Become REAL Administrator

[Guest]

Vista Ultimate x64

Alright, here's the rundown.

I want to become and absolute Administrator of Vista.

I do not want to have it complaining about proper permissions to alter a
file. I should not have to right click and "Run As Administrator". I should
not have to use a password and log into a special account.

All I ask is total access and control of my operating system.

So far: I have disabled UAC, I have an auto login to my Administrator
account, I have enabled administrator account status in the local security
policy setup.

Yet, after all this, I still am nagged that I do not have proper permissions
or administrator status to move, delete, or edit files!

Security is NOT a problem here, don't wory about it. All I ask if for
control of this $250 OS.

 

[Kerry Brown]

Vista Ultimate x64

Alright, here's the rundown.

I want to become and absolute Administrator of Vista.

I do not want to have it complaining about proper permissions to alter a
file. I should not have to right click and "Run As Administrator". I
should
not have to use a password and log into a special account.

All I ask is total access and control of my operating system.

So far: I have disabled UAC, I have an auto login to my Administrator
account, I have enabled administrator account status in the local security
policy setup.

Yet, after all this, I still am nagged that I do not have proper
permissions
or administrator status to move, delete, or edit files!

Security is NOT a problem here, don't wory about it. All I ask if for
control of this $250 OS.

Remove Vista and install Windows XP or an older version of Windows. You are
looking for an OS that doesn't enforce security. All the good ones (Vista,
OS/X, Linux, Unix, AIX, Solaris, etc.) do.

 

[Guest]

Remove Vista and install Windows XP or an older version of Windows. You are
looking for an OS that doesn't enforce security. All the good ones (Vista,
OS/X, Linux, Unix, AIX, Solaris, etc.) do.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


Thanks for the sarcasm. However, I do have a dual-boot setup with linux and it does, indeed, have the security/control I need and executes it measurably better than Windows Vista.

Unfortunately, I do need Vista for some applications and uses. I would like
be administrator.

 

[Kerry Brown]

Unfortunately, I do need Vista for some applications and uses. I would
like
be administrator.

Although sarcastic my post was serious. If you logon with an administrator
account you are an administrator. What problems are you experiencing?

 

[cquirke (MVP Windows shell/user)]

On Sun, 1 Apr 2007 03:26:02 -0700, D3DAiM

Vista Ultimate x64

I want to become and absolute Administrator of Vista.
All I ask is total access and control of my operating system.

Security is NOT a problem here, don't wory about it. All I ask if for
control of this $250 OS.

You can't have what you want, because MS has dissolved the line
between what you (as human user) do during your login session, and
what is done during that session by programs and content that can be
automatically run in various ways, or that can fool you into taking
greater than apparent risks due to a combination of poor UI (e.g.
hiding .PIF extensions) and poor type discipline (e.g. running raw
..EXE code in a .PIF, groping malformed .ANI when "view as text" etc.)

So you have to retreat to the "panic room" while the bad guys are left
to stride around the rest of the house you thought you'd owned.

UAC is just the lock on your panic room door, without which you'd be
that much more at risk. Instead of getting angered by that lock, get
angry about why you have to cower there in the first place.

------------------ ----- ---- --- -- - - - -

The rights you save may be your own

 

[kraut]

You can't have what you want, because MS has dissolved the line
between what you (as human user) do during your login session, and
what is done during that session by programs and content that can be
automatically run in various ways, or that can fool you into taking
greater than apparent risks due to a combination of poor UI (e.g.
hiding .PIF extensions) and poor type discipline (e.g. running raw
.EXE code in a .PIF, groping malformed .ANI when "view as text" etc.)

So you have to retreat to the "panic room" while the bad guys are left
to stride around the rest of the house you thought you'd owned.

UAC is just the lock on your panic room door, without which you'd be
that much more at risk. Instead of getting angered by that lock, get
angry about why you have to cower there in the first place.

I guess it has gotten to the point now where MS is telling a person
how they can and can not use their system and what they can do on them
now!! Why should that surprise anyone here?!?!?

If a persons box is connected to the net I MIGHT be able to see the
reasoning behind it what with viruses and all but what about people
who use they boxes without being connected?!?! Beleive it or not
there are a lot of them out there yet!!!

Maybe the next MS system should be named "Hal" and let IT just control
everything about your life!!!

 

[Paul]

Vith Vista, why do I need Yahoo scanning all my email downloads, Norton,
McAfee, firewalls or any of the other protection software?
Personally, I will stick with ME and XP. I have never had a virus or trojan
AND I am careful where I go on the internet.

 

[Guest]

Alright, a most recent experience.

There is a MSN folder in my C:\Program Files (x86) that I cannot delete
because I do not have the permission to delete as administrator. Although I
am logged in, I can do nothing in the permission system to grant me this one
ability that I am missing. Every time I attempt to grant myself the
permission over this single folder (there are others as well), I receive an
"Access Denied".

 

[cquirke (MVP Windows shell/user)]

On Mon, 02 Apr 2007 08:52:49 -0400, kraut

I guess it has gotten to the point now where MS is telling a person
how they can and can not use their system and what they can do on them
now!! Why should that surprise anyone here?!?!?

