|
(Because the entire test machine is a throw-away config anyway).
On my dev machine (XP) I have two accounts: My non-admin domain account is the primary login with only user privs (and yes, compilers and debuggers work nicely thank you), while the computers built-in administrator account (renamed of cause) is used to do administrative tasks (such as
installing/running/debugging privileged code). I also used to have a domain admin account with a different name ("never read your e-mails as root" as they said over in the UNIX camp).
Most admin tasks work nicely from a command prompt started with RunAs (or an elevated command prompt on Vista), there are just a small number of exceptions where I need to log off/on, mostly Microsoft stuff such as Windows Update(!) and the complex keyboard drivers for Asia and Unicode .
Tips to make things work:
In "Folder options, advanced" enable "open each folder/window in a separate process", this allows explorer windows to run as different users.
Create a batch file to open that admin command prompt in the morning, so you only have to type in the password, something like:
@runas /user:%COMPUTERNAME%\%ADMINNAME% /profile %COMSPEC% /C (runas /netonly /user:%USERDOMAIN%\%USERNAME% %COMSPEC% & TITLE Don't close this window & PAUSE)
Some development environments default to using the Program Files directory of the compiler to store new projects, just override it and point to somewhere else.
Many programs need to be run "first time" as admin, so your personalized defaults can become system wide settings.
DISABLE the "helpful" folder/file redirection feature on Vista and terminal servers, the existence of multiple virtual copies of system-wide config files and data creates confusion and maximizes the chance that the "helped" programs will fail.
Use the per-user HKEY_CLASSES feature of Windows 2000+ to register freshly compiled COM components without going admin. Optionally change registry permissions on global keys specific to your own code and components, but be careful not to impose this on your end users.
This message is hasty and is not to be taken as serious, professional or legally binding.
I work with low level C/C++ in user and kernel mode, but also dabble in other areas.
|
|
|
|
|
I work in an industrial plant. We use a wide range of applications, most of which REQUIRE admin rights to even function! (WindowsXP). In addition, we frequently have to install various utilities, freeware and shareware products to resolve issues that arise.
|
|
|
|
|
I sometimes use my Admin account and some other times my normal unpriviledged account. It all depends on my mood at the specific day, how "threatened" I feel from "hackers" and how enthusiastic I am for "hacking" my own computer.
Or maybe I'm just schizophrenic...
|
|
|
|
|
help me to get a project friends.. im blank with it..
i need a good projet..
|
|
|
|
|
What about a spam filter?
|
|
|
|
|
gadzluvall wrote: im blank with it..
How about implementing about:blank page of the web browser in all languages of the world?
Vasudevan Deepak Kumar
Personal Homepage Tech Gossips
The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep!
|
|
|
|
|
I also voted for administrative rights because of the "Administrators" group I'm in.
But let's get a closer look to this poll. There are some unsolved questions:
- Does it only mean running with administrative privileges in your local machine or a complete network to get full access from your main machine ?
- What about Vista and Windows 7? In general you're running these systems only with normal user rights until UAC asks for more.
|
|
|
|
|
1. When someone says Admin rights, they mean Local admin rights by default. I doubt even 1% of the devs in a large company have network admin rights.
2. Moot point, really.
|
|
|
|
|
I don't see your point about vista or windows 7 aka vista because if you're an admin user, it's the same as Xp with the exception of the delay in the execution time because vista waits for the user to say... yes, twice (double clicking the program was the first time), that they want to run a program that needs admin just to run, but that is of no concern to the user, (but it probably is for the many that disable UAC)...
Look their are programs that ask for UAC elevation, and go ahead with drastic actions like disabling system firewalls, and spawning other processes with elevation... in the end the scheme failed. And i'm sure their are programs that just add entries into the vista firewall whenever they feel like...(btw why have a way for a program to add itself to your firewall because it wants access... what was the point... just a security leak)
What microsoft should of done was just guard actions that might harm the system as they occur... not a "continue" "cancel" at the start of a program. So if internet explorer wants to format your harddrive, you warn the user when that occur and tell them why... right?
Another thing m$ could of done was a way to classify applications when you install, and also rely on known libraries of programs for what they need... for example if you install a webbrowser, it shouldn't ever need the sorta stuff a harddrive defragmenter needs, and it should never need to write to a system folder... so why ask the user to let it... I mean their could just be three types of programs,..."system" (needing high privileges + access to modify system files), "utilities" (needing high privileges but never modifies system files) and "application" (needing low privileges). So 99% of the programs you install should be at the low "application" level.
