Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Why can't I get full control of my system?

Dec 6, 2009 4:02AM PST

It is really annoying to me that MS treats me like a child, by not allowing me to take full control of my system. Although I always run as Administator with full admin priv., there always seems to be some files or folders I cannot work with. Furthermore, I cannot launch some programs unless I 'run as administrator', even though I AM an administrator.

Is there any way around all the MS BS that will give be full control of my system?

Discussion is locked

- Collapse -
Nope
Dec 6, 2009 4:07AM PST

Nope, this is what passes for user friendly these days. If you don't like it, your only real refuge is Linux or *BSD.

From Microsoft's standpoint, it makes perfect sense. Between them and Apple, they've been creating a higher class of idiot, so now they have to contend with the fruits of their labor.

- Collapse -
This occured in WIndows prior to 7.
Dec 6, 2009 4:10AM PST

Some forget that ADMINISTRATOR accounts are not god like. That is, all accounts must obey PERMISSIONS.

But here's the issue. This area is upsetting to many as there is much to learn here. Including the difference from a god like account which doesn't exist in Windows to simple administrator powers.

When you are ready we can discuss specifics.
Bob

- Collapse -
Ok.. here is a specific..
Dec 6, 2009 4:23AM PST

I went to edit my HOSTS file.. tried with two editors: notepad and notetab.. both simple text editors. Neither would allow me to save the changed file. The hosts file was not read only.

The only way I could do this was to launch notetab and 'run as admin'; then I opened the hosts file, made my changes and saved them with no problem.

My admin account had full read/write priv. for all files, as far as I could tell.

So, that is a specific example.. why do I need to jump through hoops?

- Collapse -
Now that one is discussed.
Dec 6, 2009 4:27AM PST

Files in specific directories have an added layer of protection. The reasons are sadly well known. Something had to give to get Windows to not be so easily exploitable.

Nothing busted so far. Just a new Run As Admin for those files.
Bob

- Collapse -
But I am an admin
Dec 6, 2009 8:32AM PST

But the point is i AM an administrator.. seems dumb to 'run as admin' when I am already one. Is there something else I should need to do with respect the the administration of the administrator account in order to work with these types of files?

Secondly, with such files, you need to open the application FIRST in order to 'run as admin'... you can't click on the file and select 'open with' since there is no way to 'open with and run as admin'. That was supposed to be one of the features of the OS - the ability to open the application from the file, not just the application.

- Collapse -
You are the admin.
Dec 6, 2009 8:40AM PST

But to gain some control, apps get some reduced rights.

There are fine MSDN and more courses on this but it's again all in an attempt to thwart the malware.

-> Remember Linux and how you are not supposed to run as ROOT? Think about why.
Bob

- Collapse -
Let's just put it this way
Dec 6, 2009 9:36AM PST

Let's just put it this way.

Microsoft has to try and balance a number of competing interests, and it's a no win situation no matter what they do. If they did what you want, then they'd have people complaining about how easy it is to contract malware, and admins would be complaining about how easy it is for someone to go messing with things they have no need/right/reason to be messing with. And so if they try and deal with those issues, then they run into people like you, who think you know what you're doing (you don't, because frankly you wouldn't be asking this question if you did) and have this irrational sense of entitlement to unfettered access. You see everything as some kind of personal affront to you, as if Microsoft is going out of its way, just to inconvenience you specifically.

So they have a sort of Gordon Brittas (Google it) moment where they have an angry mob on the left, and an angry mob on the right, each demanding two completely opposed things. In this case, Microsoft (rightly) agreed that the admins have a legitimate complaint and sided with them over the irrationals. Nothing personal, it just makes good business sense. Those of us who buy individual copies of Windows are NOT Microsoft's customers. They'd barely notice if the whole lot of us switched to Macs or Linux tomorrow. Microsoft's concern is large companies that buy Microsoft software licenses by the hundreds. Companies that will spend a few million dollars on software every couple of years. THOSE are Microsoft's customers, not us. THOSE are the people who Microsoft is going to listen to when it comes to making design decisions about Windows.

You can rant and rave like a lunatic all you want, it won't make a bit of difference in the end. Ultimately you have two basic choices: A) Accept what you cannot change and move on, or B) Take up Linux/*BSD.

That's the harsh reality of the situation. Sooner or later every "expert" comes to this particular realization. It's nothing personal, it's just our needs pale in comparison to the needs of Fortune 1000 companies.

- Collapse -
I agree with you..sort of..
Dec 6, 2009 10:03AM PST

Yes, I fully understand what MS is trying to do. And yes, I did work for a very large multinational company, and they handed out PCs and notebooks to employees, without admin access,for obvious reasons. Only the IT tech support guys (who were supposed to know what they were doing) had admin priv. So, this is really not the issue.. the OS supports both admins and non-admins.

My point is I have admin security level, but cannot directly exercise it. Yet, there it is in plain view on the drop down menu: "Run as admin". Why the heck bother putting that function there if MS is dead set against us touching files it says we shouldn't? MS is saying you can't touch these files because we don't trust you.. but oh, if you really want to, then 'run as admin'. But I am an admin. Makes no sense.

