I know I am going to get myself in trouble for this… and will probably be banned from the Microsoft campus, but I saw a post by a Microsoft employee and felt compelled to respond.
I am taking Aaron Margosis to task and following his suggestion. In his post he says:
Customers: if you see any MS sales, MCS, Premier, PSS, etc., doing web or email as admin, please tell them, Youre not setting a very good example. I am disappointed.
How about PowerPoint? How about Word? How about demos of stuff not needing to be run as admin? How about running a remote desktop? I saw all of these when I was at Microsoft.
When I was walking through the trustworthy computer fest last week at Microsoft I stopped at NINE machines that Microsoft employees were using, and all nine were logged on as administrator. 9 for 9 were NOT running with least privilege. But thats not the frustrating part. This was a SECURITY RELATED computer fest. You would think that this crowd would be much more aware and focused on such things.
Combine that and the recent fact I found out that in the latest RC of XP SP2 you no longer can use “runas” on your Windows Update right out of the box… and I see serious problems on the Microsoft campus. It seems many don't wish to eat their own dog food.
Microsoft, Youre not setting a very good example. And I am disappointed. [Dana Epp's ramblings at the Sanctuary]