>> For Windows users, The MS guys gave an interesting talk at the NTBugtraq
>> Canada Day Party at Russ' house last year. NT2000 will include a feature that
>> is similar to su on unix, which will allow one to have different windows open
>> as different users on the same box... I believe it's an extension of the
>> terminal server concept. Anyway, once folks get NT2000, they should really
>> consider running their browsers as locked-down, non-priveledged users.
>>
>Except that user preferences are no longer stored as being owned by *that*
>user (roaming profile problems anyone ?), per-user disk cache usage isn't
>associated with the correct user, etc. Can you really imagine 90% of
>Internet users being savvy enough to run a browser in an "su" window ?
>The other option here for M$ is to reinvent the setuid bit :->
What you are talking about is the Run As... feature. It works, reasonably well, to let
you run the machine as a different user. There was an SU command in the Resource Kit
for NT 4, but it did not allow you to run control panels as an administrator. The Run
As... does (right click on them, select Run As...). Thus, you can use it to set
permissions (from the command line of course), change the page file size, change the
IP address (no reboot required!), manage users and shares, and other administrative
tasks However, it is still severely lacking, compared to a *NIX su:
1. You cannot run an Explorer window as a different user. Nor can you get a new
desktop in a different user context. I also would not recommend running your browser
in that context. I have seen IE being run as an administrator spawn processes in user
context. I would expect that the opposite could also happen. Run As... is designed for
administrative tasks while logged on as a user. It is not designed to give you a
functional OS as an administrator.
2. You cannot use it for most of the existing InstallShield installers. In many cases
they fail to recognize the context properly and crash. In other cases, they appear to
work properly, but some of the processes they spawn are spawned in a regular user
context. In any case, it usually is abysmally slow, on the order of taking 5-15
minutes to bring up the installers window after it is launched
The Run As... is a nice feature, and a good bit better than the NT4 RK SU, but it is
nowhere near a *NIX su yet, unfortunately.
Jesper M. Johansson
