Win2k Pro on stand alone machine - How do I give MYSELF Admin privileges?

[Muse]

I'm running Windows 2000 Pro, SP2 on my home computer and I think I don't have administrator privileges! Well, I just installed Visual Studio .NET, and I get a couple of errors when I start it and my research indicates I have to either run it with administrator privileges or from other than a roaming profile.

Under Documents and Settings I see 3 folders:

All Users
Dan Musicant (myself)
Default User

I have full access and normally don't have problems, but I just installed IIS, and VS.NET, as I say, and I guess I need to give myself administrator privileges. When I start Windows 2000 I don't have to enter a password. What's up with this? Thanks for any help!

 

[n0cmonkey]

Add yourself to the administrator group? BTW, from a security/common sense standpoint this is extremely stupid and the software is broken.

 

[Tiger]

When I start Windows 2000 I don't have to enter a password. What's up with this? Thanks for any help!

When you installed you apparently set windows up to automatically log a user on. I'm not sure you can change that now so you're going to have to promote yourself to the admin group like n0c said (never a good idea).

 

[Muse]

Originally posted by: Tiger

When I start Windows 2000 I don't have to enter a password. What's up with this? Thanks for any help!

When you installed you apparently set windows up to automatically log a user on. I'm not sure you can change that now so you're going to have to promote yourself to the admin group like n0c said (never a good idea).

Actually, I think I can change that automatic logon, because initially it did present the logon dialog, IIRC. I changed that in Control Panel and I'm sure I can change it back (if it will help things). If that won't help, a couple of questions please:

1. How do I add myself to the admin group? Please, something like specific steps. I'm a great typist, 7 to 8 on a 10 scale of PC literacy, but pretty weak in networking and adminstration...

2. If and when I DO reinstall Windows 2000 Pro from scratch (I figure I will within 6 months, anyway, but if I can put it off a while painlessly, I will), how do I keep from making the same darn mistake? It's not terribly clear to me what to do in the install process. I should have bought that (those) Windows 2000 book(s), huh?

Thanks again!

Edit: I just went into Control Panel, Users and Passwords, checked the checkbox labeled "Users must enter a user name and password to use this computer." Unless I checked that box, I couldn't get into the properties of each user. When I checked myself out, I had Debugger Users Level of Access. I changed that to Administrators, and will reboot to take effect. Why is this a bad idea? Is there a way I can simply make myself an Administrator with no specific identity? I suppose that to do this you'd have to do this initially when you install Win2k, right or wrong?

Edit 2: After rebooting, although I'm not in the Administrators group, I still get the errors. I did Ghost before installing VS.Net, so I can try uninstalling, restore my Win2000 partition, adding myself to the Admin group and then a reinstall of .NET. Well, it's the only thing I can think of short of a complete reinstall of Win2000...

 

[n0cmonkey]

Run the installer as an administrator, then try running your toy as a regular user.

Using administrator for day to day tasks is obviously stupid. The chances of you fat fingering something, or clicking the wrong thing, or running some nasty virus your anti-virus program doesnt have a definition for yet are worse.

 

[Muse]

Originally posted by: n0cmonkey
Run the installer as an administrator, then try running your toy as a regular user.

Using administrator for day to day tasks is obviously stupid. The chances of you fat fingering something, or clicking the wrong thing, or running some nasty virus your anti-virus program doesnt have a definition for yet are worse.

I don't understand the stuff about it being stupid to run day to day tasks as administrator. I believe you, and you obviously know why this is true. It's just that I'm stupid about this stuff. I assume you're saying that as administrator, Windows 2000 will let you do stuff it wouldn't permit you to do as someone not in the Administrators Group. Or at least it would ask for confirmation (?). Honestly, I just discovered the possibility of logging myself off and then logging on as Administrator.

What I think I'll do is uninstall Visual Studio .NET, reboot (! just to be on the safe side), log myself off, log on as administrator and install VS.NET, reboot and see if my problems have disappeared. To my knowledge, I've NEVER had a problem installing anything NOT as administrator on this system...

Question: On my stand-alone, DSL-connected, Zonealarm protected Windows 2000 Pro machine, what user groups do I want to put myself in? Here are the currently available groups:

Administrators
Backup Operators
Debugger Users
Guests
Power Users
Replicator
Users
VS Developers

I WAS in Debugger Users, and I'm going to put myself back to that unless another is a better idea (Power Users?).

