G. Andrew Duthie asks: "Will 2005 be the year of Least Privilege" (via Robert Scoble).
Not a chance. Why not? Scoble sums it up pretty well (unintentionally):
For those who don’t know what Least Privilege is, it means turning off a bunch of administrator rights so that no software can install without logging off and logging back in as administrator
People don’t want to have to log off and log back on to get stuff installed! That’s awful. People want to use their computer and have it get out of the way. What should happen is that they are prompted for an administrator login when admin privileges are needed and it should all just work seamlessly once such a login has been provided. Similarly, if they are logged in as Administrator, they should have to provide their password to install software anyway so that they know it’s happening.
Essentially, don’t let software install and run unsafe code without first confirming the user trusts it. Check out sudo for how to do it on the command line and OS X for how to put a GUI on it. Then while you’re at it – disable the administrator account and just use this system instead (see sudo for how to handle permissions when there is no administrator/root account).
Sure users can still be daft and install spyware, but putting more steps in their way doesn’t make them not do stupid things if they want to do them.
Jon says:
you don’t need to log out and log in to be administrator. You can shift right-click and select ‘run as…’ . Granted its awkward but faster than closing everything down.
Win2k also tries to be clever and asks you if you want to run as a different user for certain file patterns (setup.exe, *.msi, etc.)
For shortcuts, you can also select the user to run as in the properties sheet.
I maintain a list of shortcuts on my desktop (But you could also do this in a quicklaunch bar or something) for bad applications that insist on being administrator. I double-click, enter the admin PW and I’m on my way.
For explorer windows, you can cheat by running IE as administrator and putting a file:// url in. Copy&Paste between windows belonging to different users isn’t very good though, and explorer windows won’t update automatically (you must manually refresh when necessary).
G. Andrew Duthie says:
In addition to RunAs, which works, but has issues with some applications, you can use MakeMeAdmin, a utility written by Aaron Margosis (http://blogs.msdn.com/aaron_margosis/), which uses RunAs to give you a command-line window with Admin privileges, but running under your least-privileged user account profile. So, for example, software installers that assume that the user installing the software will also be the user using the software will work correctly.
With MakeMeAdmin, there’s very little that you cannot do while still logging in (and most importantly keeping your web browsing and mail reading) in the context of a low-privileged account.