Thoughts on Windows 8 and user privileges

Windows 8 Metro start screenThe Windows 8 developer preview has been shown and released (although I have yet to find time to get it installed), and if you haven’t seen it yet, go watch the keynote at the Build conference here:


I’m looking at this less as a home user, and more as a system administrator for an office-based company of 350 people. Overall I’m very excited by some of the things shown, and think that it will be an immediate upgrade from Windows 7 as we bring in new computers.

Built in anti-virus is a great addition, and if the updates come via WSUS then it may finally be time to shrink our Symantec license count. The additional tools and functionality Windows Explorer, including the ribbon and file copy changes look really nice, and shouldn’t be too difficult to train users on.

I won’t repeat every feature that I’ve seen so far, but there are two things concerning me:


  • With the new hybrid sleep/hibernate power model, when will group policy computer settings be applied, and will putting the computer into this mode constitute a log off?We rely on our group policy objects for many things, including program installations and keeping various applications up to date. If one needs to wait until Windows Updates are done to force a real reboot (once a month based on Microsoft’s update schedule) that is an awful long time to go before GPO processes new changes.
  • I was really hoping Microsoft would revamp the permissions model within Windows, to allow program installs without Administrator rights.As more and more of our workforce get familiar with Windows and its programs, or even have grown up their entire lives using it, those people expect more control over their computer due to that familiarity. While it has always been recommended to lock down users to standard accounts for security and to ensure un-authorized programs are not installed, we are quickly entering a world where this will no longer be acceptable, due to the large amount of users who balk at the idea of control being taken away.

    Ideally what I would like to see is the Power Users local group brought back, but made better. Standard users would remain devoid of many privileges, and UAC would prompt for elevated credentials if required. Administrators would retain full control over all aspects of Windows, but these rights would only be granted to IT staff.
    Power Users would have the ability to install programs, and that’s about all. No ability to make permission changes, can’t change user accounts or rights, and are still prompted by UAC for elevated credentials when trying any of these things.

    This would give those who are comfortable with Windows the ability to install programs if necessary, as well as give IT the ability to assign programs through GPO and have it actually work without requiring Admin rights.

  • The last thing that would make my life (and our upcoming help desk staff) much easier would be the ability to unlock a user account as an Administrator, or even log into a different user’s profile with Administrator credentials.Lets say John Doe is logged on, and submits a ticket to the help desk for a problem only experienced with his profile. IT goes to that user (or remotes in) and finds the computer locked, with John no where to be found. The solutions to this are to keep a list of John’s passwords, or wait until he returns, neither of which are good solutions.

    It would be better if that IT staff remotes in, see’s the computer is locked by John, and unlocks it with their own account, getting into John’s profile. IT is already trusted with the keys to the organization, so its not like there is a security issue with this model.


I guess these last two things don’t really have much to do with Windows 8, but they were on my mind as I watched the keynote.



One thought to “Thoughts on Windows 8 and user privileges”

  1. We have made some pretty radical permissions model changes, so that modern apps (metro apps) can be installed per user from the store without requiring admin permissions. Legacy/MSI apps – not so much. Just too hard to implement and if someone really wants their users to install, they have the option to make them admins. It’s not as if letting them install legacy apps only without admin rights was ever safe. Putting files in the system folders and adding drivers and services… privilege elevation would be easy.

    The overall access control model for files gets a massive change with CBAC:

    Good blog Jeff, I enjoy reading your posts.

    – Ned

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.