I like this approach, mainly because I have been unable to live with Windows limited accounts (it was not for lack of trying).
About 4 years ago I seriously tried to make this work on Win2K, taking an existing admin account and reducing its privileges. Basically things just did not work; I probably wasted over 40 hours of my time (reinstalling, registery edits) before giving up.
Last year I setup two new WinXP computers from the beginning with limited accounts. I actually got things to mostly work, just weird little failures here and there. Game software was the worst (for example a game application that would not save configuration files unless you had admin privileges), many games won't run at all. The second worst was security software! I think PGP 8 was one of primary things that pushed me back to normal use of admin privileges on my primary computer (I could not use the disc encryption with limited access). My less used laptop lasted for almost a year before I changed wifi cards (to get WPA), and found out that the new driver could not complete the network connection unless I logged on as admin.
It is all well to throw sticks and stones at users who don?t use limited access accounts, but it will not be practical until consumer software applications are regularly tested under those conditions! Given that I am an very experienced user -- I believe that I might be able to function with a limited access account, so long as I login as admin when Windows first starts, and I switch to admin for about 1/4 of the applications I run (which kind of defeats the purpose). My son's limited access account is primarly used for games and is even worse, needing admin access for 2/3 or more the applications he wants to run.
About 4 years ago I seriously tried to make this work on Win2K, taking an existing admin account and reducing its privileges. Basically things just did not work; I probably wasted over 40 hours of my time (reinstalling, registery edits) before giving up.
Last year I setup two new WinXP computers from the beginning with limited accounts. I actually got things to mostly work, just weird little failures here and there. Game software was the worst (for example a game application that would not save configuration files unless you had admin privileges), many games won't run at all. The second worst was security software! I think PGP 8 was one of primary things that pushed me back to normal use of admin privileges on my primary computer (I could not use the disc encryption with limited access). My less used laptop lasted for almost a year before I changed wifi cards (to get WPA), and found out that the new driver could not complete the network connection unless I logged on as admin.
It is all well to throw sticks and stones at users who don?t use limited access accounts, but it will not be practical until consumer software applications are regularly tested under those conditions! Given that I am an very experienced user -- I believe that I might be able to function with a limited access account, so long as I login as admin when Windows first starts, and I switch to admin for about 1/4 of the applications I run (which kind of defeats the purpose). My son's limited access account is primarly used for games and is even worse, needing admin access for 2/3 or more the applications he wants to run.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1848/14#14