System Administratoor under real mode

[thuffner3]

Is safe-mode the only way the System administrator can log on?

The reason is, I'm trying to install some software, and apparently I need farther premissions to install this software. The software wants to add some lines to the system variables and it can't. The installation stops at this point. Any help out there

TIA

Neil

 

[MedicBob]

No, they can log in normally. With the graphical log in for windows Xp press Cntl Atl Del twice rapidly at the log in screen to get to a normal log in screen.

 

[dclive]

Originally posted by: MedicBob
No, they can log in normally. With the graphical log in for windows Xp press Cntl Atl Del twice rapidly at the log in screen to get to a normal log in screen.

On an XP Home system that isn't true - Admins can only log in via safe mode unless you mess around with policies.

 

[dclive]

Originally posted by: thuffner3
Is safe-mode the only way the System administrator can log on?

The reason is, I'm trying to install some software, and apparently I need farther premissions to install this software. The software wants to add some lines to the system variables and it can't. The installation stops at this point. Any help out there

TIA

Neil

What software is it?
What is the *exact* error you're getting?
What OS are you running?
Does the account you're using now have administrative rights?

A bit more information would be helpful.

 

[thuffner3]

I'm installing 3Dmax
I'm running winXP pro
My current user log in has administrative rights.

The error message I get is

"Could not update environment variable 'PATH'.
Verify that you have sufficent privileges to modify environment variables."

TIA
Neil

 

[Smilin]

An administrator should be able to modify the system path statement. You may want to investigate other possible causes including a path variable that is too long.

 

[boomerang]

Log in as Administrator in Safe Mode and create an Adminstrator account. You will be presented with it at normal boot. You can't have two accounts called Administrator so call it Admin or Ernie or whatever suits your fancy.

 

[dc5]

disable quick user switching in user accounts. now the welcome screen will be turned off. now just type administrator in username and password.

 

[Smilin]

Originally posted by: dc5
disable quick user switching in user accounts. now the welcome screen will be turned off. now just type administrator in username and password.

or just hit ctrl-alt-del twice to get the normal msgina login.

 

[VirtualLarry]

Originally posted by: dclive

Originally posted by: MedicBob
No, they can log in normally. With the graphical log in for windows Xp press Cntl Atl Del twice rapidly at the log in screen to get to a normal log in screen.

On an XP Home system that isn't true - Admins can only log in via safe mode unless you mess around with policies.

Wow, I had no idea XP Home was *that* brain-dead. So bizarrely ironic, that by default, users are Administrators in XP Home, yet MS hides the "real" Administrator account heavily.

 

[VirtualLarry]

Originally posted by: Smilin

Originally posted by: dc5
disable quick user switching in user accounts. now the welcome screen will be turned off. now just type administrator in username and password.

or just hit ctrl-alt-del twice to get the normal msgina login.

Is there some reason that is locked-out in XP Pro, while a user is already logged in?

It's really annoying, in XP Pro, to (with FUS enabled) be able to switch to any other user but Administrator, because hitting C-A-D twice at the "simple login" screen doesn't work if someone is already logged in. Yet another reason to run as Administrator 100% of the time anyways. :|

 

[bsobel]

It's really annoying, in XP Pro, to (with FUS enabled) be able to switch to any other user but Administrator, because hitting C-A-D twice at the "simple login" screen doesn't work if someone is already logged in. Yet another reason to run as Administrator 100% of the time anyways. :|

Since it's designed for system maintnance (you can have a admin privledged user on the login screen), it ensures the system is in single user mode. Less chance of file in use problems and other effects when trying to update the system.

As for it's yet another reason, no it's not, that is what RunAs is for

Bill

 

[Nothinman]

Yes, but RunAs is ass.

 

[bsobel]

Originally posted by: Nothinman
Yes, but RunAs is ass.

Ok, I'll bite. Why do you say that?

 

[Nothinman]

I had reasons but I'm drawing a blank now, I'll post again if I think of anything substantial.

The only thing I can think of right now is that certain special programs, like explorer, don't work in it. If you start explorer with runas it runs as the current user as if you had skipped the whole runas thing and just typed explorer into cmd or hit win+e.

