Quote:
|
Originally Posted by jaguar
It is impossible to change that security model now without breaking a *lot* of applications, that's the problem.
|
I thought the same thing at first, but upon examination, it seems one solution would be relatively benign... to mimic the functionality and behavior of Unix's SuperUser ("su") command.
Windows already has a relatively safe "Restricted User" security role in Windows XP, it just isn't the default out-of-the-box. By default, Windows has the user use a full Administrator account. So here's what MS oughtta do...
1) During Setup, prompt the user to create one or more user accounts for the computer (these are Restricted User accounts).
2) After creating those users, Setup should allow the user to set an Administrator password, with a blurb explaining the purpose of Administrator (only for installing software, advanced configuration, etc)
3) After installation, if/whenever the user tries to log on as Administrator, they see a warning that running as Administrator may compromise their system security, and are they sure?
Then, when the user needs to run a process with Administrator priviledges, either A) the user uses the already-present context command "Run As..." to run it as Admin, or B) they run the program, and when Windows determines they lack the necessary priviledges, instead of just saying "You can't do that," it says "This action requires Administrator priviledges. Please enter the Administrator password or press Cancel."
Then, only that process runs with Admin rights, and all of the modifications are limited to Windows
behavior... no changes to the actual security model.
I oversimplify, perhaps?