BT

Don't Run as Administrator: WCF Edition

| by Jonathan Allen Follow 577 Followers on Sep 10, 2007. Estimated reading time: 1 minute |

One of the on-going problems in the Windows community is the need to run applications with administrator privileges. This has led to questionable designs like the UAC "feature" in Windows Vista.

In an attempt to correct years of bad practices, Microsoft employees have been chanting "Don't Run as Administrator". Of course that does not matter much unless developers are given the tools they need to run applications under restricted privileges. Nicholas Allen writes,

I want to run this post as a reminder to people building and deploying services. I see people deploy services that require access to a restricted resource. The most common restricted resource is the ability to register a listener on part of the HTTP namespace but this advice applies to any restricted resource. Too often, I see people give their service access to the restricted resource by running the service as an administrative account. Don't do this. It is a bad idea. Greatly increasing the privileges of your service is almost never the right thing to do.

Nicholas has two articles covering WCF and HTTP. The short story is that listening for HTTP requests is a restricted operation. Normally all addresses are assigned to the Administrator account, but they can be reassigned to other users.

In the XP SP 2 and Server 2003 versions of Windows, HTTP addresses and SSL Certificates can be reserved using "httpcfg.exe". As if to discourage developers from actually doing this, Vista does not have this application. Instead, one called "netsh.exe" must be used.

Jumping through all these hoops to get HTTP to work on a non-administrator account is less than rewarding. Since reassigning addresses must be accomplished as administrator, the installer must also be run as an administrator. Once again, we are back to encouraging users to run with administrator privileges.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT