Get rid of "Run as administrator"

By Cosmin
in Microsoft (Windows)

 Share

Recommended Posts

Rising Star

gregrocker

Posted
Posted

The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Then log off and log back in as Administrator.

Then go to User Accounts>Manage another Account to delete your named account.

The reason to do this when you first install is it will otherwise put your files on the desktop to redistribute, as it builds you a whole new desktop and User account as Admin.

But you will never be bothered by second guessing everything you do again. Just be sure of what you want to do.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

Grand Master

devHead

Posted
Posted
The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

But Greg, this user may not know what he's doing (sorry, but the fact that he's running TuneUp Utilities in Win7 kinda shows that) and could mess something up if he did what you're suggesting as an advanced and experienced computer user. It's not a Chicken Little complex, it's just safe computing. And for some, that's what is necessary. You speak in your post of "those of us" and "we know". But that's not speaking for everyone; I dare say for most people.

Grand Master

XerXis

Posted
Posted
The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Then log off and log back in as Administrator.

Then go to User Accounts>Manage another Account to delete your named account.

The reason to do this when you first install is it will otherwise put your files on the desktop to redistribute, as it builds you a whole new desktop and User account as Admin.

But you will never be bothered by second guessing everything you do again. Just be sure of what you want to do.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

i know some people who run linux as root, they also claim they know what they are doing, we laugh at them too...

Grand Master

hdood

Posted
Posted
i know some people who run linux as root, they also claim they know what they are doing, we laugh at them too...

Can you explain why you feel the user/admin separation is so important on a single-user home computer? If we're talking about the potential to make mistakes that break the computer, then well, you really can't know whether Greg or anyone has the skill level required to not do so. Lots of people do. I know I could run it this way. There is a small chance that a program could unintentionally damage something it shouldn't have if running as admin, but I can't think of any such examples.

If we're talking about malware, then being administrator only gains the malware two things over being a user. One is the ability to infect other users, which isn't relevant here. The other is the ability to make itself harder to remove by hiding deeper in the system (which can also have stability consequences). Other than that, there's not much malware can't do running as your standard user. It already has access to everything of interest there, from your private data to the network. It also has the ability to hijack elevation requests, so that if you use UAC/sudo to elevate something while malware is running, you risk also elevating the malware anyway. The only thing that truly protects you is to not run random executables, and to have antivirus software that can block known threats before they execute.

Proficient

Grope for Luna

Posted
Posted
Or just turn off administrator approval mode and use your current account. There is nothing special about the legacy "Administrator" user. I don't know where this myth comes from.

Indeed. Everytime I hear about it I wonder if I'm missing out on something. I use regular admin-level accounts with UAC off and everything works fine.

Grand Master

hdood

Posted
Posted
When I read the topic title, I thought he wanted a way to hide/remove the "Run as Administrator" option but keep UAC on.

Hiding that option would be handy so people don't play with it ;)

Uhm... People can only play with that option if they are already administrator users. The answer is to make them standard users, in which case the default setup will instead prompt them for admin credentials (username and password). You can change it to prompt for credentials for administrator users as well, but that's rather pointless considering they just have to enter their own password.

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
I see Mr Linux hasn't responded.

To what? Your question for why running as root is bad?

Because anything you run (Windows/Linux/whatever) should only run with normal "user" permissions. You cannot damage the system that way (just your data). And, if in the course of your daily actions, you are suddenly prompted to elevate to Admin/root, that should set off warning bells. You see, malware or even silly user errors that would overwrite system files/settings won't happen automatically.

Grand Master

hdood

Posted
Posted
Because anything you run (Windows/Linux/whatever) should only run with normal "user" permissions. You cannot damage the system that way (just your data).

Right, the stability issue is valid to some extent, but from a security perspective it's much more complicated.

And, if in the course of your daily actions, you are suddenly prompted to elevate to Admin/root, that should set off warning bells. You see, malware [...]

The problem with this is that if you managed to run something malicious as a standard user, you could never trust any UAC requests after that point. Even ones you believe to be legitimate. It is not a matter of "suddenly" being prompted. Before you dismiss this as nonsense, know that it is a demonstrated attack vector. You have no way of knowing what you are elevating. You simply cannot make an informed decision. It may be useful in preventing self-inflicted damage or to protect you some of the time, but it is not a security barrier.

I personally do use AAM, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

Grand Master

Julius Caro

Posted
Posted
, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

Well, there must be a reason why most (if not all) operating systems make it kinda difficult to use the admin account. This discussion is very late 1990s. UAC, sudo, and whatever OS X uses, are not there to stop YOU from screwing up the system (though it comes handy for those who don't know what they're doing).. It is there to stop software doing more than it should be able to, intentionally or not.

