Linked by Thom Holwerda on Sun 27th Apr 2008 15:23 UTC
Windows Just about everyone using Windows XP runs the operating system as administrator - or root, if you come from a UNIX background. Such is the case because Microsoft, in its infinite wisdom, figured it somehow made sense to give every user full access to the system, and to more or less completely ignore the intricate and advanced security systems in place in Windows NT and the NTFS file system. This kind of turned out to be a very bad idea, and allowed Microsoft and its 3rd party developers to become hopelessly sloppy; most Windows applications more or less assumed they were run by administrators. It also allowed malware full access to the system when executed. Cue User Account Control.
Permalink for comment 312013
To read all comments associated with this story, please click here.
RE[2]: Speaking of sloppy...
by kerframil on Tue 29th Apr 2008 20:25 UTC in reply to "RE: Speaking of sloppy..."
Member since:

I used XP Pro with limited user for a year on a laptop and it was a freaking nightmare. You can't even change the powersaving policies in a limited user without promoting them to Administrator first and putting them back down afterwards.

This problem can be solved by making some changes in the registry as described here:

I also had lots and lots of weird File-ownership Problems, having to copy files to another location and back again before i could execute them as my limited user.

I'm not quite sure what the problem was in this case but the important thing to remember is that, when copying files, the permissions will change according to the policy defined by its parent folder (or an ancestor thereof).

However, when moving files, the original permissions will be retained unless they are being moved from one NTFS filesystem to another, in which case the behaviour is as that of copying.

I sometimes forget this when moving Start Menu shortcuts from the Administrator user profile to the Everyone user profile (installers that don't install shortcuts for "everyone" ... one of my pet gripes!). This sort of problem can be solved by using the "Replace permissions entries on all child objects ..." checkbox in the Advanced Security Settings dialog.

Basically, if in doubt, it's best to copy prior to deleting the originals.

So, yes, it is possible to run XP Pro as a limited user and there is even some software around that still more or less works then but it doesn't work very well and is so much pain that most user wouldn't want to use it that way.

Agreed in so far as "most user" doesn't refer to the kind of person that regularly reads sites such as ;)

Seeing as I'm on the topic, I might as well also convey two tips that I find quite useful. One is to set up an administrative command prompt shortcut:

%SystemRoot%\system32\runas.exe /user:administrator %SystemRoot%\system32\cmd.exe

This is useful as a launchpad for other processes that needed to be started in an administrative context, including some control panels (try running dir /w *.cpl immediately after opening such a prompt). Furthermore, one can drag and drop icons into the window of the command prompt - particularly useful for starting things that do not offer a "Run As" option (such as MSI installer packages).

The other tip I wanted to convey is that by enabling the "Restrict CD-ROM access to locally logged-on user only" security option via gpedit.msc, it is possible to rip and burn optical media as an ordinary user. This doesn't appear to be widely documented but is one of the first things that I change after installing Windows.

Reply Parent Score: 1