Coffeehouse Post

Single Post Permalink

View Thread: Do you login as admin?
  • User profile image

    I do not run as admin at home or at work. As a developer, I have been living Keith Brown's developer lifestyle for quite a while. I only switch to admin when I need to be an admin. I think this is very important for developers to do as it exposes security issues early in the dev cycle. I'm currently developing on Windows 2003 as a non-admin and have stumbled across a few issues that some of my admin-running collegues would have never found.

    A previous poster said a well designed network will make this easier for you and that is true. Even here at Microsoft, some of our IT applications require administrative privileges to run (Try submitting your annual review without being an admin). The cool thing though is that when you bring it up to the IT staff they are very receptive to it and willing to try to resolve the issue.

    My biggest issue with the non-admin thing is that you need to have a fairly high degree of technical sophistication in order to accomplish this. While the security enhancements for Windows XP SP2 are great for notifying the user about certain unsafe actions.  A lot of the actions require you to be an administrator (installing ActiveX controls for example).

    In my example of our annual review tool problem, I had to run Internet Explorer as an administrator then provide my network credentials to access the tool.  That worked fine for me, but good thing my grandma wasn't trying to do the same thing!

    The problem as I see it, is with conflicting agendas. We want people to be admins to perform admin tasks (install programs, update the registry etc.) but we don't want to require our users to be administrators to read their email.  ClickOnce deployment should help somewhat in this area, but you still have the issue of deploying CAS policies. I would love to see Longhorn nail this issue down so that it is easier for users to not run as admin.