mess something up if he did what you're suggesting as an advanced and experienced computer user. It's not a Chicken Little complex, it's just safe computing. And for some, that's what is necessary. You speak in your post of "those of us" and "we know". But that's not speaking for everyone; I dare say for most people.

Grand Master

XerXis

Posted
Posted
The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Then log off and log back in as Administrator.

Then go to User Accounts>Manage another Account to delete your named account.

The reason to do this when you first install is it will otherwise put your files on the desktop to redistribute, as it builds you a whole new desktop and User account as Admin.

But you will never be bothered by second guessing everything you do again. Just be sure of what you want to do.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

i know some people who run linux as root, they also claim they know what they are doing, we laugh at them too...

Grand Master

hdood

Posted
Posted
i know some people who run linux as root, they also claim they know what they are doing, we laugh at them too...

Can you explain why you feel the user/admin separation is so important on a single-user home computer? If we're talking about the potential to make mistakes that break the computer, then well, you really can't know whether Greg or anyone has the skill level required to not do so. Lots of people do. I know I could run it this way. There is a small chance that a program could unintentionally damage something it shouldn't have if running as admin, but I can't think of any such examples.

If we're talking about malware, then being administrator only gains the malware two things over being a user. One is the ability to infect other users, which isn't relevant here. The other is the ability to make itself harder to remove by hiding deeper in the system (which can also have stability consequences). Other than that, there's not much malware can't do running as your standard user. It already has access to everything of interest there, from your private data to the network. It also has the ability to hijack elevation requests, so that if you use UAC/sudo to elevate something while malware is running, you risk also elevating the malware anyway. The only thing that truly protects you is to not run random executables, and to have antivirus software that can block known threats before they execute.

Proficient

Grope for Luna

Posted
Posted
Or just turn off administrator approval mode and use your current account. There is nothing special about the legacy "Administrator" user. I don't know where this myth comes from.

Indeed. Everytime I hear about it I wonder if I'm missing out on something. I use regular admin-level accounts with UAC off and everything works fine.

Grand Master

hdood

Posted
Posted
When I read the topic title, I thought he wanted a way to hide/remove the "Run as Administrator" option but keep UAC on.

Hiding that option would be handy so people don't play with it ;)

Uhm... People can only play with that option if they are already administrator users. The answer is to make them standard users, in which case the default setup will instead prompt them for admin credentials (username and password). You can change it to prompt for credentials for administrator users as well, but that's rather pointless considering they just have to enter their own password.

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
I see Mr Linux hasn't responded.

To what? Your question for why running as root is bad?

Because anything you run (Windows/Linux/whatever) should only run with normal "user" permissions. You cannot damage the system that way (just your data). And, if in the course of your daily actions, you are suddenly prompted to elevate to Admin/root, that should set off warning bells. You see, malware or even silly user errors that would overwrite system files/settings won't happen automatically.

Grand Master

hdood

Posted
Posted
Because anything you run (Windows/Linux/whatever) should only run with normal "user" permissions. You cannot damage the system that way (just your data).

Right, the stability issue is valid to some extent, but from a security perspective it's much more complicated.

And, if in the course of your daily actions, you are suddenly prompted to elevate to Admin/root, that should set off warning bells. You see, malware [...]

The problem with this is that if you managed to run something malicious as a standard user, you could never trust any UAC requests after that point. Even ones you believe to be legitimate. It is not a matter of "suddenly" being prompted. Before you dismiss this as nonsense, know that it is a demonstrated attack vector. You have no way of knowing what you are elevating. You simply cannot make an informed decision. It may be useful in preventing self-inflicted damage or to protect you some of the time, but it is not a security barrier.

I personally do use AAM, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

Grand Master

Julius Caro

Posted
Posted
, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

Well, there must be a reason why most (if not all) operating systems make it kinda difficult to use the admin account. This discussion is very late 1990s. UAC, sudo, and whatever OS X uses, are not there to stop YOU from screwing up the system (though it comes handy for those who don't know what they're doing).. It is there to stop software doing more than it should be able to, intentionally or not.

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
Right, the stability issue is valid to some extent, but from a security perspective it's much more complicated.

The problem with this is that if you managed to run something malicious as a standard user, you could never trust any UAC requests after that point. Even ones you believe to be legitimate. It is not a matter of "suddenly" being prompted. Before you dismiss this as nonsense, know that it is a demonstrated attack vector. You have no way of knowing what you are elevating. You simply cannot make an informed decision. It may be useful in preventing self-inflicted damage or to protect you some of the time, but it is not a security barrier.

I personally do use AAM, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

No single thing makes you "safe". I agree with you on that. But not running as root makes you "safer"! An accidental mis-drag of some files won't trash my /sbin (or your /Windows/system32 or whatever).

