Coffeehouse Thread

7 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Least Privilege in Longhorn

Back to Forum: Coffeehouse
  • User profile image
    dwoodard

    There is some great work going into Longhorn around least privilege.

    http://msdn.microsoft.com/longhorn/default.aspx?pull=/library/en-us/dnlong/html/leastprivlh.asp

    One thing that sounds interesting here is the concept of the "Protected Administrator".  The protected administrator allows you to login as an admin, but only applications that are blessed as administrative applications will run under an administrative token.  All others will run with least privilege.

    Of course we should all be writing our non admin applications using LUA.  But the protected administrator may make it possible for my Mom to run her applications safely.

    Too bad this didn't make it into XP SP2 (Nice pop-up blocker BTW!).

    -dan

  • User profile image
    Manip

    It's nice that you guys (Microsoft) are *finally* giving this some attention, you REALLY have to get your foot out to beat *Nix in this area. At the moment 'Run As' causes applications to crash, which is excellent.. :-/

    The problem at the moment is that because Microsoft has left this so late, independent developers right applications assuming they have admin on the box and as soon as you turn that off they die in flames. This should have been addressed in Windows 2000.

  • User profile image
    Jazzynupe

    Manip wrote:
    It's nice that you guys (Microsoft) are *finally* giving this some attention, you REALLY have to get your foot out to beat *Nix in this area. At the moment 'Run As' causes applications to crash, which is excellent.. :-/

    The problem at the moment is that because Microsoft has left this so late, independent developers right applications assuming they have admin on the box and as soon as you turn that off they die in flames. This should have been addressed in Windows 2000.


    Another area of note is the Control Pannel. If it need to run as admin to work, then it should ASK. Otherwise it defaults to the current permissions. What I envisioned with this least privleges is that we could still get to the control pannel and it would ask me for credentials if the current rights I have are not sufficient for everything. Similar to how file shares work. It will ask you for credentials. Keep the runas feature for other applications, but the "System" applications should "ask you" for credentials if you are running with least access.

  • User profile image
    Manip

    Agreed. Although in general I think X11 + Gnome/KDE is a pile of puke, that is something they do very well. So, if you don't have the required privileges don't block it.. ask for them.

    (X11 is the Linux desktop system, aka Gnome, KDE etc)

    I know I'm repeating something I've already said, but Microsoft need to work to re-define the user/admin privilege gap. I would like the users to be able to completely alter their personal space.

    Some examples:
    - Time Zone (Not system clock time..)
    - Time display 24hour / 12hour
    - Background display
    - Screensaver
    - Screen resolution (some people work better at other resolutions)
    - Appearance

    This should all be in the user-space and should be stored as part of the profile. With the ability of the system admin to lock these settings (so you COULD have it act as it does at the moment).

  • User profile image
    lars

    Is there any "best practise" document available on methods for Least Privilege User as a developer right now running XP? I've come across a few ideas but it seems like a real pain. Atleast compared to Unix systems where you just bring up shell and logon as root whenever needed.

    /Lars.

  • User profile image
    dwoodard

    From my barely posted to blog ...

    Here is a good article on MSDN about running as a non administrator.  I personally never run as an admin (well accept on virtual images) and it is not as difficult as you might think.

    The good thing is as a developer, I don't have to worry if my code will run if the user is not an admin because I have unit tested the crap out of it that way.

    Keith Brown of course has some good tips as well.  http://www.develop.com/kbrown/book/html/lifestyle.html

  • User profile image
    Marco Peretti

    Hi guys

    those of you who want somehting similar to Longhorn "Protected Administrator" may want to check out our own NeoExec -- free for home use on up to five PCs.

    NeoExec runs on Windows 2000/XP/2003

    BTW, does anybody knows how to enable PA on Longhorn?

    Cheers,

    Marco Peretti
    www.neovalens.com

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.