9
4
I am using Windows 7 daily as a limited user with UAC enabled. I log in as $USER and have have a dummy user called $ADMIN with Administrative access I use for elevation purposes.
Unfortunately, some elevated applications are aware of being elevated: running Explorer as admin still shows $USER's folders and permissions. Some other applications are not, and will try and access $ADMIN's folders and permissions.
In particular, I used a program (yes, I'm looking at you, TuneUp 2010) to find and delete cruft from my system. Unfortunately, when an elevated TuneUp deletes files it uses the $ADMIN's recycling bin.
Now. I don't want to log in as $ADMIN. It's a dummy account. It isn't supposed to be logged into. It's just there for elevation purposes. I don't want it to have a profile, a home folder and settings for it.
So what I want to do is use elevation to access $ADMIN's recycle bin and cleanly empty it. Windows seems to offer no way to do so, unfortunately:
- Running Explorer as $ADMIN from the GUI will result in the $USER's folders being used. Running explorer as $ADMIN from the command prompt (using the elevate powertoy, for example) results in the following error message:
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.
[OK]
- Running
start .
from an elevated command prompt results in the above error message. - Running notepad as $ADMIN and using the Open dialog as a primitive Explorer shows no way to access the recycling bin. Right clicking files from that screen will result in a temporary hang and in no menu being shown.
Attempting to open the raw Recycling bin "raw" folder,
C:\$Recycle.Bin\S-1-5-21-1970411373-1708269306-xxxxxxxxxx-1007\
, from the above Open dialog results in the following error message:
Recycle Bin
You don’t have permission to open this file.
Contact the file owner or an administrator to obtain permission.
[OK]
I "fixed" the issue by issuing "del * /S /F /Q" from an elevated prompt from inside the bin "raw" folder but that's obviously not the way to go.
What should have I done instead?
It seems my question was not clear enough. How surprising. :)
Here's what I am trying to achieve. All I want to do is open this window as $ADMIN:
I also asked on http://social.answers.microsoft.com/Forums/en-US/w7security/thread/e738fdbd-15af-4010-939e-82582cdfbc33
– badp – 2010-01-24T16:30:44.110With UAC enabled, is there a reason not to use the admin account everyday? I have a admin account, but it works as regular user, unless I confirm that a specific task should be done as administrator. With this using two accounts should not improve security... – Lukas – 2010-01-27T14:56:34.323
Yep, there is. UAC as Admin defaults is just as good as no UAC. UAC as Admin maxed out is far better but offers no protection from people around you -- to name one scenario, if you forget to Win-L as you leave your computer, there's nothing stopping a 'friend' to 'pwn' it (you can create an admin account to reset passwords from). – badp – 2010-01-28T11:26:52.657