Welcome Guest.   Make a donation to an author on the site December 22, 2014, 08:14:10 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2011! Download 30+ custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Sudo for Windows?  (Read 4752 times)
JennyB
Supporting Member
**
Posts: 209


Test all things - hold fast to what is good

see users location on a map View Profile Give some DonationCredits to this forum member
« on: January 22, 2007, 10:41:48 AM »

I got into a bit of a tangle lately converting my default Win XP account to Restricted.

This is a machine where I am the sole user and like most people here, I download a lot of programs. The trouble was, some assumed that I wanted to instal for only one user, so if I installed them on the admin account, I couldn't use them properly on the restricted account. So I had to log in as admin, change the type of the user account, log in as user, install the program, login as admin again to change the account back...

Am I right in thinking I can avoid all that by right-clicking the installer and selecting "Run As"? It seems I can't do that on "Add/Remove programs, or am I missing something?
Logged

If you don't see how it can fail -
you haven't understood it properly.
mwb1100
Supporting Member
**
Posts: 1,357


View Profile Give some DonationCredits to this forum member
« Reply #1 on: January 22, 2007, 11:37:47 AM »

Running as non-admin has many benefits - you're far less likely to be hit by a virus or other malware - but many normal operations in Windows can become frustratingly difficult.

A pretty good starting point for information on how to effectively run as non-admin (and unfortunately there a ton of  stuff you need to know) is:

    http://nonadmin.editme.com/
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #2 on: January 22, 2007, 05:26:35 PM »

Dunno if there's an easy way to handle the uninstall - but that ought to happen rarely, so logging into an administrative account shouldn't be that bothersome. Right-clicking the installer and "run as" (or use the "runas" command from a shell) ought to do the trick for installation, I think.
Logged

- carpe noctem
JennyB
Supporting Member
**
Posts: 209


Test all things - hold fast to what is good

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #3 on: January 23, 2007, 08:38:22 AM »

Running as non-admin has many benefits - you're far less likely to be hit by a virus or other malware - but many normal operations in Windows can become frustratingly difficult.

A pretty good starting point for information on how to effectively run as non-admin (and unfortunately there a ton of  stuff you need to know) is:

    http://nonadmin.editme.com/


Thanks, that sorted out my main problem -why sometimes when I installed a new alpha version of FARR, it wouldn't open pages in the browser. Turns out ZoneAlarm was popping up a confirmation request because the program had changed, but I couldn't see it because I was in a limited account!

For my situation (single user, XP Home) I think the simplest way to go is as described here:
http://blogs.msdn.com/aar.../06/17/158806.aspx#763277

Separate accounts, run as restricted by default, use Fast User Switching.

Any ideas on the best antivirus/firewall setup for this scenario?

Logged

If you don't see how it can fail -
you haven't understood it properly.
Edvard
Coding Snacks Author
Charter Honorary Member
***
Posts: 2,643



View Profile Give some DonationCredits to this forum member
« Reply #4 on: January 24, 2007, 11:55:21 AM »

FTW-
Quote
Sudo for Windows (sudowin) allows authorized users to launch processes with elevated privileges using their own passphrase. Unlike the runas command, Sudo for Windows preserves the user’s profile and ownership of created objects.



from Google
Logged

All children left unattended will be given a mocha and a puppy.
mwb1100
Supporting Member
**
Posts: 1,357


View Profile Give some DonationCredits to this forum member
« Reply #5 on: January 24, 2007, 05:08:44 PM »

Any ideas on the best antivirus/firewall setup for this scenario?

I don't know about the best, but here's the little bit I do know:

 - I don't run a high-power firewall; I use the WinXP firewall and depend on a NAT router to keep attacks from the Internet anyway from my machine.  I suppose that this leaves me open to software 'phoning home', but right now I'm not too worried about that.  I found that 3rd party outbound firewalls were always asking me questions that I had no idea what the right answer was to and required far too much maintenance than I was willing to deal with.

 - F-Prot did not run well for me as non-admin out of the box, but a tweak to the permissions for the registry keys it wanted to write to solved that problem.

I've heard the Norton AV runs OK in non-admin, except for Live Update which only works from an admin logon (that was a while ago - they may have fixed that by now).

Many people believe that if you run as non-admin then having a real-time AV check isn't needed and simply running an explicit AV check periodically is sufficient - I've heard good things about ClamAV/ClamWin for this.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: January 24, 2007, 05:14:08 PM »

Quote from: mwb1100
Many people believe that if you run as non-admin then having a real-time AV check isn't needed and simply running an explicit AV check periodically is sufficient - I've heard good things about ClamAV/ClamWin for this.
That's wrong, though - unfortunately there's been a few ways to elevate from user->admin from time to time, and I'd be surprised if there aren't a few holes left on XP... and holes to be found on Vista.
Logged

- carpe noctem
mwb1100
Supporting Member
**
Posts: 1,357


View Profile Give some DonationCredits to this forum member
« Reply #7 on: January 25, 2007, 01:15:34 AM »

That's wrong, though - unfortunately there's been a few ways to elevate from user->admin from time to time, and I'd be surprised if there aren't a few holes left on XP... and holes to be found on Vista.

Then again, the same can be said about exploits that get past AV programs - they crop up every now and again.  I think it boils down to diminishing returns - some users believe that adding the costs and potential problems of those programs to a system running in non-admin mode isn't justified by whatever additional protection is provided.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: January 25, 2007, 03:56:23 AM »

Keep in mind that some security holes exist in the OS for years before they're (publicly!) found, and some exist for quite a long time before they're fixed. An exploit in an AV program is going to be fixed ASAP.

Iirc it doesn't take anything more than the "at" service being enabled to elevate user privileges.
Logged

- carpe noctem
nontroppo
Charter Honorary Member
***
Posts: 648


spinning top

View Profile WWW Give some DonationCredits to this forum member
« Reply #9 on: November 21, 2007, 04:17:02 AM »

Did anyone try sudowin in the end? Their documentation is excellent and this looks to be just the right balance between lock-down and liberty.

http://www.lostcreations.com/sudowin/about
http://www.lostcreations.com/sudowin/documentation

See also: http://sudown.sourceforge.net/index.php

Logged

Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.034s | Server load: 0.07 ]