Get rid of "Run as administrator"

By Cosmin
in Microsoft (Windows)

 Share

Recommended Posts

Rising Star

gregrocker

Posted
Posted

The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Then log off and log back in as Administrator.

Then go to User Accounts>Manage another Account to delete your named account.

The reason to do this when you first install is it will otherwise put your files on the desktop to redistribute, as it builds you a whole new desktop and User account as Admin.

But you will never be bothered by second guessing everything you do again. Just be sure of what you want to do.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

Grand Master

devHead

Posted
Posted
The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

But Greg, this user may not know what he's doing (sorry, but the fact that he's running TuneUp Utilities in Win7 kinda shows that) and could mess something up if he did what you're suggesting as an advanced and experienced computer user. It's not a Chicken Little complex, it's just safe computing. And for some, that's what is necessary. You speak in your post of "those of us" and "we know". But that's not speaking for everyone; I dare say for most people.

Grand Master

XerXis

Posted
Posted
The first thing I do when I install Windows is google "enable adminstrator account" then run CMD as administrator.

Then log off and log back in as Administrator.

Then go to User Accounts>Manage another Account to delete your named account.

The reason to do this when you first install is it will otherwise put your files on the desktop to redistribute, as it builds you a whole new desktop and User account as Admin.

But you will never be bothered by second guessing everything you do again. Just be sure of what you want to do.

Ignore Chicken Littles who say you are grossly compromising security. It's already been disproven and those of us who have always run as administrator never get infected because we know what we are doing.

i know some people who run linux as root, they also claim they know what they are doing, we laugh at them too...

Grand Master

hdood

Posted
Posted
i know some people who run linux as root, they also claim they know what they are doing, we laugh at them too...

Can you explain why you feel the user/admin separation is so important on a single-user home computer? If we're talking about the potential to make mistakes that break the computer, then well, you really can't know whether Greg or anyone has the skill level required to not do so. Lots of people do. I know I could run it this way. There is a small chance that a program could unintentionally damage something it shouldn't have if running as admin, but I can't think of any such examples.

If we're talking about malware, then being administrator only gains the malware two things over being a user. One is the ability to infect other users, which isn't relevant here. The other is the ability to make itself harder to remove by hiding deeper in the system (which can also have stability consequences). Other than that, there's not much malware can't do running as your standard user. It already has access to everything of interest there, from your private data to the network. It also has the ability to hijack elevation requests, so that if you use UAC/sudo to elevate something while malware is running, you risk also elevating the malware anyway. The only thing that truly protects you is to not run random executables, and to have antivirus software that can block known threats before they execute.

Proficient

Grope for Luna

Posted
Posted
Or just turn off administrator approval mode and use your current account. There is nothing special about the legacy "Administrator" user. I don't know where this myth comes from.

Indeed. Everytime I hear about it I wonder if I'm missing out on something. I use regular admin-level accounts with UAC off and everything works fine.

Grand Master

hdood

Posted
Posted
When I read the topic title, I thought he wanted a way to hide/remove the "Run as Administrator" option but keep UAC on.

Hiding that option would be handy so people don't play with it ;)

Uhm... People can only play with that option if they are already administrator users. The answer is to make them standard users, in which case the default setup will instead prompt them for admin credentials (username and password). You can change it to prompt for credentials for administrator users as well, but that's rather pointless considering they just have to enter their own password.

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
I see Mr Linux hasn't responded.

To what? Your question for why running as root is bad?

Because anything you run (Windows/Linux/whatever) should only run with normal "user" permissions. You cannot damage the system that way (just your data). And, if in the course of your daily actions, you are suddenly prompted to elevate to Admin/root, that should set off warning bells. You see, malware or even silly user errors that would overwrite system files/settings won't happen automatically.

Grand Master

hdood

Posted
Posted
Because anything you run (Windows/Linux/whatever) should only run with normal "user" permissions. You cannot damage the system that way (just your data).

Right, the stability issue is valid to some extent, but from a security perspective it's much more complicated.

And, if in the course of your daily actions, you are suddenly prompted to elevate to Admin/root, that should set off warning bells. You see, malware [...]

The problem with this is that if you managed to run something malicious as a standard user, you could never trust any UAC requests after that point. Even ones you believe to be legitimate. It is not a matter of "suddenly" being prompted. Before you dismiss this as nonsense, know that it is a demonstrated attack vector. You have no way of knowing what you are elevating. You simply cannot make an informed decision. It may be useful in preventing self-inflicted damage or to protect you some of the time, but it is not a security barrier.

I personally do use AAM, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

Grand Master

Julius Caro

Posted
Posted
, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

Well, there must be a reason why most (if not all) operating systems make it kinda difficult to use the admin account. This discussion is very late 1990s. UAC, sudo, and whatever OS X uses, are not there to stop YOU from screwing up the system (though it comes handy for those who don't know what they're doing).. It is there to stop software doing more than it should be able to, intentionally or not.

Grand Master

markwolfe Veteran

Posted
  • Veteran
Posted
Right, the stability issue is valid to some extent, but from a security perspective it's much more complicated.

The problem with this is that if you managed to run something malicious as a standard user, you could never trust any UAC requests after that point. Even ones you believe to be legitimate. It is not a matter of "suddenly" being prompted. Before you dismiss this as nonsense, know that it is a demonstrated attack vector. You have no way of knowing what you are elevating. You simply cannot make an informed decision. It may be useful in preventing self-inflicted damage or to protect you some of the time, but it is not a security barrier.

I personally do use AAM, but I do not live under the illusion that it keeps me safe (I'm not saying that you do). Only antivirus software and sensible use can do that. Spreading the idea that not being admin somehow makes you "safe" (the meaning of which I've yet to see defined) is dangerous.

