I've been running my Windows install as a non-admin user, but it's gotten to be too much of a pain, prompting me to switch to admin. Yeah, I know I shouldn't; but with RunAs not always doing its job, and no framework for privilege granting like sudo on *nix... It's just much easier to handle things as superuser. So, for the rest of you guys running Windows... Do you run as admin, or as a restricted user? - If you're on WinXP or older, and you're not running as admin - how do you handle it? - If you're on Vista or 7 and you're running as admin - why?
I run Win2K and Win98. On both I've used SSM (pro and free respectively) to set up separate user and administrator modes. On both systems, installing software, updates, patches, system configuration, etc are treated as administrator tasks that can't be done in user mode. When in user mode, a strict default-deny policy is in place, and only the whitelisted user apps can be run. There's no access to the registry editor, system tools, firewall settings or any of the configuration screens. Users are restricted to "using" the installed software. Stitching to administrative mode is as simple as entering the password for SSM and connecting its interface. I normally run in user mode. The other users don't have the SSM password so they're restricted to user mode. It's not as inconvenient as it might sound. Each user has access to the software they use. The rules/permissions for each account/profile are matched to their needs. There's no real restrictions on web browsing except that Internet Explorer can't be used, not whitelisted. The only thing users can't do is install software without my approval. The setup has worked very well. It's stayed clean for over 4 years with no AV, anti-spyware, etc installed.
Also lock down access to all your network shares to the person who's the Admin and not level Everyone, Guest, Users, Bla, Bla have access to shares. I delete those crap. So if I do setup a Guest account no one has access to my doc folder shares an etc. I can't have anyone just come in and take what is mine from the network. I had an in-law tap into my music media server and was helping himself to my music library connected to his Sansa 16GB without my permission. Never again will that happen. Admin account is renamed on all my systems when you login it doesn't say the real name it's aliases. Admin account has it rights but you don't want to let a kid have access to the admin account, very dangerous.
I actually have never yet tried running as a limited user. My concern is if I run as a limited user would it not also interfere with my HIPS Programs by reducing their rights and powers??
Run a file, web, mail server here and most of the media is on HTPC which is the media server for the extenders so those folder are shared out. Caller ID server is wireless that needs to be shared out. So pretty much everything is network share here. Every OS and server OS is patched.. Again I can't run as limited user just not going to cut it. HIPS does a fine job on what is access. I guess none of you here run NDM (network drive manager) you can use truecyrpt on mounted network shares. Lets me know which shares are not active meaning the system is done by a red x in the link drive. Still not bad.
You found the old program below I use to have this years ago for DCOM disabled So you're using it today.. http://gladiator-antivirus.com/forum/upload/post-133-1085752407.jpg
No.The HIPS are some of the first items loaded on a system, well before the user logs in. It has full access to the system, no matter what the users level of priveledge is.
Personally, I've never had trouble running as limited user on XP, but then again my XP system is single user. Some old games and their helper programs are troublesome, but for them I simply create a script on my desktop to automatically run the whole bunch of them as admin. On Vista there's probably no reason at all to not run as standard user. The sad thing is that this is a geek security forum, among the general populace out there the proportion of admin to limited users is probably much, much higher. No, but chances are that it will make them unnecessary.
Nowdays I dont boot into Windows that often. But before I switched to *nix I ran as a limited user in XP (and UAC in Vista). I used the nice little app SuRun to elevate privileges in XP. I never had any problems running as limited user. I just dont understand why I ran as admin for so long (well, i do actually. I believed all the people who said it was a pain rather than test it my self)
Everyone in my family has a computer. My computer is only accessible to me (Passworded) and every time I tried to run it as a standard user, I had some kind of time consuming problem. I also think that having Vista with UAC on, makes it safer to run as admin (I know this has been the topic of many lengthy debates), but I personally will always have my computer in admin mode.
Strictly LUA and when guests come, guest account in Windows. In Lin I create a guest account as well. SuRun makes life quite easy running with LUA.
I've taken the same route as Creer. I run as Admin but use Defensewall to achieve protections that I would get running as a Limited User. Lately I have given up describing Defensewall as a Hips or Sandbox as I find people get confused. I find if I describe it as a Software Rights Control application that people grasp what it does a lot easier.
Yep, have been running Admin for some time and plan to keep doing so. Sandboxie and Avast have kept me safe for far too long now to be screwing around with "ultimate security" bs and risking something not working right.
Just disable all the accounts, create aliases admin rename Lock down the guest, everyone and all others access to shared folders. Then use your protection software to get on the internet.
No, Power User is my choice I gave up Limited User because too many programs don't work correct - too much trouble!
Hello, control panel,users change your everyday account to standard user account. make sure there is one admnistrator account and it has a strong password. then log out and back in.
Just that! Lots of horror stories floating around, but all you really need to do is try it and see for yourself.
Just read this thread. People don't try it because they hear that it's too difficult, that their programs will stop working, etc.