Admin not allowed to execute (SRP "issue")

Discussion in 'other anti-malware software' started by new2security, Aug 28, 2012.

Thread Status:
Not open for further replies.
  1. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    Hello,

    When I log into my admin account on my WP7 I find that clicking on an executable outside permitted directories results in a SRP blocked/ denied message.

    - My SRP settings - All users except local administrators,

    - My admin account was created (Windows' built-in Admin account is disabled) separately so to speak. If that has anything to do with it?

    - However, when I use my regular /LUA account, RunAs works flawlessly; I can run any executable outside the permitted directories.

    On the XP Pro box, local admins can execute files outside permitted directories with no problems.

    Can anyone confirm this?

    Thanks.
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Win7 with UAC enabled runs your new created Admin account with a Standard User token:

    -http://technet.microsoft.com/en-us/library/dd835561%28v=ws.10%29.aspx-

    BTW, you should not delete the built-in admin account. Best to leave it be and create one separately (which you've done) for yourself.
     
  3. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    Thanks for the "Ah" and "Duh" moment! :-D
    I haven't removed the built-in admin account, I've just disabled it. I think this is what they recommended in the XP era. Does the built-in admin account in Win 7 have any function?
     
  4. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    No worries, you should be okay then if you didn't delete it :)

    It's hard to explain its full purpose but I can tell you it has a higher access level than the one that a user would create for themselves. Deleting it could cause permissions problems, which seems to have happened to some of those in these forums, at least with Win XP.
     
  5. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    Yeah, I've read something like the built-in admin doesn't even need UAC elevation to perform system invasive/changing tasks so obviously it doesn't come with a dual-token either.

    PS: I notice you and I have a very similar security setup. :)
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    Yes, same here. I like what you've done :thumb:
     
  7. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    Dito! I sometimes feel little nekkid though. I guess it's a feeling that'll never go away. :D
     
Loading...
Similar Threads
  1. waters
    Replies:
    3
    Views:
    381
Thread Status:
Not open for further replies.