Get rid of "Run as administrator"

By Cosmin
in Microsoft (Windows)

 Share

Recommended Posts

Rising Star

gregrocker

Posted
Posted

The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Then log off and log back in as Administrator.

Then go to User Accounts>Manage another Account to delete your named account.

The reason to do this when you first install is it will otherwise put your files on the desktop to redistribute, as it builds you a whole new desktop and User account as Admin.

But you will never be bothered by second guessing everything you do again. Just be sure of what you want to do.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

Grand Master

devHead

Posted
Posted
The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

But Greg, this user may not know what he's doing (sorry, but the fact that he's running TuneUp Utilities in Win7 kinda shows that) and could mess something up if he did what you're suggesting as an advanced and experienced computer user. It's not a Chicken Little complex, it's just safe computing. And for some, that's what is necessary. You speak in your post of "those of us" and "we know". But that's not speaking for everyone; I dare say for most people.

Grand Master

XerXis

Posted
Posted
The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Then log off and log back in as Administrator.

Then go to User Accounts>Manage another Account to delete your named account.

The reason to do this when you first install is it will otherwise put your files on the desktop to redistribute, as it builds you a whole new desktop and User account as Admin.

But you will never be bothered by second guessing everything you do again. Just be sure of what you want to do.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

i know some people who run linux as root, they also claim they know what they are doing, we laugh at them too...

Grand Master

hdood

Posted
Posted
i know some people who run linux as root, they also claim they know what they are doing, we laugh at them too...

Can you explain why you feel the user/admin separation is so important on a single-user home computer? If we're talking about the potential to make mistakes that break the computer, then well, you really can't know whether Greg or anyone has the skill level required to not do so. Lots of people do. I know I could run it this way. There is a small chance that a program could unintentionally damage something it shouldn't have if running as admin, but I can't think of any such examples.

If we're talking about malware, then being administrator only gains the malware two things over being a user. One is the ability to infect other users, which isn't relevant here. The other is the ability to make itself harder to remove by hiding deeper in the system (which can also have stability consequences). Other than that, there's not much malware can't do running as your standard user. It already has access to everything of interest there, from your private data to the network. It also has the ability to hijack elevation requests, so that if you use UAC/sudo to elevate something while malware is running, you risk also elevating the malware anyway. The only thing that truly protects you is to not run random executables, and to have antivirus software that can block known threats before they execute.

Proficient

Grope for Luna

Posted
Posted
Or just turn off administrator approval mode and use your current account. There is nothing special about the legacy "Administrator" user. I don't know where this myth comes from.

Indeed. Everytime I hear about it I wonder if I'm missing out on something. I use regular admin-level accounts with UAC off and everything works fine.

Grand Master

hdood

Posted
Posted
When I read the topic title, I thought he wanted a way to hide/remove the "Run as Administrator" option but keep UAC on.

Hiding that option would be handy so people don't play with it ;)

Uhm... People can only play with that option if they are already administrator users. The answer is to make them standard users, in which case the default setup will instead prompt them for admin credentials (username and password). You can change it to prompt for credentials for administrator users as well, but that's rather pointless considering they just have to enter their own password.

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
I see Mr Linux hasn't responded.

To what? Your question for why running as root is bad?

Because anything you run (Windows/Linux/whatever) should only run with normal "user" permissions. You cannot damage the system that way (just your data). And, if in the course of your daily actions, you are suddenly prompted to elevate to Admin/root, that should set off warning bells. You see, malware or even silly user errors that would overwrite system files/settings won't happen automatically.

Grand Master

hdood

Posted
Posted
Because anything you run (Windows/Linux/whatever) should only run with normal "user" permissions. You cannot damage the system that way (just your data).

Right, the stability issue is valid to some extent, but from a security perspective it's much more complicated.

And, if in the course of your daily actions, you are suddenly prompted to elevate to Admin/root, that should set off warning bells. You see, malware [...]

The problem with this is that if you managed to run something malicious as a standard user, you could never trust any UAC requests after that point. Even ones you believe to be legitimate. It is not a matter of "suddenly" being prompted. Before you dismiss this as nonsense, know that it is a demonstrated attack vector. You have no way of knowing what you are elevating. You simply cannot make an informed decision. It may be useful in preventing self-inflicted damage or to protect you some of the time, but it is not a security barrier.

I personally do use AAM, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

Grand Master

Julius Caro

Posted
Posted
, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

Well, there must be a reason why most (if not all) operating systems make it kinda difficult to use the admin account. This discussion is very late 1990s. UAC, sudo, and whatever OS X uses, are not there to stop YOU from screwing up the system (though it comes handy for those who don't know what they're doing).. It is there to stop software doing more than it should be able to, intentionally or not.

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
Right, the stability issue is valid to some extent, but from a security perspective it's much more complicated.

The problem with this is that if you managed to run something malicious as a standard user, you could never trust any UAC requests after that point. Even ones you believe to be legitimate. It is not a matter of "suddenly" being prompted. Before you dismiss this as nonsense, know that it is a demonstrated attack vector. You have no way of knowing what you are elevating. You simply cannot make an informed decision. It may be useful in preventing self-inflicted damage or to protect you some of the time, but it is not a security barrier.

I personally do use AAM, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

No single thing makes you "safe". I agree with you on that. But not running as root makes you "safer"! An accidental mis-drag of some files won't trash my /sbin (or your /Windows/system32 or whatever).