No single thing makes you "safe". I agree with you on that. But not running as root makes you "safer"! An accidental mis-drag of some files won't trash my /sbin (or your /Windows/system32 or whatever).

Nothing fixes a stupid user that elevates apps he doesn't know. Well, there is ONE thing that fixes that. Remove their ability to elevate, and have a separate person as admin. ;)

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Hasleo Disk Clone 5.8.2.1

      By Copernic · Posted

      Hasleo Disk Clone 5.8.2.1 by Razvan Serea Hasleo Disk Clone is a free and all-in-one disk cloning software for Windows 11/10/8/7/Vista and Windows Server that can help you migrate Windows OS to another disk, clone one disk to another disk or clone one partition to another location quickly and efficiently. Completely Free Windows Migration and Disk/Partition Cloning Software Migrate Windows from one disk to another without reinstalling Windows, apps. Clone one disk to another and makes the data on 2 disks are exactly the same. Clone a partition to another location without losing any data. Easily adjust the size and location of the destination partition. Convert MBR to GPT or convert GPT to MBR by cloning. Creation of Windows PE emergency disk. Extremely fast cloning speed and multi-language support. Supported OS: Windows Vista/Server 2008 or later, fully compatible with GPT and UEFI. Hasleo Disk Clone 5.8.2.1 changelog: Fixed an issue that caused disk enumeration to fail Fixed an issue where WinPE created under Windows ARM64 26H1 did not work properly Download: Hasleo Disk Clone 5.8.2.1 | 32.3 MB (Freeware) Link: Hasleo Disk Clone Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Waymo recalls self-driving software after cars enter closed freeway work zones

      By ExecutiveFunction404 · Posted

      This got me thinking, would you rather a self driving car prioritise protecting its passengers or everyone else? I'd choose the one that keeps me and my kids safest. At some point, these cars have to make those choices already, don't they? Wonder if we have a way to find out what way they lean.
    • Google is opening the world's first AI museum in Los Angeles

      By excalpius · Posted

      The proportion (or number of iterations) has nothing to with this aspect of Copyright I am describing. In short, it doesn't matter how many times the manager tells you to change something or how. Your work product is always YOURS until and unless you then assign that to the person representing the client/company, usually for financial compensation -- either in salary or as a subcontract work for hire payment. if iterations determined copyright, then businesses would have learned to just keep making changes until they could claim they owned the copyright, without having to compensate the artist for their work. And that would be BAD. The only place where the amount of changes does have a role is in how much does a human modify a previous public domain work (from any source) before it is considered fair use or their own work, etc. For example, if a human makes substantial changes to a public domain (re: AI, by definition) work, then they can then claim that derivative work as their own...but NEVER the original version, of course. That's why anyone can make a movie about Dracula, for example, as long as it is based on the public domain novel, but not if they take new ideas from copyrighted movies made afterwards. As one of the people who personally advised the US Copyright Office on their recent ruling on these very issues, be assured that I specifically used the terminology precisely -- though I made it simple enough for laymen to understand it. If I made this confusing by doing so, I apologize. But, to be clear regarding your assumption that I would agree to your second statement that I quoted above -- the answer is NO. If AI does the work, no matter how much "direction" you give it, it cannot be copyrighted. All AI generated content is in the Public Domain and therefore the copyright cannot be assigned to ANYONE, even you -- until and unless substantial modifications are made to it BY A HUMAN BEING (yourself or a contracted artist/writer/etc.) and then that copyright on the derivative work is legally (in writing) transferred to you. This is a critical distinction. And it is important that people, especially AI sloppers, understand this. For example, YouTube is not paying AI slop generators for the copyright, etc. of their AI slop. What YouTube is doing is sharing AD REVENUE for permission to publish your AI slop. Copyright/ownership/rights never come into it. Importantly, that means that anyone can copy any AI slopware on YouTube, etc. and rehost it anywhere they want, even back on YouTube, and there is nothing legal that YouTube can do about it with regards to copyright protections, ownership, DMCA, etc. Anyone is legally free to use any AI slopware in any way they want. When this ruling was pending, I warned Disney legal of all of this before they did their OpenAI deal -- that it would literally dilute their entire IP portfolio forever. They ignored that warning for the PR and stock bump. But that is why, when the ruling came down last year, Disney quickly extricated themselves from that OpenAI deal, even eating the initial upfront fees -- followed closely by OpenAI ending their entire AI video generating business model. They adjusted their PR release dates to make this less obvious to shareholders, of course. Phew. I hope that this clears up the key distinctions for you and anyone reading. If you have any additional questions or even hypotheticals about AI and Copyright, please feel free to ask.
    • Windows 11 gets new audio improvements in the latest builds

      By wingliston · Posted

      Each of the devices displayed on this page now has a little volume meter next to it to show if there is audio actively playing. About time.
    • Windows 11 version 26H2 is now available for testing in the latest preview build

      By LiLmEgZ · Posted

      Owing to the nature of Windows feature enablement updates, it was distributed over Windows Update services as a complete system upgrade rather than as an ordinary cumulative update

  • Recent Achievements

    • Collaborator
      ryansurfer98 went up a rank
      Collaborator
    • Week One Done
      Eurosoft10 earned a badge
      Week One Done
    • One Month Later
      Eurosoft10 earned a badge
      One Month Later
    • One Year In
      Skeet Campbell earned a badge
      One Year In
    • One Month Later
      Sharbel earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      558
    2. 2
      +Edouard
      188
    3. 3
      Michael Scrip
      78
    4. 4
      PsYcHoKiLLa
      74
    5. 5
      neufuse
      71
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!