Why do I need to run commands as administrator if my account is member of administrator group?
If my account is already a member of the administrator group why do some functions on Windows 7 require me to run them as administator? I kind of thought that was implied?
Solution 1:
When you successfully log in to a Windows machine, an access token is generated which represents that login session. Among other things, this token contains your username and the groups in which you are a member.
All programs you launch during that session have a reference to this token. When a program wants to do something, it presents the access token to Windows, and Windows uses it to verify the user is authorized to perform that action.
The problem with this is that when you log in as an administrator, every program you launch is running as an administrator. This is convenient but also means that mail readers, text editors, and every random program you download and run have the ability to hose your system if they want.
This is the problem User Account Control is designed to solve.
When UAC is enabled, when administrators log in they are assigned two separate access tokens:
- One standard token containing all group memberships except for "Administrators".
- One elevated token containing all group memberships, including "Administrators".
During normal usage, the standard access token is used. When a program is launched using this token, it has the same rights as a standard user. If it tries to do something that only Administrators have access to, Windows will deny access because the standard token does not contain a membership in Administrators.
If you launch the program "As Administrator", Windows gives the program the elevated token instead of the standard token. Now, any time the app tries to access something restricted to Administrators, the token will contain that membership and the operation will succeed.
The purpose of UAC is to reduce the number of programs that have administrative control of your computer. Text editors and mail readers normally shouldn't need to run as administrator, so seeing the UAC dialog appear for these programs should be cause for alarm, or at least some scrutiny.
Microsoft's explanation of UAC and some steps for dealing with it are available as well.
Solution 2:
The idea is to provide least privileges.
The principle of least privilege is widely recognized as an important design consideration in enhancing the protection of data and functionality from faults (fault tolerance) and malicious behavior (computer security).The more programs are run with administrative credentials, the more vulnerable you are to faulty or malicious software. The compromise that allows you to do things that require administrative access without doing all actions with that level of access is to explicitly prompt on a case by case basis - just because you are in the administrative group does not mean you want to provide every program you use with full administrative powers.