Low-privileged accounts and non-Windows platforms

  • Article

Those of you who’ve read my old blog for any length of time know that one of my particular areas of interest is trying to convince people to stop running their machines on a day-to-day basis using Administrator-level accounts, given that this opens them up to greater risk for their machine being exploited by malicious code.

I’m considering an experiment, in which I will set my wife up to use a non-Windows platform as a non-administrative user, and see how she does in using that platform without my intervention, including installing software, configuring simple settings, etc. What I’d love to get from my readers is recommendations on which platforms handle this best, that is, setting a user up to be low-privileged, but allow for easy software installs, etc. The purpose of the experiment is to understand how this process is handled on competitive platforms, so I can better evaluate how we do it on Windows.

I’d also be interested in hearing what your biggest points of pain are when trying to run as a non-Admin in Windows. Some of mine include software that doesn’t run correctly when installed by an admin, but run by a non-admin, and profile information that gets stored in the wrong place. Most of these issues, by the way, can be solved by the very useful MakeMeAdmin utility written by my colleague Aaron Margosis. Of course, I’d love to see this baked into the platform, so that things are simpler and more reliable, but at least the tool’s available.

So the two questions are:

  1. Which non-Windows platform best handles (for non-technical users) running with low privileges generally while providing the ability to easily elevate privileges when necessary for installs or configuration?
  2. What are your points of pain when running as a non-admin user on Windows (and what are your favorite workarounds)?

Note that I will probably try at least one Mac-based solution and one *nix-based (perhaps on Virtual PC), so recommendations should take that into account. Note also that I’m already familiar with the su concept in *nix, so I’m not looking for any treatises on that…just recommendations of who handles this best for non-technical users.