Also an "Unknown" mode for programs the user has no idea about... where you should be allowed to execute the program, and also recieve all elevation requests (not block any, like if the type of program-type-filter was set)... and tell the user the action that is to occur.
And to round this all off.. and option about how much to nag so that if a program like notepad tries to format windows, that if the type of program was set to "Application", that do you want to still be allowed to make a choice... in short a way to disable the application filter... the alternative is the program is terminated on the spot with a readout of what happened. What it was going to do.
|
|
|
|
|
On my main work machine, I use Vista with UAC disabled. I think this qualifies as always having admin rights.
But my laptop, which I use frequently too, has Vista with UAC enabled. And that qualifies with admin only when I need it, right?
|
|
|
|
|
Which does not have the SDK installed.
JR
|
|
|
|
|
Good on you.
That's what I do when I can.
God is REAL unless declared int
|
|
|
|
|
On my developer mashine I need to be the user I am.
Ever tried to install something serious on a vista mashine?
Most programs are written for the second or third last operating system, not for the next
OR worse, it´s a good solid piece of utility software that has no support and will never be developed again by any one but it is company standard and not subject to negotiations.
Now lets see; DOS2.0,3.11,95,98,NT4,2000,XP,VISTA,Playstation?
Java
C#
Gupta Team Developer 3.1
VC++ 2003
Oracle 8i79i
W2K-XP
|
|
|
|
|
My work machine is Windoze. Everyone has local admin rights.
And I also have the Administrator password for the whole Active Directory...
At home, of course not. I use Linux, and nobody on his right mind runs the desktop environment as root.
|
|
|
|
|
Member 4134890 wrote: At home, of course not. I use Linux, and nobody on his right mind runs the desktop environment as root.
I do.
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong.
-- Iain Clarke
[My articles]
|
|
|
|
|
CPallini wrote: I do.
I do in the shell all the time but rarely for the GUI. For the shell I usually run screen on first login and one or two of the sessions are root while the rest are my user john or jdrescher depending if I am home or at work..
John
|
|
|
|
|
Almost everywhere I contract the developers main account gets (local) admin rights.
What I *want* is what I run at home -- my main account is not an admin but I have one I can use if needed.
|
|
|
|
|
i think its a trait that comes from the old MSDOS days
|
|
|
|
|
...I will continue to run as admin. I don't want power user, I want developer rights, that can write code, compile debug, deploy and set settings, ONLY for the application I am working on, without a need for admin. you can think it as mini-admin rights.
Yusuf
|
|
|
|
|
maybe a windows dev edition !! :p
|
|
|
|
|
then you may have dev login
|
|
|
|
|
At home I've got XP Pro and I run w/o admin rights. It's a pain and my wife hates me for it. We always have to back out of installs, use "run as..." or login as the admin if it's an .msi. Plus I can't double click on the clock in the taskbar for a quick look at the calendar - it always tells me I don't have access.
My machine at work is Vista and it's such a better experience. When I need elevated privileges I get prompted once for credentials, and I never have to back out of an install Vista just prompts me and keeps going. I was running as an administrator before and I'd get multiple prompts from the UAC for the same installation.
I've never had problems running Visual Studio w/o admin rights. Depending on what you're doing the most you need to do is add yourself to the groups created by visual studio when it installs. If you're running cassini you might also need to grant yourself access to the asp.net temp folder.
|
|
|
|
|
Exactly! XP doesn't really support non-admin use. My home PC's wireless connection refuses to work as a non-admin (to be fair, it is the driver's fault, not XP's), so I've given up and use an admin account now. Other applications behave similarly, refusing to remember settings, etc.
My main reason for wanting a non-admin account is to prevent non-tech savvy family members from screwing up the PC (happens occasionally)
|
|
|
|
|
But it wasn't my decision, they made me a domain admin against my will! They wanted me to be able to reset passwords* when no one else was available . Of course, on those few occasions that I had to, I could have logged into the administrator account and gotten back out... buuut noooo...
* It also allowed me to add users to the security groups I had set up for my applications.
Back on OpenVMS I had all privileges authorized, but off by default, and I'd only activate what I needed to do a certain task then revert back afterward.
Just another way that OpenVMS is superior to Windows.
|
|
|
|
|
PIEBALDconsult wrote: Just another way that OpenVMS is superior to Windows.
Fer sure!
$ set proc /priv=all
$ power command
$ set proc /priv=(noall, tmpmbx, setprv)
<sigh> memories of a great OS...
/ravi
|
|
|
|