That's a separate topic, with regards to DRM and other automated
license enforcement strategies.

The point that it has gotten to, is:
- most PCs are on the 'net
- many of these PCs are infected
- many of these PCs have broadband power

The sum total of infected PCs (i.e. botnets) can rival or swamp the
strongest servers in terms of power and bandwidth. Most email is
spam, and 95% of spam is sent through botnets, so in a real sense,
these botnets are a (if not the) dominant infrastructure on the 'net.

If a persons box is connected to the net I MIGHT be able to see the
reasoning behind it what with viruses and all but what about people
who use they boxes without being connected?!?! Beleive it or not
there are a lot of them out there yet!!!

Only if a system is isolated entirely from the rest of the infosphere,
could one expect it to be unexposed to attack. A PC that is not on
the 'net is also not kept patched, and if it's still presented with
USB sticks and CDRs from "outside", it's still at risk - and that
small risk exposure is enlarged++ because of outdated code and av.

Maybe the next MS system should be named "Hal" and let IT just control
everything about your life!!!

The system already controls itself - Windows hardly ever stops
fiddling with things automatically, and that tendency has increased
steadily since the Win9x days.

The difference with UAC is that it asks you first ;-)

See: http://cquirke.mvps.org/exblog/onehand.htm

This was written before UAC was called that, and it attempts to do
what you describe in a more general way - the idea is that uber-hairy
"admin" things should be done in an environment that is automatically
isolated from other systems, hardened internally, and utterly truthful
in UI. An uncomy place for casual use (by design) and unfriendly to
those who need everything dummied down (by design).

IOW: Data access, Internet access, ful system rights. Pick one.

---------- ----- ---- --- -- - - - -

Don't pay malware vendors - boycott Sony

 

[Kerry Brown]

Program Files is a system area. Changes here affect all users of the computer. Because of this there is a change in the way the NTFS permissions are assigned in Vista compared to XP. You must take ownership of the folder. Once you are the owner you will be able to change the permissions as you like. Here is how to take ownership. This is copied from Help and Support.

To take ownership of a folder
1. Right-click the folder that you want to take ownership of, and then click Properties.

2. Click the Security tab, click Advanced, and then click the Owner tab.

3. Click Edit. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

4. Click the name of the person you want to give ownership to.

5. If you want that person to be the owner of files and subfolders in this folder, select the Replace owner on subcontainers and objects check box.

6. Click OK.




Before you complain that you are the only user on your computer you have to understand how Windows works. There are many user accounts on your computer that hackers can take advantage of besides yours. Just a few are Administrator, Guest, Local System, Trusted Installer, Network Service, and more. All of these accounts are protected in various ways and files and folders are also protected from these accounts. It is the way security works. Without this type of security your computer is open to malware no matter what programs you install. The current animated cursors exploit is a good example of the dangers of weak security. In Vista (with UAC on) the damage this exploit can do is minimal even if you have no security programs installed. It is easily repaired and you never lose control of your pc. In XP even with a firewall, AV, anti-spyware, whatever installed if you surf to an infected site the system will be infected and owned by someone else.

 

[Guest]

I feel like I have been hijacked..

On Mon, 02 Apr 2007 08:52:49 -0400, kraut



That's a separate topic, with regards to DRM and other automated
license enforcement strategies.

The point that it has gotten to, is:
- most PCs are on the 'net
- many of these PCs are infected
- many of these PCs have broadband power

The sum total of infected PCs (i.e. botnets) can rival or swamp the
strongest servers in terms of power and bandwidth. Most email is
spam, and 95% of spam is sent through botnets, so in a real sense,
these botnets are a (if not the) dominant infrastructure on the 'net.


Only if a system is isolated entirely from the rest of the infosphere,
could one expect it to be unexposed to attack. A PC that is not on
the 'net is also not kept patched, and if it's still presented with
USB sticks and CDRs from "outside", it's still at risk - and that
small risk exposure is enlarged++ because of outdated code and av.


The system already controls itself - Windows hardly ever stops
fiddling with things automatically, and that tendency has increased
steadily since the Win9x days.

The difference with UAC is that it asks you first ;-)

See: http://cquirke.mvps.org/exblog/onehand.htm

This was written before UAC was called that, and it attempts to do
what you describe in a more general way - the idea is that uber-hairy
"admin" things should be done in an environment that is automatically
isolated from other systems, hardened internally, and utterly truthful
in UI. An uncomy place for casual use (by design) and unfriendly to
those who need everything dummied down (by design).

IOW: Data access, Internet access, ful system rights. Pick one.



Don't pay malware vendors - boycott Sony

 

[Hugh Wyn Griffith]

I do not have the permission to delete as administrator. Although I 
am logged in

Sometimes the problem may be because VISTA has two levels of
Administrator so far as I can see. I'm not technical expert on this but
I get the impression that unless you specify otherwise Users are in
fact labeled as User/Adminstrators (or is it Administrator/Users?) but
there is a higher level of adminstrator set up when you install VISTA
and this top level Administrator log on is hidden unless you make a
change manually somewhere in the innards of VISTA's works.

