1

Let's say I want to run an installer on windows 7 on my limited user account. A dialog pops up asking for super user password for the full privileges. Is there a way to limit the permissions I grant somehow?

For instance, every time I start up uTorrent it will prompt me for SU password. Because it wants to write to the disk drive. But after I use my SU password, doesn't it now have total freedom to change everything like registry and firewall settings and users on my machine?

Is there a way where I can give an application permission to write to disk drive to a specific folder, but hold back on every other permission? It would also help a lot when running installers/apps from half-trusted sources, I want to limit their permissions to just disk access of specific folder. Right now all kinds of applications ask for elevated status and I never know if it's just to write to disk or is it to do all kinds of nefarious things to my system.

Improve this question
2
  • 1
    You should not be running a Bittorrent client or any other internet-facing program as admin, except when absolutely necessary. You need to find out why uTorrent is asking for the admin password and fix it.
    – Indrek
    Commented Jun 4, 2012 at 17:49
  • But about half of the software is asking for it. And it is not installed in Program Files.
    – Left User
    Commented Jun 4, 2012 at 18:13

2 Answers 2

Reset to default
1

Yes, when you give it the administrator password, it receives rights to your machine such that it can make registry changes, etc. and this is unwise.

There's a uTorrent Forum Post that asks the same question. The issue seemed to be resolved by updating to 3.1.3 build 27207. Another option was to run the application using compatibility mode. The forum posts are pretty recent, so you might try looking for an update.

Improve this answer
3
  • I am not asking for uTorrent specifically. I am asking in general, if there is some way to have anything else but this one-size-fits-all no rights/all rights security system.
    – Left User
    Commented Jun 4, 2012 at 18:14
  • Ah, my bad. You can execute files under other user permissions ... but Windows doesn't offer anything like, say, Android in terms of specifying specific allow/deny permissions. There is some granularity with groups (Admins / Power Users / Guest / etc.) and group policy, but it is not straightforward or simple. :(
    – aikeru
    Commented Jun 8, 2012 at 14:40
  • There are solutions like "Bufferzone" to sandbox applications ... but no way (that I know of) to tick off "this program has access to registry and file system, but not networking" or something like that. Might be a neat feature to have, though.
    – aikeru
    Commented Jun 8, 2012 at 14:43
0

The only reason installers need administrative permission is because they install files into the protected Program Files location, and\or write to the machine-wide registry keys. Many, if not most programs do not need that level of access, and can be installed on a per-user basis, and if it does not offer that option, the developers are just being lazy. You should not grant any program you do not completely trust administrative privileges, because it can ideed destroy your system. A program that can be installed on a per-user basis can be further isolated by installing and running it from its own user account.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .