Full Disclosure mailing list archives
RE: Windows user privileges
From: "Phillip R. Paradis" <prp17 () adelphia net>
Date: Tue, 23 Nov 2004 15:52:35 -0500
1. XP would be more suitable to run as a user if the runas service and windows installers were developed to add more complete and easy to use privilege elevation techniques outside of active directory and the default group policy that gets applied.
...
4. The windows install creates the first user account as an administrator so that they may install programs and hardware without allot of hassle. This is in fact good for business over the alternative (which is to hassle most end users beyond their point of no return), no matter what the security implications, remember end users don't care (even if they should).
A good approach here that would allow the user to be a non-admin by default and not make things overly difficult would be: 1. When creating the Administrator account's password during setup, remind the user that they will need it to install software, etc. 2. When the user attempts to do something they have insufficient privileges for (install something, for instance) the Run As UI should appear automatically, rather than an error message. The average home user isn't smart enough to right click and find the Run As command; a great many such users don't even realize that the right mouse button has a use. It would also be nice if they'd fix Explorer, etc. to support Run As, and perhaps add an Open As command to the context menu for folders, to allow opening a folder with different credentials. While they're at it, they might find some way of marking the windows of any processes not running as the current user. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: joe the "expert" (was Re: IE is just as safe as FireFox ), (continued)
- Re: joe the "expert" (was Re: IE is just as safe as FireFox ) Georgi Guninski (Nov 21)
- Re: joe the "expert" (was Re: IE is just as safe as FireFox ) ASB (Nov 21)
- RE: joe the "expert" (was Re: IE is just as safe as FireFox ) joe (Nov 21)
- Re: joe the "expert" (was Re: IE is just as safe as FireFox ) john morris (Nov 21)
- RE: joe the "expert" (was Re: IE is just as safe as FireFox ) joe (Nov 21)
- RE: [in] Re: IE is just as safe as FireFox Paul Schmehl (Nov 20)
- Windows user privileges Mike Hoye (Nov 20)
- Re: Windows user privileges Paul Schmehl (Nov 20)
- Re: Windows user privileges Dennis Mowers (Nov 21)
- Message not available
- Re: Windows user privileges James Tucker (Nov 21)
- RE: Windows user privileges Phillip R. Paradis (Nov 23)
- RE: Windows user privileges joe (Nov 21)
- Re: [in] Re: IE is just as safe as FireFox devis (Nov 21)
- RE: [in] Re: IE is just as safe as FireFox Phillip R. Paradis (Nov 23)
- Re: [in] Re: IE is just as safe as FireFox devis (Nov 21)
- Re: [in] Re: IE is just as safe as FireFox GuidoZ (Nov 20)
- Re: [in] Re: IE is just as safe as FireFox GuidoZ (Nov 20)