CSAS 2009

Running Windows as a Non-Administrator or how I learned

to love “User”

By: Kasey Dennler

Running Windows as a Non-Administrator

• Here is what we are going to talk about today

– Why should I be running as a non-administrator on my machine?

– How do I run my machine properly as a non-administrator

– Common misconceptions surrounding running your machine as a non-administrator

Why should I be running as a non-admin?

• Why, do you ask?

– Security

–Security

–Security

Why should I be running as a non-admin?

• Here are 4 reasons you should not run as administrator– You could potentially lose control of

your entire system– Remote code execution– New services can be installed or old

services can be stopped– You could potentially become a risk to

the entire UI Network

How do I run as a non-admin

• So, now that I have successfully put the fear of being an administrator into you. What should you do?– Run as a user– Use software / hardware to allow

problematic or legacy programs to run with the rights they need

– Employ different software / hardware solutions to allow for users machines to be kept in a known good working state

Running as a user

• What is UAC?

• Benefits of having a separate admin account to make changes.

• Can you remotely work with UAC?

• Drawbacks for using UAC.

Running as a user

• What is UAC– (User Account Control) The management of

user accounts in Windows Vista. Because malware has greater control of the computer when it is running in administrator mode, UAC was designed to enable more users to run their computers as a standard user rather than as administrator. A computer is more secure against attack if it is running with fewer privileges.

– ZDNet Definition for UAC

Running as a user

• What is UAC - continued– Admin Approval Mode

The default mode in UAC is the Admin Approval Mode, which requires administrators to approve functions that were allowed in Windows XP without a prompt. For example, although standard users are unable to add programs, a user running as administrator does have the right to install new applications. However, in order to prevent unwanted programs from being slipped in "under the covers," the administrator must approve any installation first.

Running as a user

• The many faces of UAC

Running as a user

Running as a user

Running as a user

• Benefits of having a separate admin account to make changes– There are already exploits for bypassing

UAC when your account is already an admin– UAC will ask for a password– Access to network resources can also be

handled differently– Runas a different user without having to

grab sysinternals run as utility (just select Run as Administrator)

– Eat your own dog food (when managing other users)

Running as a user

• Can you remotely work with UAC?

– Microsoft's RDP works properly

– There are limitations with other remote client software

Running as a user

• Some common drawbacks for using UAC– Access to network resources is

different (don't expect your U: drive to be available in another session)

– Windows explorer cannot be run as another user, use xplorer or another alternative

Using software to solve problems……• Use software / hardware to allow

problematic or legacy programs to run with the rights they need

– Application Issues

– Virtualization

– Maintaining the integrity of my system

Using software to solve problems……

• Application Issues– Problems running– Writing data to profile folders

(redirection necessary)– Security (managing file and registry

permissions)– Working with the vendor– Using tools, like process monitor to

watch usage– Viewing registry before and after

Using software to solve problems……

• Virtualization

– Thinapp

– App-V

– Sandboxie (also can be used to determine registry and file permissions needed for application)

Maintaining the integrity of your systems• Employ different software / hardware

solutions to allow for users machines to be kept in known good working state

– Using AD sourced accounts

– Maintaining the system

– Default user profile

– Shared computer toolkit/Deepfreeze / SCCM (App-V)

Maintaining the integrity of your systems

• Using AD sourced accounts

– Maintaining access

– Disabling and deleting local admin access (physical access to machine allows break-in if necessary)

Maintaining the integrity of your systems

• Maintaining the system

– Auto-updates

– Installing new software

– Managing "All Users" content

– Sysprep

Maintaining the integrity of your systems

• Default user profile

– Common configuration

– How to...

– Redirecting folders to U: drive

How do I run as a non-admin – recap

• How do I run as a non-admin

– Run as a user on your machine

– Using software to solve problems……

– Maintaining the integrity of your systems

Common Misconceptions

• So now lets talk about some common misconceptions about not running as an admin on your machine.– #1 – I will not be able to do my job

unless I am logged in as an administrator

– #2 – I will not be as productive on my machine as I was as an administrator

– #3 – I really just don’t want to…..

Common Misconceptions

• I will not be able to do my job unless I am logged in as an administrator

Common Misconceptions

• I will not be as productive on my machine as I was as an administrator

Common Misconceptions

• I really just don’t want to…

CSAS 2009

Questions?