BT

InfoQ Homepage News Don't Run as Administrator: WCF Edition

Don't Run as Administrator: WCF Edition

Bookmarks

One of the on-going problems in the Windows community is the need to run applications with administrator privileges. This has led to questionable designs like the UAC "feature" in Windows Vista.

In an attempt to correct years of bad practices, Microsoft employees have been chanting "Don't Run as Administrator". Of course that does not matter much unless developers are given the tools they need to run applications under restricted privileges. Nicholas Allen writes,

I want to run this post as a reminder to people building and deploying services. I see people deploy services that require access to a restricted resource. The most common restricted resource is the ability to register a listener on part of the HTTP namespace but this advice applies to any restricted resource. Too often, I see people give their service access to the restricted resource by running the service as an administrative account. Don't do this. It is a bad idea. Greatly increasing the privileges of your service is almost never the right thing to do.

Nicholas has two articles covering WCF and HTTP. The short story is that listening for HTTP requests is a restricted operation. Normally all addresses are assigned to the Administrator account, but they can be reassigned to other users.

In the XP SP 2 and Server 2003 versions of Windows, HTTP addresses and SSL Certificates can be reserved using "httpcfg.exe". As if to discourage developers from actually doing this, Vista does not have this application. Instead, one called "netsh.exe" must be used.

Jumping through all these hoops to get HTTP to work on a non-administrator account is less than rewarding. Since reassigning addresses must be accomplished as administrator, the installer must also be run as an administrator. Once again, we are back to encouraging users to run with administrator privileges.

Rate this Article

Adoption
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.