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
Right, the stability issue is valid to some extent, but from a security perspective it's much more complicated.

The problem with this is that if you managed to run something malicious as a standard user, you could never trust any UAC requests after that point. Even ones you believe to be legitimate. It is not a matter of "suddenly" being prompted. Before you dismiss this as nonsense, know that it is a demonstrated attack vector. You have no way of knowing what you are elevating. You simply cannot make an informed decision. It may be useful in preventing self-inflicted damage or to protect you some of the time, but it is not a security barrier.

I personally do use AAM, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

No single thing makes you "safe". I agree with you on that. But not running as root makes you "safer"! An accidental mis-drag of some files won't trash my /sbin (or your /Windows/system32 or whatever).

Nothing fixes a stupid user that elevates apps he doesn't know. Well, there is ONE thing that fixes that. Remove their ability to elevate, and have a separate person as admin. ;)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • We now know when and how the Universe may truly end

      By sphbecker · Posted

      I've always preferred this possibility. There is something that feels good about the idea that all matter in the universe will eventually come back together and maybe even result in another big bang. The idea that the universe would fizzle out over the eons and forever drift apart is a little depressing. I realize it is not logical to let a basic human desire for life to have a grand everlasting meaning change the way I feel about a scientific theory, but I am human, so that is how I feel :-).
    • Microsoft: Windows 11 could finally solve a major issue across AMD, Nvidia, and Intel GPUs

      By Jdoe25 · Posted

      Windoze 11 could finally go to hell, instead of making me savor yet another error I've never had. "Bad Pool Caller" or whatever TF cryptic crap0la message it is. Adding salt to injury, it says something along these lines (on the blank black screen after it hard stops): "Your windoze needs to restart. You can restart." NO WAY SHERLOCK. The PEECEE, look, it's *blocked*, I can do jack sh1t with it as it is and you say that it needs to restart? Further, that I can restart? What am I supposed to do, take a herbal bath? Sudo a sandwich? Timewaster pile of useless slop and errors, coded by monkeys and force-fed on us by a pedo-founded corporation, that's all there is to it. Now, let's have a fun weekend trying to handle the error, which after a quick internet check can basically be due to EVERYTHING, from memory faults to drivers to motherboard issues. Thanks M$.
    • Zen Browser 1.21.3b

      By Copernic · Posted

      Zen Browser 1.21.3b by Razvan Serea Zen Browser is a privacy-focused, open-source web browser built on Mozilla Firefox, offering users a secure and customizable browsing experience. It emphasizes privacy by blocking trackers, ads, and ensuring your data isn't collected. With Zen Mods, users can enhance their browser experience with various customization options, including features like split views and vertical tabs. The browser is designed for efficiency, providing fast browsing speeds and a lightweight interface. Zen Browser prioritizes user control over the browsing experience, offering a minimal yet powerful alternative to traditional web browsers while keeping your online activity private. Zen Browser’s DRM limitation Zen Browser currently lacks support for DRM-protected content, meaning streaming services like Netflix and HBO Max are inaccessible. This is due to the absence of a Widevine license, which requires significant costs and is financially unfeasible for the developer. Additionally, applying for this license would require Zen to be part of a larger company, similar to Mozilla or Brave. Therefore, DRM-protected media won't be supported in Zen Browser for the foreseeable future. Zen Browser offers features that improve user experience, privacy, and customization: Privacy-Focused: Blocks trackers and minimizes data collection. Automatic Updates: Keeps the browser updated with security patches. Zen Mods: Customizable themes and layouts. Workspaces: Organize tabs into different workspaces. Compact Mode: Maximizes screen space by minimizing UI elements. Zen Glance: Quick website previews. Split Views: View multiple tabs in the same window. Sidebar: Access bookmarks and tools quickly. Vertical Tabs: Manage tabs vertically. Container Tabs: Separate browsing sessions. Fast Profile Switcher: Switch between profiles easily. Tab Folders: Organize tabs into folders. Customizable UI: Personalize browser interface. Security Features: Inherits Firefox’s robust security. Fast Performance: Lightweight and optimized for speed. Zen Mods Customization: Deep customization with mods. Quick Access: Easy access to favorite websites. Open Source: Built on Mozilla Firefox with community collaboration. Community-Driven: Active development and feedback from users. GitHub Repository: Contribute and review the source code. Zen Browser 1.21.3b changelog: New Features Updated to Firefox 152.0.1 Fixes Fixed transparency not working after updating to 1.21.2b (#14259) Fixed frequent crashes affecting users with Intel Raptor Lake processors Fixed an issue on macOS where choosing a PDF option, such as "Save as PDF", from the system print dialog would send the job to your printer instead of saving a file. Other minor bug fixes and improvements. Download: Zen Browser | 90.2 MB (Open Source) Download: Zen Browser ARM64 | Other Operating Systems View: Zen Browser Home Page | Screenshots 1 | 2 | Reddit Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Get 1-year and $60 of Sam's Club value for just $15 with Auto-renew

