« The Bird Was the Word | Main | Traffic Choices in Puget Sound »

November 27, 2004

Running as Non-Administrator

In a comment to this post about malware, someone asked:

Since Microsoft runs such a managed network environment I'm surprised you are allowed to run as Administrator there unless you absolutely have to for your development work. Is that a privilege that comes with seniority or does everyone through development sales and marketing routinely run as admin? Or is it just on your personal test machines? Do you have systems set up to filter spyware at the firewall?

I have not heard of any job -- certainly nothing in the development teams -- where you are not allowed to run as administrator on your own machine (and it's certainly not based on seniority). People DO sometimes need to install applications or do some of the many activites on the long list of things that require you to be administrator.

Actually, I have no idea how long that list is, or if it even includes installing applications, because I run as administrator. This is bad for a couple of reasons. First of all it makes me vulnerable to bad bits. Second of all, we at Microsoft want users to run as non-admin for similar reasons, so we should all be running as non-admin to know what it is like (Larry Osterman blogged about the non-admin experience a few months ago). Therefore I am going to pledge that Monday morning I will stop running as administrator on my machine.

To be more precise, I will take my domain account and take it out of the Administrators group (and hopefully be able to put it in Users, not Power Users). I'll still have the actual local Administrator account if I really need it. And I can grant my domain account a few privileges (like debugging) as necessary.

Microsoft actually could enforce a rule that your domain account can't be local administrator (and they could write a script to check this, since the domain administrator account is also a local administrator). I suppose some people would respond by running as local Administrator, but it is so convenient to run as your domain account, for accessing network resources, that most would continue to run as that.

I don't know what firewall filters Microsoft has in place. Certainly they have a spam filter which is evidently pretty good, since my Microsoft email address is floating around from back in the early 1990s when we all naively posted in on newsgroups (all I get these days is Rolex offers, I suppose because that hasn't been added to the list of spammy words). I don't know about filtering other stuff. Someone told me recently that they put an unpatched version of an older version of Windows on the corporate network, and within 5 minutes it was infected with a virus.

Anyway I will try running as non-admin on my machine, and report back.

P.S. Bookpool, the bookseller that ran the Find the Bug contest, is now running a malware-related contest, tied to the book Malware: Fighting Malicious Code (just recently reviewed on Slashdot).

Posted by AdamBa at November 27, 2004 12:55 PM

Trackback Pings

TrackBack URL for this entry:


I'm glad this "Don't run as Admin" trend is picking up steam among devs. After all, developing as an admin is what caused the bug (well, design issue actually) mentioned in http://www.codeproject.com/macro/clrdebugenable.asp. The developer who implemented this ran as admin and never felt the pain until it was already too late.

Also, since Aaron Margosis was mentioned in a previous comment, I thought it would be useful to provide the link to his blog: http://blogs.msdn.com/aaron_margosis/

Finally, the idea of having a "develop as user" campaign is great. If developers start creating user-usable (!) apps, users will start using them, rest assured.

Posted by: Ovidiu at November 28, 2004 08:15 AM