- Collapse -
But it is NOT just that way...
Dec 7, 2009 2:54AM PST

Dear Jimmy Greystone, you make some good points only it is not just Pilaar39 that Microsoft is impacting, but myself and all people like me. Microsoft is controlling an entire class of folk who have grown up with Windows, enjoy working and playing with it, making mistakes, learning, recovering and generally having fun with an operating system on a personal computer.

I can no longer do that with Windows. Windows 7, as you rightly point out, is now crafted for the institution and Microsoft has turned its back on the individual.

So I now use OS X. I have an excellent GUI. I can set myself administration rights that let me do almost everything I want to at the GUI level. There is UNIX underneath and I have significant control of the system down there - as long as I know what I am doing, and with "man" there is little that is not visible if I take the time to read the documentation.

And, when occasion requires, I have sudo access, which gives me the world in a lightly controlled way - and I can always access the machine as root, or super user, if I know how to do so.

I ask questions many, but many times, because I do NOT know what I am doing or do NOT understand the reasoning behind some decision or idea. Pilaar39 is doing this, and it is a very fair question and although your answer is a good one, I think you might have been gentler. I think Pilaar39 is most certainly not a lunatic, nor was he ranting and raving. He was making a good point.

I recently purchase a new HP quad-core 8 GB machine for Flash programming, html design and development and database work. The old machine was too slow. HP decided to sell the machine with Windows 7 Home Basic. All my Windows machines run XP. I blame no one in this decision, least of all myself (?), but I did not realize that Windows 7 in this form was so severely hamstrung. Windows 7 Home Edition is a horrendous OS, it protects the owner to the degree of fanaticism. So I suppose I must go and spend a bunch of money to get Premium? And how much is that hobbled, should I spend more and get professional, or - good grief - "Ultimate?"

It's pathetic.

So Windows is welcome to the big institution with their mundane, boring, day to day slog in a "safe" environment, with all the people living secure happy lives and protected by ThoseWhoKnowBest. 1984 is a bit late, but it has arrived.

I like to have fun with my PCs, my Macs, networks and Linux boxes, as well as work with them. As do many others. Pilaar39 raises a good point and it is exactly this point which makes Windows no longer welcome in my house.

- Collapse -
True
Dec 7, 2009 8:00AM PST

True, but look at it from Microsoft's point of view.

For years people have been asking why Microsoft doesn't do a better job of locking down it's OS, and why viruses, malware, and what not are so prevalent on Windows when no other system has the same problem. It can't simply be popularity, because Linux and Mac OS X have failed to see any noteworthy increase in attacks despite significant gains in popularity.

But people have been claiming for years that Microsoft needs to do more to prevent this sort of thing, and they have. Starting largely with XP, there's been a steady progression to trying to mitigate the damage done by malware and viruses. This is really what the much hated User Agent Control in Vista was designed to do. The idea was quite good, in that you pop up this box making people stop and think about whether or not they really want to do whatever. In practice it didn't work quite as well as they hoped, but the intent was noble.

The problem is, this is the polar opposite of what Pilaar39 wants, and there is no real way to reconcile the two. The whole "Run As Administrator" thing is basically the equivalent to running something via sudo, so unfortunately your analogy doesn't quite work. They are complaining about having to do ANYTHING special to access certain parts of their system.

In all honestly, Microsoft shouldn't make the default user an admin level user, but we'll just table that argument for another day likely to come around Windows 9 or 10.

Everything is a trade off. Linux gives you complete and total control to completely trash your system if that's what you want to do. You can do pretty much anything and everything, but it's a bit like juggling knives. So long as you know what you're doing, it's perfectly safe, but one misstep can prove rather painful. Mac OS X and Windows shelter you from this, and give you plastic knives to juggle with. If you're a thrill junky, not as much fun, but much safer.

And even if they asked a question when you installed Windows whether you want to enable an "all access" mode of some sort, sooner or later some moron would turn that on, completely wreck their system, and then blame Microsoft for it. No one today wants to accept responsibility for their actions, and quite frankly, this is just one small manifestation of it.

Microsoft is in a no-win situation no matter what they do. So they can either make a few individual users happy who might represent 0.1% of their annual income, or they can make their corporate customers happy who probably make up 85-90% of their annual income. Which would you do in their situation?

- Collapse -
Your point is very well taken
Dec 7, 2009 8:44AM PST

Your point is very well taken, and I fully understand why MS is trying ot shield or protect the average computer user.

My point is that they included admin level control, but do not give me all admin priv. I can still edit a system file, I just need to do an extra step.. which really makes no sense from a language point of view.. ie, 'run as administrator', when I am already administrator.

Might as well say 'fly like a bird' to a bird.

Is there some hack that can be used to give administrators full control?

- Collapse -
Let's look at your Linux/Unix example.
Dec 7, 2009 9:36AM PST

I think I read about a SUDO or such. Isn't this the same in many respects?

