04-03-2011, 03:57 AM
(This post was last modified: 04-03-2011, 04:47 AM by nosisab Ken Keleh.)
Too sad when running an administrative account is "not enough" for gaming. What are you really trying when treating your users as dumb until proving otherwise, Microsoft? and even then...
Just never install games under "Protected" folders in Vista or Seven... this includes all and each folder under the "users" folder.
To be on the secure side, create a folder from scratch and avoid it inside any provided MS folder. C:\Games for example is fine and keeps everything organized at one place.
Do not install directly under the Documents folder... this can be worsen yet than C:\Program Files because it is a "protected folder" even under XP. Avoid the Desktop because it should not have anything other than shortcut icons (and even so, not many of them)... and so on.
Having to run as "Da Administrator" is a clear signal something is deeply wrong already.
PS: Be aware the User has all rights over his/her Documents folder... but applications trying to run from there ARE NOT the user, so... expect problems arising doing so (inheriting the user's rights is not enough to convince the OS they are the same thing).
To understand a bit more how the security mechanisms work, not even the administrator can directly alter files which do not explicitly includes rights for the admin group. Although the administrator can change the files properties, it can't edit a file there until the correct right is explicitly given,as example.
On the other hand, the administrator is a very special "user" to the OS, it's an account that can bypass some security measures which common administrative accounts cannot, which explains the ability to bypass certain measures which the administrative account can't even when that administrative account is the "starter" of it's own application... a BIG security hole running as The Administrator, far greater than disabling the infamous UAC.
In fact, the concept of account rights only scratch the surface of security mechanism, to better understanding one would need to know how the SID (security identifier) works, a long and boring subject for most but the hardcore tech (geek?)... still not necessary at all to do the right thing, is enough to follow the solid ground and things roll smoothly and without traumas.
Just never install games under "Protected" folders in Vista or Seven... this includes all and each folder under the "users" folder.
To be on the secure side, create a folder from scratch and avoid it inside any provided MS folder. C:\Games for example is fine and keeps everything organized at one place.
Do not install directly under the Documents folder... this can be worsen yet than C:\Program Files because it is a "protected folder" even under XP. Avoid the Desktop because it should not have anything other than shortcut icons (and even so, not many of them)... and so on.
Having to run as "Da Administrator" is a clear signal something is deeply wrong already.
PS: Be aware the User has all rights over his/her Documents folder... but applications trying to run from there ARE NOT the user, so... expect problems arising doing so (inheriting the user's rights is not enough to convince the OS they are the same thing).
To understand a bit more how the security mechanisms work, not even the administrator can directly alter files which do not explicitly includes rights for the admin group. Although the administrator can change the files properties, it can't edit a file there until the correct right is explicitly given,as example.
On the other hand, the administrator is a very special "user" to the OS, it's an account that can bypass some security measures which common administrative accounts cannot, which explains the ability to bypass certain measures which the administrative account can't even when that administrative account is the "starter" of it's own application... a BIG security hole running as The Administrator, far greater than disabling the infamous UAC.
In fact, the concept of account rights only scratch the surface of security mechanism, to better understanding one would need to know how the SID (security identifier) works, a long and boring subject for most but the hardcore tech (geek?)... still not necessary at all to do the right thing, is enough to follow the solid ground and things roll smoothly and without traumas.
Imagination is where we are truly real
