Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Don't Run as Administrator: WCF Edition

Don't Run as Administrator: WCF Edition

This item in japanese

One of the on-going problems in the Windows community is the need to run applications with administrator privileges. This has led to questionable designs like the UAC "feature" in Windows Vista.

In an attempt to correct years of bad practices, Microsoft employees have been chanting "Don't Run as Administrator". Of course that does not matter much unless developers are given the tools they need to run applications under restricted privileges. Nicholas Allen writes,

I want to run this post as a reminder to people building and deploying services. I see people deploy services that require access to a restricted resource. The most common restricted resource is the ability to register a listener on part of the HTTP namespace but this advice applies to any restricted resource. Too often, I see people give their service access to the restricted resource by running the service as an administrative account. Don't do this. It is a bad idea. Greatly increasing the privileges of your service is almost never the right thing to do.

Nicholas has two articles covering WCF and HTTP. The short story is that listening for HTTP requests is a restricted operation. Normally all addresses are assigned to the Administrator account, but they can be reassigned to other users.

In the XP SP 2 and Server 2003 versions of Windows, HTTP addresses and SSL Certificates can be reserved using "httpcfg.exe". As if to discourage developers from actually doing this, Vista does not have this application. Instead, one called "netsh.exe" must be used.

Jumping through all these hoops to get HTTP to work on a non-administrator account is less than rewarding. Since reassigning addresses must be accomplished as administrator, the installer must also be run as an administrator. Once again, we are back to encouraging users to run with administrator privileges.

Rate this Article