If I purposely lock myself into a Standard User account, am I going to cause problems for myself later?

I'm an intermediate to lower-advanced level user --- I work in IT, do a bit of programming, etc. One of the things I'm a real stickler for in programming is "best" practices, or going out of the way to do things in good form, rather than just duct tape over problems to get them solved. I recently came to the realization that I like my code as clean and as best practice-y as possible, yet I don't even remotely handle my own personal PC (Windows 7 Ultimate) with care or do anything even remotely "right" at home. I am Administrator, 24/7, period. I just hit "Yes, okay Unknown publisher, please annihilate my PC, thanks" on every single popup I get because I can't be bothered. So I thought it's time to format this baby, and start clean, and do this right.

That being said, the all around best advice and starting point, period, is to simply not use Administrator. Fair enough. I'm totally fine with creating a separate "true" Administrator account, and then using a Standard User account...except that in my experience, there are always unforeseen consequences to decisions like this, especially when encountering poorly designed software.

Particularly, to offer an example of why this makes me cautious, I live and work in Japan, so my PC locale is set to Japan, as is my OS language. A seemingly innocent choice when installing Windows 7, right? If I had a nickel for every time I've run into unforeseen consequences of this (i.e. software that freaks if your locale doesn't fit what they designed it for, garbled menus, etc.)...I'd still be very poor with this exchange rate, but I'd have a ton of nickels. One game that actually costs money (Dungeon Defenders, ahem), has a "known issue" being "worked on" (of course you don't find that small print until after you've paid for it), which will cause the game to crash if your PC is not set to a locale the game likes, Japan being one of them.

That being said, along the same lines of "unforeseen consequences," am I setting myself, as an intermediate'ish user, for frustration, or perhaps even some pieces of software that simply will not work? Particularly what I'm worried about is the more advanced stuff I do, like my local SQL server, Visual Studio, using open source software and plugins that like to hound me for permissions, etc. I don't mind being asked for permission every 5 seconds, or logging in as Administrator to install stuff, that really doesn't bother me, what bothers me is if I start running into stuff that I just have to run as Administrator anyway, and it can't be properly configured to run as a Standard User.

(I've found tons of stuff on this topic for setting PCs up for parents and grandparents, but not so much well documented stuff for purposely limiting yourself as a somewhat literate user).


Solution 1:

You will likely not be totally fine, but the issues should be minimal.

I have been running my developer PC this way for almost two years now, and it has been a while since I've seen any developer tools that even complained, let alone refused to work. Visual Studio and SQL Management Studio run fine without administrator rights. Permissions on databases can of course be adjusted so your normal user account can perform whatever tasks you need. [Soap Box] In fact, I would say you should run Visual Studio without administrator rights, even without elevation. The main reason we have this problem you're bringing up (can I run safely without administrator rights) is that developers write their software with administrator rights and never really test the software without. If our fellow developers did what you're doing years ago, you wouldn't be concerned enough to ask this question. You could safely assume things would work. [/Soap Box]

As for those applications that claim to require administrator rights, most of them can be fixed. You simply run Process Monitor (http://technet.microsoft.com/en-us/sysinternals/bb896645) and the application, and then look in Process Monitor's log for Access Denied messages. Change the permissions on the objects in question (registry keys or files), and the application will likely work. I work at a college, and we do not allow students to have admin rights in our labs. We've been doing this Process Monitor fix since the Windows 2000 days, and we've had great success.

One note about Process Monitor if you've never used it for this purpose. Often, programs will complain about not being able to read/write some important system object, such as C:\Windows\Explorer.exe or HKEY_LOCAL_MACHINE\Software. As a developer, you know these objects are critical and should not be wide open for access, as it defeats the point of running as a standard user. Look for other Access Denied messsages, and you'll likely find C:\Program Files\SomeApp or HKLM\Software\SomeApp. Those are likely your trouble spots.

Solution 2:

"I'm totally fine with creating a separate "true" Administrator account, and then using a Standard User account"

That's what I do (Win 7) and it tends to work (for the most-part). Linux works like this too; but it's even more extreme, where each application typically has its own user and you NEVER log-in as root. Some distros won't even let you log-in (via the GUI) as root. If you find that you're going to be in Visual Studio or SQL Server Management Studio a lot, you can set them to run as Administrator automatically.

The main thing I would be concerned about (with logging in as Administrator) is your web browser. Your web browser is one of those things that should not be running as admin. It's a simple case of risk vs. reward. There's nothing your web browser should be doing that requires the admin user, so it's best not to risk it.