 

[VirtualLarry]

Originally posted by: bsobel

It's really annoying, in XP Pro, to (with FUS enabled) be able to switch to any other user but Administrator, because hitting C-A-D twice at the "simple login" screen doesn't work if someone is already logged in. Yet another reason to run as Administrator 100% of the time anyways. :|

Since it's designed for system maintnance (you can have a admin privledged user on the login screen), it ensures the system is in single user mode. Less chance of file in use problems and other effects when trying to update the system.

As for it's yet another reason, no it's not, that is what RunAs is for

Bill

Ok, that actually does make some sense... but what doesn't make sense is, that having a "normal" user logged in, can totally block an Administrator (ok, more specifically, the default "Administrator" from even being allowed to attempt to log in). It would make more sense to me, from a security perspective, that hitting C-A-D *should* bring up the ability to login as Administrator, and if that's true about the system-maintenance thing, it should prompt for forcibly logging-off the "normal" user, almost like when an Admin logs in via RDP.

But it shouldn't be required, if XP specifically allows multi-user logins.

Either way, it's a rather broken, brain-dead, mis-feature, that a normal user can lock-out and override Administrator.

Actually, it doesn't make sense for "Admin login" to equal "single-user mode", that's what Recovery Console or Safe Mode is for. If XP supports multi-user logins, then it should support multi-user logins, dangit!

 

[bsobel]

Either way, it's a rather broken, brain-dead, mis-feature, that a normal user can lock-out and override Administrator.

But they can't. For the 'true' administrator to be hidden there must be one admin privledged other account on the system. That account can do whatever is neeed.

it should prompt for forcibly logging-off the "normal" user, almost like when an Admin logs in via RDP

I've had the same thought as you on that...

Bill

 

[VirtualLarry]

Originally posted by: bsobel

Either way, it's a rather broken, brain-dead, mis-feature, that a normal user can lock-out and override Administrator.

But they can't. For the 'true' administrator to be hidden there must be one admin privledged other account on the system. That account can do whatever is neeed.

I'm really not sure why you are saying that - I've seen it personally. A WinXP (Pro) SP1 system, with the (default) "Administrator", and at least one (normal) "JoeUser" account.

JoeUser logs in, and leaves themself logged in. FUS is enabled. If I hit C-A-D or whatever to bring up the "simple" login screen, I am blocked from using C-A-D again to get past that, to be able to login as "Administrator". So the "normal" user, whom I don't have the password to their account, has kept me locked-out of the machine, unless I power-off the machine, which of course will most likely cause dataloss.

The workaround, of course, is to create an additional, non-default named user, that is part of the "Administrators" group. I'm guessing that the non-default named admin account should show up on the "simple" login screen alongside the other named accounts. The fact that the default Administrator account is so hidden, and hitting C-A-D multiple times at the login screen when a normal user is already logged in, doesn't allow accessing Administrator, in the same way that it would if no-one was currently logged-in, is the severely-broken mis-feature here.

Originally posted by: bsobel

it should prompt for forcibly logging-off the "normal" user, almost like when an Admin logs in via RDP

I've had the same thought as you on that...
Bill

I really question the sanity of some of MS's software design, it's as if they never actually use their own software, or something. (Yes, I know about the supposed "dog food" development process, but still... I question it.)

 

[bsobel]

I'm really not sure why you are saying that - I've seen it personally. A WinXP (Pro) SP1 system, with the (default) "Administrator", and at least one (normal) "JoeUser" account.

To create a normal user, the box owner would have to first create a administrator user. Now, if that admin user is later deleted (or demoted to limited), your right, the login page would only show the limited user and not the admin. The only choice the user has then is to power down the box (cleanly tho, via power off this machine). That, btw, shouldn't cause data loss.

As for why it's done this way. Hiting ctrl-alt-delete twice tells the system to use the old gina login vs the new fast user one. The old gina isn't multiuser aware like the fus screen is.

Now, if I had written this, ctrl-alt-delete would just unhide the admin login and place it onto the normal FUS screen, but, alas, I didn't write it

Bill