Re: [Full-disclosure] [Fwd: Re: windows future]

[Peter Besenbruch <prb@xxxxxxxx>]

On Friday 28 August 2009 08:29:48 Thor (Hammer of God) wrote:
> Maybe I'm not saying it properly... (and I won't belabor the point
> anymore).  If you want a password instead of a click, then set it to
> "prompt for credentials" rather than "prompt for consent" for
> *administrators*.

Understood. I also understand you can set up Vista to use normal users. My 
objection is to Microsoft's default behavior.

> > We basically agree on the main point: Separate user and administrator
> > accounts are better. I wonder if Micosoft will start enforcing that?
>
> The "wonder if MSFT will start enforcing that" is already answered - they
> do, and HAVE been.  Even with XP you could "run as administrator."  I used
> to do it all the time. I actually like the UAC in Vista/Win7 better as it
> gives seamless admin capabilities while interactively logged on as a normal
> user.

There is a difference between being able to do something, and enforcing it. 
The OS on my machines will not allow a person to run an administrative 
desktop. It enforces the separation between the administrator and a normal 
user by requiring the creation of at least one normal user at install. Only 
that normal user can log in. Microsoft encourages the opposite behavior by 
default. I know of no Vista home user who runs as a normal user.

I guess it's good we had this conversation; I got to meet someone who sets up 
Windows properly on his personal machines. ;)

-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/