I did it at the time but forget which message it was here that talked
about it. But I know have a Administrator Icon on my logon screen as
well as the two users.

I did also go in and upgrade my own User Permissions as far as I could
and I've not run into this problem any more.

One more thing I did although I don't know if it actually did anything
was to "tke control" of the entire C: drive that VISTA is on when I
boot to it.

I'm sorry not to be able to give you a path to follow but I'm sure
others can, if these hidden barriers are part of your problem.

 

[Ronnie Vernon MVP]

Even a system that is not connected to the internet is still at risk. Every
time a CD/DVD/Floppy Disk or any other kind of media is inserted into the
system, there is a risk.

Social engineering (security)
http://en.wikipedia.org/wiki/Social_engineering_(security)#Trojan_horse.2Fgimmes

Another issue is that with the proliferation of broadband any PC that does
get infected has the potential to broadcast that same infection to other
systems, worldwide in the time span of a few minutes. So the statement
"These security issues do not affect ME and if MY system does get infected,
that is MY problem" is no longer legitimate or responsible.

 

[Kerry Brown]

Both of those actions have compromised the security of Vista with no real
benefit to you other than a few seconds of time if and when you have to
modify permissions in system areas.

 

[Hugh Wyn Griffith]

Possibly but I operate in a pretty secure environment and my present
goal is to explore rather than depend on.

 

[Kerry Brown]

I can see people not liking UAC and turning it off even though I don't agree
with them. The changes you made really have no impact on using the computer
so I don't understand why you'd compromise security to make them. I'm not
trying to start an argument. I'm just trying to understand what the benefit
of the changes might be.

 

[cquirke (MVP Windows shell/user)]

On Mon, 2 Apr 2007 09:50:01 -0700, D3DAiM

Alright, a most recent experience.

There is a MSN folder in my C:\Program Files (x86) that I cannot delete
because I do not have the permission to delete as administrator. Although I
am logged in, I can do nothing in the permission system to grant me this one
ability that I am missing. Every time I attempt to grant myself the
permission over this single folder (there are others as well), I receive an
"Access Denied".

I'll ask the obvious questions...
- what file is it and where is it located?
- what put it there?

Not all blockages are UAC etc. If you can happily manage other files
within "C:\Program Files" except this one, then I doubt if it's UAC.

It's either actively-asserted behavior, or the app has tatoo'd itself
with NTFS permissions that precludes your control, or both.

When software acts against your interests, and does so without
disclosure, I consider this malicious, hence "malware".

Such malware includes:
- traditional viruses and other extra-legal malware
- legal or pose-as-legal commercial malware, unwanted spread
- malware in wanted software, self-serving, e.g. license enforcement
- malware in wanted software, serving others, e.g. DRM
- custom software installed by a "personal" adversary

Antivirus scanners should pick up the first and some of the second,
and "antispyware" should pick up the second and some of the first.
It's up to you to detect and manage the next two, since law and the
industry are not on your side.

The last is the toughest, because the software you are after may be
unique to your system (i.e. custom-written for your attack), and if
so, nothing will recognise it on a black-list detection basis, and
searching forums won't find exact-match help either.


Oh duh, on re-reading this I see it's the MSN folder itself that you
are trying to kill. Perhaps that's specifically protected by the OS
(a la System File Protection, later called Windows File Protection,
that came of age in WinME?).

I can't think of any reason why you or the system would "need" MSN
that isn't a leveraging of the desktop monopoly by MS. Any takers?

Actually, I'll leave the stuff I wrote first, in place, because it may
still apply. Malware can use any names, including those normally
associated with other (legitimate) things, so...

-- Risk Management is the clue that asks:

"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"

 

[cquirke (MVP Windows shell/user)]

On Mon, 2 Apr 2007 12:54:15 -0700, D3DAiM

I feel like I have been hijacked..

I know the feeling, but it's a 2 x 2 state chart...

I feel like I've been hijacked I feel OK
I'm hijacked A B
I'm OK C D

Guesstimate % pie chart slice size for states A, B, C and D

Next, weight the significance of states A, B, C and D

What pain do you want to endure today?

---------- ----- ---- --- -- - - - -

On the 'net, *everyone* can hear you scream

 

[Jupiter Jones [MVP]]

But only to itself as long as NOTHING leaves that computer.

 

[Hugh Wyn Griffith]

I'm not trying to start an argument. I'm just trying to understand what the
benefit of the changes might be.

I fully appreciate your position and not being screamed at for my stupidity
<g>

I guess the short answer would be irritation while setting up the system and
adding applications and utilities a step at a time coupled with the hope that
the changes would reduce the number of times I was stopped in my tracks and
told I was not authorized to do something when the label attached to me as a
user said I was an administrator as well.

Having found empirically that Run as Administrator would allow installation
more smoothly I have tended to install everything that way and wanted to up my
Permissions to match.

There is absolutely no danger of any third party sitting down at my computer
and creating havoc as an adminstrator -- I can do that very well unaided --
and given a hardware firewall plus sotware firewall, phishing protection not
just from the system but from my own knowledge of what that is all about
coupled with the way I use the internet .... is why I say I have a fairly
secure environment.