Thanks everyone for the help!

 

[Fuzznuts]

power users can do most things related to the system install things and so on which for day to day running is fine. the advantages of being admin is you can do everything that a power user can but you can grant those rights to other users or create and remove users. thats the only real BIG difference in a local desktop scenario anyway.

add ya self to powers users for day to day running and login as admin when you need to do something major hope this clears things up a little.

 

[Muse]

Originally posted by: Fuzznuts
power users can do most things related to the system install things and so on which for day to day running is fine. the advantages of being admin is you can do everything that a power user can but you can grant those rights to other users or create and remove users. thats the only real BIG difference in a local desktop scenario anyway.

add ya self to powers users for day to day running and login as admin when you need to do something major hope this clears things up a little.

My impression is that I was in the Administrators Group before I installed Visual Studio.NET. In fact, I'm sure, because I yesterday Ghosted back my OS partition from a few days before I installed VS.NET and it shows I'm in the AG. Every time I booted, it was to me as administrator. VS.NET, in the install process changed my privileges to Debugger User. I've uninstalled VS.NET, and figure I'll log on as Administrator (logging myself off) and do the VS.NET install (after changing my privileges to Power User). However, I don't expect a different outcome although I suppose it's possible. I should maybe start wading through the VS.NET documentation and see if I can come up with something. These days I don't normally sweat an install and it usually works out great, but this stuff is pretty hairy. Easily the most challenging install I've seen. I installed around 30 Win2000 security updates even before I could get to first base with the .NET install.

 

[Fuzznuts]

is the debuggers group also a member of the admins group?

 

[Woodchuck2000]

You can actually belong to multiple security groups with no side effects.

Add yourself to Administrators, Debugger Users and VS Developers. What error messages (if any) do you get when you try and install things belonging to all those groups?

 

[Muse]

Originally posted by: Woodchuck2000
You can actually belong to multiple security groups with no side effects.

Add yourself to Administrators, Debugger Users and VS Developers. What error messages (if any) do you get when you try and install things belonging to all those groups?

It's pretty unclear what Debugger User is, but it's pretty clear to me that the VS.NET install created the group. Also VS Developers, obviously. I changed my group to Power Users, which I currently am. Only thing I noticed so far is that Nero won't let me burn CDs. It said th download a utility from www.nero.com that an administrator runs to give users CD burning rights, which I did, givine rights to everyone using the computer (my decision). I don't see where I can put myself in more than one group. Higher in the thread it was declared "stupid" to run on a day to day basis with administrator rights. I can't think of a reason why this would be so except that it might be dangerous from a security standpoint. I AM running Zonealarm, but maybe it's still dangerous?

BTW, I haven't yet tried to reinstall VS.NET, but I will try. Not optimistic. I think I may have to reinstall Win2000 entirely. This time I will do some research on installation technques beforehand.

 

[Woodchuck2000]

He said that using the Administrator account (Ie. logging on as Administrator) is stupid.
I wouldn't say stupid, but it's considered bad practise so I don't.

There is also a group called Administrators, any members of which get all the powers of the admin user.

If you go into control panel->administrative tools->computer management
and then find a user in the 'local users and groups' snap-in,
you can go into the user properties and add it to multiple groups in the 'member of' tab.

 

[n0cmonkey]

Originally posted by: Muse

Originally posted by: Woodchuck2000
You can actually belong to multiple security groups with no side effects.

Add yourself to Administrators, Debugger Users and VS Developers. What error messages (if any) do you get when you try and install things belonging to all those groups?

It's pretty unclear what Debugger User is, but it's pretty clear to me that the VS.NET install created the group. Also VS Developers, obviously. I changed my group to Power Users, which I currently am. Only thing I noticed so far is that Nero won't let me burn CDs. It said th download a utility from www.nero.com that an administrator runs to give users CD burning rights, which I did, givine rights to everyone using the computer (my decision). I don't see where I can put myself in more than one group. Higher in the thread it was declared "stupid" to run on a day to day basis with administrator rights. I can't think of a reason why this would be so except that it might be dangerous from a security standpoint. I AM running Zonealarm, but maybe it's still dangerous?