We don't want to be root all the time.
Bob

- Collapse -
And I'm not disagreeing
Dec 8, 2009 12:56AM PST

And I'm not disagreeing with you, I'm just trying to help you understand the reasoning behind things being the way they are.

Just try to imagine if you are the IT manager/director at some Fortune 500 company. You have to try and somehow manage tens of THOUSANDS of people, many of whom can barely manage tying their own shoes, let alone effectively manage a computer. And to make matters worse, a lot of these people are going to be in different geographic locations, either in the US or possibly in other countries around the world.

Who do you think the CEO and other top execs are going to be calling when some moron installs a file sharing program on their computer, which infects their system with a virus, that then spreads to other systems in the company? And you might laugh, but this basic scenario has played out DOZENS of times in just the last decade or so.

Forget protecting these idiots from themselves, you just want to try and isolate them from the rest of the company network. A lot of times you can't just give them a standalone system, because they need network access for this or that aspect of their job. But they're still one of those people that give you a headache when you try and figure out how it is they made it into adult life.

If you're in the position of having to try and protect the company from this moron, and you can't do it by simply firing them, your next best option is trying to lock them into a very specific and narrow pathway where they can really only go in a direction you specify.

And the amount of work it would take to come up with, and then maintain, a dual system for home users just isn't cost effective from Microsoft's standpoint. So, you need to decide whether or not it's irksome enough to make the move to OS X or Linux/*BSD.

I'll leave you with the parting thought to kind of dovetail with Bob's comments about not running around as root all the time. Even experts make the occasional mistake. Who here hasn't deleted a file by accident at least once, or done one thing when you intended to do another? I think we all have. The whole "Run as Admin" thing makes you take a few deliberate actions in order to do something that could be potentially damaging to your system. Hopefully you're using that time to think about the potential repercussions of your actions, and whether or not you REALLY need to do whatever. You can't just accidentally delete key system files, you have to take a series of deliberate actions that puts the blame squarely on your shoulders.

- Collapse -
It's MY computer, it's MY view...
Dec 7, 2009 11:01PM PST

It is good to protect people, a noble thing, for people have a tendency to muck things up no end, what is NOT good is to protect people at the expense of liberty and the entire population. In short, it is the weakest link thing again, and the fear of society to deal with the impact that the ignorant, stupid, misguided and bigoted individuals have on the rest of us. So society treats everyone as if they are ignorant, stupid and misguided.

You said: "And even if they asked a question when you installed Windows whether you want to enable an "all access" mode of some sort, sooner or later some moron would turn that on, completely wreck their system, and then blame Microsoft for it. No one today wants to accept responsibility for their actions, and quite frankly, this is just one small manifestation of it."

I repeat again the key point here: "No one today wants to accept responsibility for their actions."

This is destroying society and the freedom that America has hosted for so many generations. We ALL become the victims of such people as no one wants to deal effectively with the mistakes they make, or the people who make them; it is simply easier to deny the ability to choose to everyone. And bang goes freedom.

Note however that the user is NOT asked if he wants to enable them, that would be tantamount to disaster, the user has to KNOW what they are and how to enable them.

sudo is a one-time elevation to super-user privilege for a single task execution, and forgive me if I am preaching to the choir. sudo is not unlike "run as administrator". In UNIX however that task can be a script or, via "sudo csh" (or sh or bash or any other shell) a pipeline to continued super-user control; or a user can login as root. And UNIX sits underneath OS X.

One uses these commands judiciously when appropriate. If performing network development for example there are times when one needs to edit start-up or configuration files, at such times one would become root or use a sudo shell. In the last few years I have used root once, sudo bash a handful of times and sudo quite a few more. Usually I avoid such capability like the plague - I have indeed done serious damage to computers by making mistakes. However, I ALWAYS have a back up. In the case of production machines I have disc image recovery. There is always Time Machine running to an external drive, and I have backups on a NAS and a shadow machine. Also such development is not performed on production machines like this one I am using now, my MacBook Pro.

My issue with my new HP is that I clearly need to edit network configuration tables. I need to verify the Workgroup name and I need to set NTLM back to v1. In XP this would take a minute, if not less, in this new Windows 7 system I am completely unable to figure out how to do this. Why?

Why does my DVD keep vanishing? Why is it we have to "Accept the EULA" in all MS Office applications every time we launch them? Run as Administrator I am told - done that - makes no difference.

Sorry, but as much as I would have hoped that HP would have delivered a capable operating system with a powerful machine, I would also expect Microsoft to provide means for capable users to have full administration rights over the operating systems they purchased. Like UNIX, such rights require education, are password protected, and a user has to enable them in the first place. But they are there.

They should be in Windows as well.

Cheers - Lawrence

- Collapse -
Maybe Windows is not for you.
Dec 7, 2009 11:25PM PST

Others have left for other machines and OS.

""Accept the EULA" in all MS Office applications every time we launch them? Run as Administrator I am told - done that - makes no difference.""

There are more fixes for this. This discussion is not about this but you paid dearly for this so get your money's worth and have a chat with MSFT. They have other fixes and findings about that.
Bob