Nothing fixes a stupid user that elevates apps he doesn't know. Well, there is ONE thing that fixes that. Remove their ability to elevate, and have a separate person as admin. ;)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft unveils new Surface Laptop with improved trackpad, Snapdragon X2, and more

      By FunkyMike · Posted

      Not even an OLED display on the laptops. Also it seems that the laptop design isn't the same as the Surface Ultra model. Looks like bargain bin at high prices.
    • Microsoft announces 12th-gen Surface Pro with Snapdragon X2 processors

      By tsupersonic · Posted

      make your own notch - it's not that hard
    • VirtualBox 7.2.10

      By Copernic · Posted

      VirtualBox 7.2.10 by Razvan Serea VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Targeted at server, desktop and embedded use, it is now the only professional-quality virtualization solution that is also Open Source Software. Presently, VirtualBox runs on Windows, Linux, macOS, and Solaris hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista, 7, 8, Windows 10 and Windows 11), DOS/Windows 3.x, Linux (2.4, 2.6, 3.x, 4.x, 5.x and 6.x), Solaris and OpenSolaris, OS/2, OpenBSD, NetBSD and FreeBSD. Some of the features of VirtualBox are: Modularity. VirtualBox has an extremely modular design with well-defined internal programming interfaces and a client/server design. This makes it easy to control it from several interfaces at once: for example, you can start a virtual machine in a typical virtual machine GUI and then control that machine from the command line, or possibly remotely. VirtualBox also comes with a full Software Development Kit: even though it is Open Source Software, you don't have to hack the source to write a new interface for VirtualBox. Virtual machine descriptions in XML. The configuration settings of virtual machines are stored entirely in XML and are independent of the local machines. Virtual machine definitions can therefore easily be ported to other computers. VirtualBox 7.2.10 changelog: VMM: Fixed issue when CentOS 10 VM was not booting due to the message "Fatal glibc error: CPU does not support x86-64-v3" (​github:gh-642) Devices/EFI: Fixed booting issue when ARM VM had less than 1024 MiB of RAM assigned (​github:gh-679) USB: Fixed issue when it was not possible to attach USB device to headless VM on Apple Silicon/macOS 26.4.1 (​github:gh-631) Storage: Fixed issue when VIRTIO-SCSI device was not recognized as SSD device by guest system (​github:gh-634) Network: Fixed issue in E1000 emulation code which triggered debug log creation (​github:gh-645) Network: Fixed issue in E1000 emulation code which prevented OS/2 guest from booting (​github:gh-683) Linux Host: Fixed issue when VMs could not be started due to kernel oops (​github:gh-639) Linux Host and Guest: Fixed issue when kernel modules were failing to build with openSUSE 16.0 kernel Linux Host and Guest: Added initial support for kernel 7.1 Linux Host and Guest: Added extra fixes for RHEL 9.8 kernel (​github:gh-676) Linux Host and Guest: Added possibility to build source code using NASM instead of YASM as the assembler (​github:gh-520) Linux Guest Additions: Added initial support for Extended Data Control Protocol for clipboard sharing with Plasma on Wayland guests (​github:gh-33) Linux Guest Additions: Added extra fixes for preventing vboxvideo kernel module build with kernel version 7.0 and newer (​github:gh-655) OS/2 Guest Additions: Fixed issue when Shared Folders automount and clipboard sharing stopped working (​github:gh-551) Download: VirtualBox 7.2.10 | 170.0 MB (Open Source) Download: VirtualBox 7.2.10 Extension Pack | 19.1 MB View: VirtualBox Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • UK to ban under-16s from social media following a six-week trial with teenagers

      By FloatingFatMan · Posted

      OK, now ask yourself how are they going to enforce that law? By requiring every single adult to prove their age and provide their legal identity documents to an UNREGULATED 3rd party company that already has a long track record of multiple data breaches. Not to mention, parliament have voted AGAINST this ban, twice, and Starmer is going ahead anyway. So, where's the democracy here, because that looks like dictatorship to me. The solution here is parental responsibility, not government control. Run some public service announcements on TV and UK social media teaching parents how to setup parental controls. That's already been proven to actually work. But the, this is not and has NEVER been about keeping kids safe. It's about control and monitoring. Watching what you're doing online and controlling what you can see and what you can say.
    • what other retro software do yall use

      By +InsaneNutter · Posted

      Interesting read. I knew the adware was quite controversial at the time, however never realised to the point The Guardian wrote an article about Patchou. I just said no and enjoyed his creation, I’d probably be a lot more wary of something like that today though.

  • Recent Achievements

    • One Month Later
      Prasann earned a badge
      One Month Later
    • Week One Done
      Prasann earned a badge
      Week One Done
    • First Post
      Dys Topia earned a badge
      First Post
    • Collaborator
      vjlex earned a badge
      Collaborator
    • Reacting Well
      Dys Topia earned a badge
      Reacting Well

  • Popular Contributors

    1. 1
      +primortal
      525
    2. 2
      +Edouard
      180
    3. 3
      PsYcHoKiLLa
      105
    4. 4
      Steven P.
      89
    5. 5
      ATLien_0
      70
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!