General discussion

Locked

Ed Bott's Microsoft Challenge--May 4, 20

By ebott ·
According to Microsoft, you should never use an administrative account for everyday use, especially if you're connected to the Internet. But that causes big headaches for power users who want to install new applications. In fact, many install programs simply won't run unless you have administrative rights. What sort of best practices should Windows 2000 Professional users follow when installing new software? Do I always have to be logged on as Administrator? Help me put together some do's and don'ts for third-party programs.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Ed Bott's Microsoft Challenge--May 4, 20

by msullivan In reply to Ed Bott's Microsoft Chall ...

DO's:
Create 2 accounts for each Power user. 1 for normal use, 1 for administrative rights. "Good" Programs will install under win2k as the normal user. "Bad" programs will require administrative logon, or "RUN AS"

Block internet access and e-mail for these administrative accounts. This will discourage every day usage of the administrative account and protect your systems.

Use Group Policy to manage this tangled web of users and rights.

Use Group Policy to manage the distribution of the software. Software distributed by GPO will be installed under the elevated privledge of the local system account.

Don't:
Put the administrative accounts in the local admin. on every computer. Only where that user will actually log on locally.

Buy software that requires administrative rights just to be installed. Unless you absolutely have to.

Mike

Collapse -

Ed Bott's Microsoft Challenge--May 4, 20

by ebott In reply to Ed Bott's Microsoft Chall ...

The question was auto-closed by TechRepublic

Collapse -

Ed Bott's Microsoft Challenge--May 4, 20

by ckern In reply to Ed Bott's Microsoft Chall ...

In windows 2000 you can define the properties on a shortcut to use the "run as" option. This will allow an administrator to logon with normal user rights and then when they attempt to launch an application requiring administrative rights, they are prompted for the administrator ID and password. They no longer have to logoff and logon to use their account with administrative rights.

As for the services which require administrative rights, it would be a good practice to deny these accountsthe ability to logon locally. The only right we grant the administrator accounts for services is the ability to logon as a service. You are the unable to use a service account with administrative rights to logon at a server or workstation.

Collapse -

Ed Bott's Microsoft Challenge--May 4, 20

by ebott In reply to Ed Bott's Microsoft Chall ...

The question was auto-closed by TechRepublic

Collapse -

Ed Bott's Microsoft Challenge--May 4, 20

by kakadak In reply to Ed Bott's Microsoft Chall ...

It's a good idea to give your account full administration privileges basically use the Admin account as a template to create your own.
Then change the Administration accounts Username to something else like: Admin_1
Or you can simple disable it.
But I would never disable the account incase you forget your own password!!!!!


Kakada

Collapse -

Ed Bott's Microsoft Challenge--May 4, 20

by ebott In reply to Ed Bott's Microsoft Chall ...

The question was auto-closed by TechRepublic

Collapse -

Ed Bott's Microsoft Challenge--May 4, 20

by jcauble In reply to Ed Bott's Microsoft Chall ...

Maybe I'm missing something in the question, but Windows 2000 has already addressed this issue. If you right-click on an executable, the menu has an option to RUN AS another user. The recommendation is for admins to have two sign-ons, one without admin privileges, and use that one all the time. When it is necessary to have admin privileges, simply use that second account in the RUN AS dialog box.

It's Miller time. Did I miss something basic in the question?

JCauble@Pacbell.net

Collapse -

Ed Bott's Microsoft Challenge--May 4, 20

by ebott In reply to Ed Bott's Microsoft Chall ...

The question was auto-closed by TechRepublic

Collapse -

Ed Bott's Microsoft Challenge--May 4, 20

by guru In reply to Ed Bott's Microsoft Chall ...

create an account called installation

give it the rights to the target hard disk only RWMF
remove the ability to add users,

Collapse -

Ed Bott's Microsoft Challenge--May 4, 20

by ebott In reply to Ed Bott's Microsoft Chall ...

The question was auto-closed by TechRepublic

Related Discussions

Related Forums