Coming from a technical UNIX background it seem intuitively obvious not to run as root in this dangerous world. This wasn't always an option on Windows at all, and not very practical on Win2K when it runs the personal machine with which you constantly explore new programs. Work machine, sure, you actually have to go through a special procedure at Nokia to get Administrator rights on the standard Win2K image on the desktops. And I fully understand why: keeping 40K users from corrupting the Intranet and taking everybody down is not just a matter of avoiding nuisances, it is vital to the company. I remember the pain we suffered when mail wasn't working for a day or two, and I understand that Nokia Business Infrastructure is in no mood to re-live those days just because somebody needs weatherbug in their task bar tray.
I am basically the sysadm at home. So I try to explore best practices some. And I don't click on received executables and I don't click "OK" on pop-up windows for a Bonzi Buddy -- if I even see them, I asked
So now that we are both on XP I am experimenting with having my daily account have Power User priviledges, and no more. To stay safe. SO nothing I may run or do can hose the machine, it just hoses the 'fj' account. I did make an Administrator account -- which I couldn't call 'Administrator', much to my chagrin, because XP says that account already exists eventhough I can't find it. And XP allows a user to easily switch accounts without having to shut down work like 2K made you do. And even as 'fj' I can run an install as Administrator by right-clicking and selecting 'Run As...' and entering the Administrator account credentials.
Actually, not quite. If I download a program I want to install under the 'fj' account, I first have to move it to the Shared Documents directory, and do 'Run As...' Administrator from there, because if I try to run it with Administrator priviledges from the 'fj' desktop, the execution will always fail because the Administrator account can't see 'fj''s files. Some root that is.
So I make the install work by running it from the right place with the right credentials -- most installations insists on being run with full Administrator powers -- and then most will leave program shortcuts on everyone's desktops. Which I can't remove from 'fj''s Desktop. Logged in as 'fj', I do not have the priviledges to remove a shortcut that an Administrator left. Logged in as an Administrator account, I cannot access 'fj''s Dektop. Obviously I have to give the Administrator account access to 'fj''s files, but I can't find the Properties tabs for that.
I am sure there is a way, but the second problem is that many applications are not happy being run by someone else than the account that installed them, and certainly not with fewer priviledges. I tried out Dean's new webcam and I installed the application software fine -- as Administrator -- but the shortcuts on 'fj''s Desktop simply would not run.
Doing The Right Thing is turning into a pain. I think I may delete the Administrator account soon after I add 'fj' back to the Administrator group. XP may be ready for lesser priviledged users running as default, but the vendors are not.