+1 ... and honestly, this is why I stopped using
Regulator...
I've been running as a normal Domain User for about 6
months now. It took a little while at first, but I've
gotten used to it. You'll quickly come to use the RunAs
shell function, as well as the runas console command
frequently.
One thing that has surprised me however is the amount of
product out there that require Administrative privs even
to run.
The coolest thing about not running as an admin? I've
got four boxes on my home active directory, a server,
desktop, and two laptops. Nobody's account has admin
privs, and the only time I ever log in as admin is when
I need to do something on the server or change hardware.
And you know what? In the past 6 months, we have not
been hit *once* by spyware ( at least as far as I can
tell ) or viruses.
Yeah, it's a good idea, I just can't bring myself to
pull the trigger on this.
It's also one of the last great divides between the UNIX
world (where they've always done this) and the Windows
world (where we've almost never done it).
They are right, though: "security" is
a joke until you do this.
I think you've asked the wrong question. The question
you should be asking is how many of the Regulator's
users should be running as non-admin. The correct answer
to that question is very near 100%. Every developer tool
and utility that requires admin privileges for non-Admin
work is in some small way responsible for the current
morass we're in. End users depend on us to the do the
right thing.
Hey Roy, long time reader, first time poster. Love your
blog.
I agree with John. Someone as yourself who seems
dedicated to doing the Right Thing in all aspects of
development needs to do this right, as well. The
MakeMeAdmin script is about the simplest way to get
there, but even using RunAs is not so complicated that
any developer has an excuse.