Selecting an action to apply under standard user accounts

[Guest]

I run windows defender under a standard user (non admin) account. Whenever it
detects a change I get the bubble and can click it to review, however the
action is greyed out and I can't accept or deny the change. If I go into the
admin account then it is not greyed out and I do get the option. I have
checked the "Allow users to use Windows Defender" and the option is ticked.
When I uncheck the option I am not even able to run Windows defender at all
in the standard windows account.

So my question, how can I allow/deny items when using a standard user account?

I am using version 1347.

Thanks

 

[Guest]

From the lack of replies should I assume i'm the only one who works under a
nonadmin account or is it because i'm the only one who's unable to use the
software under a non admin account?

 

[Bill Sanderson MVP]

I read your message, and didn't think I had a useful reply to make, so I
didn't.

I'll freely admit to not following best practices--which is what you are
advocating! I do have client offices that operate in this mode, but they
are autonomous enough that nobody has brought this question up with me.

I doubt this is an anomaly in your particular install, so the only hope I
can hold out is that the product is still in development and being refined
before release--and that feedback here is read/
--

 

[Guest]

Thanks for the reply Bill. Even though you don’t have an answer for me it’s
nice to hear what you think. I’m pretty sure it’s the software and not the
system, even more so now I’ve tried it on two other systems. So hopefully
this will be “fixed†in the final version.

 

[Bill Sanderson MVP]

I hope so too, but I do wonder whether this will be the way it is with XP,
with, perhaps, finer-grained control on Vista.

The office that I work with which runs as limited user has a very small
workforce. They each know their own user account and password, and the
admin password on their boxes, but use the admin password only when
necessary.

For a small trusted group, this works well--but it sure isn't the common
situation.

--

 

[Guest]

I hope so too, but I do wonder whether this will be the way it is with XP,
with, perhaps, finer-grained control on Vista.

The office that I work with which runs as limited user has a very small
workforce. They each know their own user account and password, and the
admin password on their boxes, but use the admin password only when
necessary.

For a small trusted group, this works well--but it sure isn't the common
situation.

It's funny how this 'best practice' of using an admin password for
admin-like tasks and user password for user-like tasks got lost.

I was a sysadmin for a company in 1986 that had Vaxes, and this is
*exactly* what we did then.

It took Microsoft 20 years to bring it back or to implement it...

 

[Bill Sanderson MVP]

It's funny how this 'best practice' of using an admin password for
admin-like tasks and user password for user-like tasks got lost.

I was a sysadmin for a company in 1986 that had Vaxes, and this is
*exactly* what we did then.

It took Microsoft 20 years to bring it back or to implement it...

I don't think you can blame Microsoft for this, except to the extent that
they fail to hold vendors noses to the grindstone. Microsoft has had this
as a best practice for some time, I believe--but there are a good many high
profile apps that just don't work properly.

And, look what happens when Microsoft DOES hold companies to a higher
standard with a new version of Windows--McAfee et al are proclaiming to the
world that Microsoft is trying to make the world less safe and ruining their
business!

 

[Guest]

I don't think you can blame Microsoft for this, except to the extent that
they fail to hold vendors noses to the grindstone.

I disagree - "default" permissions for new users in Win98/NT/2000/XP
were administrator privileges.

I see your point, or perhaps we're saying the same thing. MS probably
did this because it wanted to make the most user-friendly experience.
Enabling all privs makes the most features available to the user.
However, it does the same for hackers, too.

It's akin to airline security now not allowing users to take fluids
onboard, since a supposed plot was uncovered. The tighter the security,
the less the risk and the more inconvenient it is for the users/vendors.

Microsoft is responsible, as are the airlines, for educating the
stakeholders (users, vendors) about best practices when a security
change is made. Not being a vendor, I can't speak for how well MS has
done this with changes made to Vista. Perhaps some of the third-party
complaints about lack of adequate information are valid. I know it is
not easy, given that Vista is behind schedule and many of the features
were scaled back. It's hard to prepare third parties when you're not
exactly sure what you're going to release one year prior.

I don't buy the complaints about Kernel protection from McAfee and
Symantec. It's the same as people complaining about Swiss Army knives
being disallowed in carry-on bags.

BTW, thanks for not top-posting, Bill!

 

[Guest]

This issue has NOT been fixed with the release of Defender Final version.
Limited user XP accounts cannot click to "allow" changes in Defender because
that button is grayed out. This is not a matter of me choosing to run on a
limited account instead of on an admin account. It's a matter of my makeing
my wife run on a limited account. Defender does not provide limited users
with the options they need for it to be helpful. Spysweeper can function
properly on a limited account (with certain admin features disabled) - why
can't Defender? I just found out this week and was very surprised when I saw
it. I though Defender was fully compatible with multiple user home PC's
having 1 admin account. Geez o' Pete!!! What kindn of "Security at Home" is
provided if all users have to run as administrators!!! I am MORE than
disappointed with Microsoft over this stupidity.

 

[Guest]

I'm pretty disappointed about this too. If Microsoft can't get Windows
Defender to work in this mode, then why should I expect Vista to be as secure
as they claim. If they don't apply their own security recommendations to
their own software now, why trust claims for the future. Come on Microsoft -
sort out this potentially useful software so it is useful for users who care
about security - that's your market!