16 Dec
2005
16 Dec
'05
7:26 p.m.
On Fri, 2005-12-16 at 18:27 +0100, David Hinz wrote:
Maybe we should do it the unix/linux way, there is a
root user, called
administrator, he is allowed to do everything, but by default you
shouldn't be able to login as administrator (the way it is on ubuntu and
some other linux-distributions).
[snip]
Windows Vista starts to put in a framework for something like this,
whereby if the user doesn't have admin privilege on the workstation,
they receive "virtualized" copies of the system folders. It is sort of
like the BSD chroot jail, but you can't alter system-wide attributes.
Also, "Administrator" is the only account that can do a lot of things.
Even other designated computer administrators cannot do some of the
things that the Administrator can do, such as burn CDs, without help
from another set of privileges. In using the system, it's Windows, for
sure, but it doesn't work the way you would expect Windows to work, and
it breaks a good bit of software.
Now, mind, Windows Vista isn't released yet, so they're going to be
working on addressing some of those issues (so they claim), but it's a
pain in the behind. I couldn't figure out, for example, how to grant
special privileges to the other computer administrators, such as the
ability to use some of the control panels (Device Manager within System,
being one of them). You could view the list as another computer admin,
but you couldn't install drivers or any of the like without logging into
the administrator account. I found that pretty annoying, since I could
not find a way to grant that ability to another computer administrator.
Be careful, many applications make assumptions about how the security
mechanisms work, and if they do not work in the way that is expected,
they unexpectedly bail. That is also kind of annoying. Only a small
handful of applications can detect that scenerio and warn the user (such
as Nero).
Just a heads up. :)
Later,
Mike