Logo

MS Windows knows how to su

Windows was born in a single user environment. The end user of a Windows machine was also its administrator, responsible for such tasks as installing new software, performing back-up and other maintenance tasks. This meant that for early versions of Windows, there was no restrictions on what the end user was allowed to do. Whoever was sitting in front of the computer was also its master.

Later, starting with Windows for Workgroups, the concept of multiple users appeared, but without adding significant levels of protection. The “users” were little more than perstistent profiles. Each “user” could have a different type of background wallpaper on the desktop, but had access to enough of the system to FUBAR it at any time. Starting with W/NT, however, “real” users with privileges and data protection emerged, and after the release of SP2 for W/XP in the fall of 2004, Windows has become an industrial strength multiuser system.

In a world full of viruses, spyware, backdoors and worms, it does not make sense to read email from an account has full access to the computer system - even if you are its sole user. By setting up your standard user account with restricted access, malware embedded in email attachments will not be permitted to corrupt the system, even if you make a mistake and run them.

Using MS Windows from a restricted account used to be a royal pain. Sometimes, Administrator's rights were required. To become Administrator, one had to save all unfinished work, close all windows, log out, and log in again as Administrator. The hassle caused most users – including yours truly – to use the Administrator account for everything.

Now, it is time to change. There is now a Run as … command (discussed here) in MS Windows. Old Unix hands will recognize it as su. What it does is that it lets you take on a different identity, such as that of system Administrator, for performing a specific task. To use Run as …, you right-click on a shortcut program icon, and select Run as … from the pop-up menu.

This means that when you are doing things on the computer that doesn't require you to be Administrator, you can do so from a ordinary user account (Limited User in Microsoft-speak) and have the extra levels of protection that this affords. But for the rare occations when you do need the privileges of a system administrator (such as installing new software), you can use Run as … to step into the required role for a very limited time.