      By News Staff · Posted

      Get 1-year and $60 of Sam's Club value for just $15 with Auto-renew by Steven Parker Become a Sam's Club Member Now! Shop Premium-Quality Products and Enjoy Incredible Perks, and Savings. Today's highlighted deal comes via our Gift Cards section of the Neowin Deals store, where for only a limited time, you can save 75% off a Sam's Club 1 Year Membership with Auto-Renew. Sam’s Club is a membership warehouse club, a limited-item business model that offers members quality products at an exceptional value unmatched by traditional retail. From groceries and kitchen supplies to electronics and furniture, Sam's Club has great deals on the items you want! By redeeming and signing up as a member, you'll be paying just $20 for a 1 year Sam's Club membership (normally $50.) You'll receive a complimentary household card for more savings from already low-priced items. Sign up now and save money on all your food and decor. Find great deals on groceries, kitchen supplies, electronic, furniture & more Get discounts on hotels, rental car, live events, attractions, movies, & more Save up to 60% on hotel accommodations around the world Get a complimentary household card for more savings from already low-priced items Although it was published quite some time ago, Sam's Club members can enjoy discounts like this. Important Details For a physical membership card after online membership registration, present your phone number or email along with a valid ID at Sam’s Club Membership Services in any US Sam's Club location to have your membership card printed. This membership offer is only available to new Sam's Club members in the USA. It is not valid for membership renewals, for those with a current membership, or those who were Sam’s Club members less than 6 months prior to the current date. To check your renewal date, please check your billing statement or your online account, or chat with an associate. Promotion code is non-transferable Offer valid for new Sam’s Club members only; not valid for membership renewals, for those with a current membership, or those who were Sam’s Club members less than 6 months prior to the current date. Auto Renew: By accepting this offer, you authorize annual recurring charges to any card on file for your Sam's Club membership fee(s) plus any applicable taxes at then-current rate every year until you cancel. Current rates, which may change, are $50 for Club level and $110 for Plus level. Visit SamsClub.com or a club or call 1-888-746-7726 for full terms or to cancel auto-renewal. Valid at over 597 U.S. Sam’s Club locations. Find a location near you. Redemption deadline: redeem your code within 30 days of purchase Access options: desktop & mobile Membership MUST be activated within 30 days Membership expires 1 YEAR from the date the Sam's Club membership is activated Limit 1 per person, may buy 1 additional as gift This Sam's Club 1 Year Membership normally costs $60, but can now be yours for just $15, for a limited time, that's a saving of $45 (70%) off! For specifications, and terms, please click the link below. Get 1-year of Sam's Club with Auto-renew for just $15 (was $60) This deal is only available to U.S. residents. Support queries If you have queries or need support for any of the Neowin Deals, please use the contact form here. Neowin Deals are managed and sold by StackCommerce who represent Neowin on an affiliate basis. Why we post these deals We post these because we earn commission on each sale so as not to rely solely on advertising, which many of our readers block. It all helps toward paying staff reporters, servers and hosting costs. So for those that keep moaning and complaining, be thankful we're still online for you to even do that. Other ways to support Neowin Whitelist Neowin by not blocking our ads Create a free member account to see fewer ads Make a donation to support our day to day running costs Subscribe to Neowin - for $14 a year, or $28 a year for an ad-free experience Disclosure: Neowin benefits from revenue of each sale made through our branded deals site powered by StackCommerce.
    • Microsoft will soon allow some users to block Copilot from analyzing their Office files

      By excalpius · Posted

      Microsoft, why can't I just turn off Copilot on my MS account (in order to stop OneDrive from wanting to summarize everything, ahem) in a way that doesn't break OneNote instead?

  • Recent Achievements

    • Collaborator
      ryansurfer98 went up a rank
      Collaborator
    • Week One Done
      Eurosoft10 earned a badge
      Week One Done
    • One Month Later
      Eurosoft10 earned a badge
      One Month Later
    • One Year In
      Skeet Campbell earned a badge
      One Year In
    • One Month Later
      Sharbel earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      578
    2. 2
      +Edouard
      190
    3. 3
      PsYcHoKiLLa
      77
    4. 4
      Michael Scrip
      77
    5. 5
      Steven P.
      72
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!