BTW, I haven't yet tried to reinstall VS.NET, but I will try. Not optimistic. I think I may have to reinstall Win2000 entirely. This time I will do some research on installation technques beforehand.

It is dangerous from a security standpoint. I also dont like being able to accidentally screw up my machine. Maybe its just me though.

 

[Woodchuck2000]

It is dangerous from a security standpoint.

Only if you're
a) Going to leave your machine unlocked somewhere unsafe.
b) Going to run malicious code.

I've tried running as a power user and there are simply too many hassles.

 

[n0cmonkey]

Originally posted by: Woodchuck2000

It is dangerous from a security standpoint.

Only if you're
a) Going to leave your machine unlocked somewhere unsafe.

Ive worked with enough pranksters to know that I have to lock my machines at all times. Not everyone does this. Not to mention how things go in larger companies or dorms.

b) Going to run malicious code.

Its not always intentional.

I've tried running as a power user and there are simply too many hassles.

I have never had problems with it.

 

[igiveup]

Also, with Windows boxes being so wonderfully bug free (insert sarcasm) the chances of somebody running an exploit on you are higher, and if one succeeds then its possible for the attacker to gain the access of the logged on user (most commonly). I try and step around this by staying patched, as well as logging off if not using the computer. A/V software is a must.

The things that noc mentioned are known as best practices: things you should do, even if the odds aren't really high that somebody is targeting you specifically. Use root or administrator only if needed. You can always give yourself admin rights to a program with the security tab, although this doesn't cover everything.

I have no idea why Microsoft actually lets you leave the admin password blank. That is just insane to me.

Anybody else?

 

[MisterMe]

Anybody else?

Yea, I'll speak. Sheesh! Why is that you guys are always such paranoid security freak-a-zoids? The guy mentioned that it's his home machine and while I'll admit we don't know if his wife and dog are KGB, good chance is that all these "risks" you guys are so overly cautious about prolly don't apply. I mean even if he walks away to go get a Little Debbie for 36.7 seconds, throws all "common sense" out the window and forgets to "lock his workstation" what's the worst case scenario - his 13 year old discovers his collection of nude celebrity pics? Cmon - how about a little context here...

And knOck - why are you always such an arse? 25 posts a day, every day, for a year and a half straight filled with nothing but condescention - who the hell are you anyway? Don't you have a life? Or a girlfriend that is comprised of anything other than bits and bytes? You seem to be a very angry person. Hate to say it but it looks like MS isn't going away any time soon so maybe you can put a cork in your tiresome rhetoric. Better yet - give us a vacation from your attitude...yes there is sunshine out there but use some spf 75 and you should get away with just a slight burn. Dont' worry, all your systems are safe - fully and overly secured I'm sure...

 

[Woodchuck2000]

He's running a standalone machine - IMHO, the inconveniences of running strictly to MS best-practices are not worth the gain in security. The concept of running programs as a different user adds another layer of things that might go wrong. I'm not gonna get into a shouting match with you about it since I feel no need to prove 'how much I know.'

I await muse's next post, hoping he's gotten somewhere with the fun that is: Win2K Permissions.

😀

 

[n0cmonkey]

Originally posted by: MisterMe

Anybody else?

Yea, I'll speak. Sheesh! Why is that you guys are always such paranoid security freak-a-zoids? The guy mentioned that it's his home machine and while I'll admit we don't know if his wife and dog are KGB, good chance is that all these "risks" you guys are so overly cautious about prolly don't apply. I mean even if he walks away to go get a Little Debbie for 36.7 seconds, throws all "common sense" out the window and forgets to "lock his workstation" what's the worst case scenario - his 13 year old discovers his collection of nude celebrity pics? Cmon - how about a little context here...

Forget at home a few times and then you start forgetting when it really does matter. Ever seen a 1gB DDoS? Know how many of the machines involved are from undercautious, non-paranoid Windows users? Do you work in Internet security?

And knOck - why are you always such an arse?

Because I can.

25 posts a day, every day, for a year and a half straight

Thats an average, there are days of none, and there are days of much more than that.

filled with nothing but condescention

You must miss my informative posts. I post htem on Thursdays, so pay attention.

- who the hell are you anyway? Don't you have a life?

I have a pulse, does that count?

Or a girlfriend that is comprised of anything other than bits and bytes?

Who says I swing that way?

