Least Privilege in XP
This week I started to follow what I preach and removed administrator privileges from my user account in my home computer. In fact I had to create a new account, as I was running XP with the Administrator account renamed (shame!!!). I had some problems on copying the old profile to the new account, but everything went fine. Until now nothing have caused my serious issues, and the "runas" feature, as well as Fast User Switching, is making the move as smooth as as it can be. I don't think it has been any more problematic than having to use sudo on Linux. Some NTFS permission tweaking solved most of the problems.
A good resource for solving issues when trying to run with reduced privileges is the Aaron Margosis blog. It has been helping me a lot.
A good resource for solving issues when trying to run with reduced privileges is the Aaron Margosis blog. It has been helping me a lot.
1 Comments:
I don't think that in this case you need to practice what you preach if you're careful enough. Even though I strongly advise people on installing antivirus software and at least enabling the windows firewall, I remember myself uninstalling my personal firewall (back in windows 2000 times) after realising that my always patched system is not in any serious danger and the firewall is more of an annoyance.
Similarly I have uninstalled the antivirus, since, for at least 5 years now, it hasn't even detected a virus (I exclude the obvious ones that are attached in email and btw I don't use outlook nor OE).
Having to run an antivirus or a personal firewal is always a nuissance (they eat up resources and warning messages can get really annoying if you know what you're doing). If you're not careful or educated enough, yes, it can save you. For me though, and I suspect for you too, messages from these programs never catch me by surprise.
Similarly, its such a pain in the ass not to have administrative priviledges in windows, that I'd never consider to remove them from *my* account. On the other hand all pcs that I'm responsible for have non-priviledged user accounts. So, it's always a tradeoff, between how carefuly you can be and what you pay to be safe just in case...
Anyway, you have a point there, with fast user switching and "runas", so I might as well change my mind about this one day ;)
Post a Comment
<< Home