To be admin, or not to be admin?
Science & Nature, Work January 4th, 2005
To be admin, or not to be admin? That is the question.
It’s good system administration practice not to run as a superuser unless you need to. Normal operations shouldn’t require you to have system-wide affecting powers. If you get hacked, or a virus, the damage is more contained if you are just a user and not an administrator.
For that reason, my everyday Windows (and unix) accounts aren’t superuser accounts. I am a Power User on Windows. However, after the SP2 upgrade, I found out I couldn’t change the firewall rules without being an admin. And I’m not going to logout/log back in, twice, just to let one of my applications access the Internet. So I need to either disable the firewall or change my account to be an Administrator.
I chose to make myself an admin. That should fix a few other issues too, like software installs, and being able to make some changes to my wired and wireless interfaces. I don’t like doing this, but I think it’s commonly done. I wanted to post here to ask about that…. Do readers here normally run with admin privledges on their Windows boxes?
About
i must admit, to my chagrin, that i work as an admin on windows boxes.
I’m a local admin on my machine, but not a domain admin. I only use the domain admin account for specific instances. We actually give some users local admin priveleges…be it good or bad, it seems to save the Helpdesk folks some trouble during support calls.
I never use the admin account on my XP home machine, just use the “run as” feature when I need to install software, etc. Once in a while I do have to log in to “unblock” certain apps because of the firewall. If I’m working on a xp pro machine, I usually have local admin rights only.
I also run as a local admin on all three Windows machines I use regularly, though I think this pisses my boss off whenever he notices. I don’t really care what he thinks, though, since his everyday account is in the Domain Admins group for both our NT4 domain and our UIUC AD OU.
My main reason is convenience, though. If it wasn’t too inconvenient, I would prefer to limit the use of the superuser account.
I use sudo under Linux, however, and I feel much more comfortable that way.
Local admin only. It’s more convenient for me.
I guess I just think it’s weird it’s “accepted” to be an admin on the machine. XP Home defaults to admin permissions for its users.
I think for 90% of my day-to-day things (and 100% if Windows handled some of the networking interface handling in the user level,) I don’t need admin rights. With spam, spyware, viruses, exploits…. it just seems smarter to not run with higher privledges than you need. Security is the inverse of convenience, and I guess most people pick convenience in this format.
On the plus side, Quicken update never worked right for me as a user, but worked as an admin. And, now I can run Windows Update and software installs without changing my login. That’s kinda nice.
it’s true … everyone just expects you to be admin on a windows machine. it’s really a hold over from the older days of windows where there wasn’t a difference as it was only a single user, non-networked system. they just sort of tacked users and networking on to it and ended up with this mess.