You seem to be a very angry person.

Actually I am pretty happy right now.

Hate to say it but it looks like MS isn't going away any time soon

Good! I think my comments were based on what some users do, not what Microsoft happens to be doing right now.

so maybe you can put a cork in your tiresome rhetoric. Better yet - give us a vacation from your attitude...yes there is sunshine out there but use some spf 75 and you should get away with just a slight burn. Dont' worry, all your systems are safe - fully and overly secured I'm sure...

Some are. Some arent. When you move out of your parents house and you meet someone face to face that has to keep a large number of very expensive servers with some fairly confidential information on them safe, let me know. When your job rides on security you might understand. Until then, or someone can prove to me that the best practices I preach are wrong (its happened) I will continue to state my opinions on the matter, and in a very blunt way. If you want to continue the personal attacks, please do it over PM. Dont thread crap.

 

[n0cmonkey]

Originally posted by: Woodchuck2000
He's running a standalone machine - IMHO, the inconveniences of running strictly to MS best-practices are not worth the gain in security. The concept of running programs as a different user adds another layer of things that might go wrong. I'm not gonna get into a shouting match with you about it since I feel no need to prove 'how much I know.'

I await muse's next post, hoping he's gotten somewhere with the fun that is: Win2K Permissions.

😀

Shouting match? Where is that coming from? I stated my opinion on the matter and backed it up when you stated yours. Nothing more, nothing less. He can ignore the warnings all he wants, but I do not see a reason he should not know possible problems with the solution he has decided to take.

 

[Muse]

Originally posted by: Woodchuck2000
He said that using the Administrator account (Ie. logging on as Administrator) is stupid.
I wouldn't say stupid, but it's considered bad practise so I don't.

There is also a group called Administrators, any members of which get all the powers of the admin user.

If you go into control panel->administrative tools->computer management
and then find a user in the 'local users and groups' snap-in,
you can go into the user properties and add it to multiple groups in the 'member of' tab.

Thanks. This is very clear. I presume it's not good practice to add yourself to the administrator group. I mean, if you're going to be in the AG, the other's are superfluous, I presume. You get full permissions across the board in the AG group. After installing VS.NET I think I'll have myself in Debugger Users and Power Users. I assume there's a lot of overlap there but I don't know how to get a fix on it. If I find the entanglements of not running as an administrator too troublesome, I can either make myself A or add myself to the AG. It's been around 9 months since I installed Win2k in this machine and I was in the AG from the beginning. I have no idea what may crop up at this point. I already had a burp in Nero, but I assume that's fixed. Anyway, I have a hunch I'm going to have to install Win2k again from scratch to get my VS.NET working right. SP3 didn't like my environment (or vice versa), and I Ghosted back to SP2. With a fresh install of Win2k, I will install SP3 immediately and go from there. I think I need a primer on Win2k installation, though. Anyone recommend a good Win2k book? I browsed Barnes and Nobel the other day and they had loads, of course. Using Windows 2000 (Que) looks nice and humongous. Is there a better idea? Or maybe a cool FAQ or something. Thanks!

 

[n0cmonkey]

This is why I recommend not using an Administrator level user for day to day things.

 

[Muse]

I logged myself off in Windows 2000 Pro and logged on as Administrator and changed my user groups. Now whenever I reboot the machine I'm in the Administrator account. How do I get Win2k to make myself as the default account at bootup? When I restart Win2k (myself as the logged-in account) it boots to the Administrator account. 😕

 

[JustStarting]

until you create another user with admin privliges- the default admin account will show up on the desktop.

 

[Muse]

Originally posted by: JustStarting
until you create another user with admin privliges- the default admin account will show up on the desktop.

I don't understand. I gave myself admin privileges but the default admin account is the one Win2k is now booting to. It never booted to it before. It would always boot to me and I was in the admin group and no other. I logged myself off, logged in as admin and took myself out of the admin group and into the power users group. Then it booted to admin. I logged myself off, logged in as admin and put myself back in the admin group and removed myself from the power users group. I logged off and logged in as myself and when I reboot it boots to the admin account. There HAS to be a way to make Win2k boot to my own account. What would be the purpose of preventing that? I can't believe I have to become a different person. :Q

Edit: Finally fixed the problem thanks to some help in another thread I started in this forum.