My XP Non-Admin Configuration
Having been unable to find the document I know I wrote documenting the stuff I did to set up my non-admin environment on prospertine, I’m starting from scratch.
First, during setup anelson had admin rights; there are some security issues with this, as the user anelson will have write privs on some folders that he shouldn’t, but I’m not going to worry about that now.
I created an admin user, god (no, I don’t use the stock Administrator account). I removed my user account, anelson, from the Administrators group.
I added anelson to the __vmware__ group so I can still use VMWare, and granted Log on as a batch job permission as well.
Next I set up my environment based on the Keith Brown’s guidance:
I created a folder, G:\Tools\AdminShell, which still store all the admin stuff.
In this folder, I created admin_shell.cmd, which will be used to start an admin shell based on Keith Brown’s, but without the domain credentials since I’m not on a domain.
That’s a start, but there are a few things I have to do with admin privs rather often:
- Munge firewall rules
- Browse the filesystem and run files
- Access the control panel
The last two can be done from Explorer, but explorer.exe can’t simply be run from an admin shell, since it will instead adopt the credentials of the existing explorer window. The relevant blog post offers a workaround.
Non-Admin and Automatic Updates
Prospertine is the first machine I’ve run primarily with a non-admin user account, as per Keith Brown et al. After several months of this, I still come upon minor gotchas from time to time.
In this case, I awoke to find prospertine had rebooted. In the world I come from, where hardware drivers suck and are only sort-of compatible w/ the rest of the system configuration, this can only mean one thing: BSOD. So, I dutifully check the System log for the STOP message, planning to fire up WinDbg to view the mini dump and determine which buggy device driver screwed me this time. To my surprise, there was no bugcheck; only a flurry of log messsages about Automatic Update around 3:00AM.
It seems that, when you’re an admin on a default Windows install, you’re prompted before installing updates, and again before rebooting. As a non-admin, you’re not given the luxury of an option.
At any rate, I opened the Automatic Updates control panel (as an admin, obviously), and switched from Automatic to ‘Download…but let me choose when to install…’