Admin not allowed to execute (SRP "issue")

Hello,

When I log into my admin account on my WP7 I find that clicking on an executable outside permitted directories results in a SRP blocked/ denied message.

- My SRP settings - All users except local administrators,

- My admin account was created (Windows' built-in Admin account is disabled) separately so to speak. If that has anything to do with it?

- However, when I use my regular /LUA account, RunAs works flawlessly; I can run any executable outside the permitted directories.

On the XP Pro box, local admins can execute files outside permitted directories with no problems.

Can anyone confirm this?

Thanks.

 

Win7 with UAC enabled runs your new created Admin account with a Standard User token:

-http://technet.microsoft.com/en-us/library/dd835561%28v=ws.10%29.aspx-

BTW, you should not delete the built-in admin account. Best to leave it be and create one separately (which you've done) for yourself.

 

Thanks for the "Ah" and "Duh" moment! :-D
I haven't removed the built-in admin account, I've just disabled it. I think this is what they recommended in the XP era. Does the built-in admin account in Win 7 have any function?

 

No worries, you should be okay then if you didn't delete it

It's hard to explain its full purpose but I can tell you it has a higher access level than the one that a user would create for themselves. Deleting it could cause permissions problems, which seems to have happened to some of those in these forums, at least with Win XP.

 

Yeah, I've read something like the built-in admin doesn't even need UAC elevation to perform system invasive/changing tasks so obviously it doesn't come with a dual-token either.

PS: I notice you and I have a very similar security setup.

 

Yes, same here. I like what you've done

 

Dito! I sometimes feel little nekkid though. I guess it's a feeling that'll never go away.