Nothing fixes a stupid user that elevates apps he doesn't know. Well, there is ONE thing that fixes that. Remove their ability to elevate, and have a separate person as admin. ;)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • This AMD RX 9070 16GB GPU that performs close to Nvidia 5070 is under $600

      By hellowalkman · Posted

      This AMD RX 9070 16GB GPU that performs close to Nvidia 5070 is under $600 by Sayan Sen With the memory shortage that's prevalent nowadays, discounts are super-hard to get. As such we post good deals whenever they pop up. Recently, we covered a few great discounts on SSDs wherein you can get a 4TB TeamGroup NVMe PCIe Gen4 drive for just $400 thanks to a special coupon. If you want a faster product but don't need all that capacity, you can also opt for Samsung's 990 PRO 2TB that is on sale for its lowest price in over three months. Let's say though that you are on the hunt for a 1440p gaming card. In that case AMD's RX 9070 non-XT can help, and with its 16GB VRAM, you can also run AI models locally without worrying about bottlenecking (check out our recent 9070 GRE reviews for gaming and productivity to get an idea). The PowerColor Reaper variant of the RX 9070 is currently on sale for just $580 which is a very good price in the current state of affairs (purchase link under the specs table down below). The Reaper cooler on this 9070 uses a triple‑fan design with ring‑blade fans, paired with premium dual ball bearings to extend lifespan and reduce friction. "Intelligent" fan control allows the fans to remain idle at lower temperatures, only spinning up when the GPU is under load. A nickel‑plated copper base makes direct contact with both the GPU and memory modules, helping to spread heat evenly. PowerColor also applies Honeywell PTM7950 phase‑change thermal interface material (TIM), which fills microscopic gaps between the die and heatsink for more efficient thermal transfer. The fan shroud is shorter in height as the firm has made it such that it can be used in certain SFF (small form factor) cases. The technical specifications of the Reaper RX 9070 are given in the table below: Specification Value Stream Processors 3584 Units Video Memory 16GB GDDR6 Memory Speed 20.0 Gbps Memory Interface 256-bit Engine Clock Game Clock: up to 2070 MHz Boost Clock: up to 2520 MHz Bus Standard PCI Express 5.0 x16 Display Connectors 1 x HDMI 2.1b, 3 x DisplayPort 2.1a Maximum Resolution DisplayPort: 7680 × 4320 HDMI: 7680 × 4320 Board Dimensions 289mm × 111mm × 41mm 304mm × 127mm × 42mm (with bracket) Slot 2 Minimum System Power Requirement 600W Power Connectors Two 8-pin PCI Express Get the PowerColor Reaper RX 9070 at the links below (you get only a 90-day warranty on Woot): PowerColor Reaper Radeon RX 9070 16GB Graphics Card (RX9070 16G-A): $579.99 (Sold and Shipped by Amazon US) (Was: $700) PowerColor Reaper Radeon RX 9070 16GB Graphics Card (RX9070 16G-A): $559.99 (Sold and Shipped by Woot US) Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • DWARF mini review: the world's smallest smart telescope for night and day sky captures

      By ZipZapRap · Posted

      Are they marketed as an entry into astronomy or astrophotography? I do astrophotography. With big rigs, lots of computers, cables and headaches. I love it. And by learning this ridiculously complex hobby, I’ve learned about the objects I’m shooting. Astronomy followed from photography.
    • Microsoft confirms Recycle Bin bug across all versions of Windows

      By Usama Jawad96 · Posted

      Microsoft confirms Recycle Bin bug across all versions of Windows by Usama Jawad A couple of days ago, we reported that the latest Patch Tuesday update has seemingly resulted in a lot of issues for many users, including OneDrive and Dropbox access problems, BitLocker recovery lockouts, and BSODs. Although Microsoft is yet to acknowledge these bugs, it has confirmed another, relatively smaller issue across all supported versions of Windows. In an update on its Windows Release Health Dashboard, Microsoft has confirmed that after installing June's Patch Tuesday update (KB5094126), you'll experience unexpected behavior when leveraging Recycle Bin. Basically, when you attempt to delete an item from the Recycle Bin, the confirm dialog will show you the internal file name of that content rather than the actual name. For example, the file may be named abc.png, but the confirm dialog will ask if you're sure that you want to permanently delete $Rxxxxx.png from the Recycle Bin. This is pretty much it for the scope of the bug itself; it just displays the wrong name in the confirm dialog. The correct name will be shown in the list view of the Recycle Bin and if you restore the file, it will return with the correct name as well. This issue affects pretty much all supported versions of Windows client and server, including: Client: Windows 11, version 26H1; Windows 11, version 25H2; Windows 11, version 24H2; Windows 11, version 23H2; Windows 10, version 22H2; Windows 10 Enterprise LTSC 2021; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSB 2016 Server: Windows Server 2025; Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012 As things currently stand, Microsoft is working on a concrete solution that will be released in a "future" Windows update. It remains to be seen if the firm will wait till the next Patch Tuesday or roll out an out-of-band (OOB) fix. The good news is that commercial customers can deploy a workaround right now, but they will have to reach out to Microsoft Support for Business for additional details.
    • We now know when and how the Universe may truly end

      By Mindovermaster · Posted

      They said by this time everyone will have flying cars. WELL...
    • We now know when and how the Universe may truly end

      By +TRS-80 · Posted

      A study by physicist Henry Tye of Cornell University suggests that the universe may not expand forever. Instead, it could eventually stop expanding, begin contracting and end in a "Big Crunch" roughly 20 billion years from now. Maybe not as we now know that time can flow backwards.

  • Recent Achievements

    • Week One Done
      Jordan Smith earned a badge
      Week One Done
    • Reacting Well
      BizSAR earned a badge
      Reacting Well
    • First Post
      AndreaB earned a badge
      First Post
    • Week One Done
      Huge Trailer earned a badge
      Week One Done
    • Week One Done
      Classifyskilleducation earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      578
    2. 2
      +Edouard
      184
    3. 3
      PsYcHoKiLLa
      75
    4. 4
      Michael Scrip
      72
    5. 5
      neufuse
      64
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!