Tip

Try the RUNAS command

It's fairly common knowledge that logging in as an administrator in a Microsoft Windows computer is dangerous. Most people realize that in theory, you should only be logged in as an administrator when you're actually doing something that requires administrative privileges. Any other time, you should be logged in as a regular user.

There are two primary and intuitively obvious reasons for this. The first is that as administrator, it's easy to break things accidentally. As a regular user, you shouldn't have the permissions required to do destructive things like deleting system files. And if you're installing some software as a user, it generally won't have the permission to overwrite anything important (to the system) either.

The second reason is that malicious attackers can't use you to attack the system as easily. For instance, if you're surfing the web as an administrator a website could run some malicious applet, or if you're using an instant messaging client or peer-to-peer file-sharing program as administrator, those represent avenues of attack as well. In all these cases, the damage they could do would be substantially limited if you're logged in as a user instead of an administrator.

But let's face it, administrators are generally a combination of overworked and lazy, which means they don't want to take the time to shut down all their open applications, reboot the system, log in as administrator, performs some administrative task, reboot

    Requires Free Membership to View

again, log in as a user, and reopen all their applications. The solution to this problem in the old UNIX world is that you can log in as a user and still run a specific application as "root" with SUDO or use the "su" command to get root access for one terminal session while all your other applications use regular permissions.

In Windows 2000/XP, there is a similar feature. You can mimic this functionality by using "Run As". This can be invoked in one of two ways: from the command line (type "runas /?" for help) or from the start menu. To do this, hold down the shift key, and RIGHT-click a menu item and select Run As.

Note that this feature is also very useful if you're supporting a lot of users. When you go to troubleshoot a user's PC, instead of making them log out so that you can log in as an administrator and fix their problem, just leave them logged in and use Run As.


Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.


This was first published in April 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.