2
This question is how to run with least privileges. This is not (really) about running with elevated privileges.
First let me clarify a couple things about the general understanding of Windows 7 account privileges.
Every Windows 7 OS must have at least one user, and at least one Administrator user.
Therefore the first (and often only) account on Windows 7 poly-fills as the Administrator user, although there is another, separate Windows 7 user named 'Administrator' which can be manually enabled, once the initial account is setup - this account is the true 'Administrator' which cannot be affected by things such as e.g. UAC.
UAC is (primarily) a mechanism to alert a user that a program is trying to access some secured resource, and provide them with an opportunity to validate the procedure by entering a username/password. This provides users with a better set of security options since they can authorize everything they need to themselves on their personal devices, but they also don't just anything run amok on their computer (unless they allowed it to of course).
Now, when this user attempts to run a cmd prompt, I've noted that unless the user specifically runs e.g.
runas /user:myonlywindowsuser cmd
This cmd prompt does not load the (default) user's profile.
Given what I've said above, it doesn't seem to make a whole lot of sense that a users profile would not be available to them for a command prompt. However, this is what seems to be the case. My question then is as follows:
- Is there something missing here? Is this actually possible? Without using a password, and without setting up multiple accounts - I do not consider runas a realistic answer, since the user has already authenticated themselves and is asking for nothing more than access to stuff they already don't need to query UAC for.
- Is there some other security architecture of Windows 7 which I'm missing which does, in fact allow this, but in an entirely different manner?
I will say that I'm more comfortable with the concept of user security spaces, so perhaps this problem is caused by the way Windows handles all security in the first place?
Note: I am aware of the following question: Command to run an application with Administrator privileges, but NOT AS administrator (prompt with UAC)
And I've tried its suggestion and met with limited success - the compatibility tab seems to have disappeared for symlinks, and so its no better than simply right clicking and 'running as administrator'. Which, most confusingly, works at all. As a final question then:
- How does that make any sense? I have access to more, unprivileged profile, when I elevate the console? What? Is this just a permanent bug?