Well, its been two weeks since I started working under a least privileged account and I thought I'd report in.
It would be dishonest to not fess up that sometime last week, Tuesday, I think, I added my account to the Administrator group because I was seeing some really strange insert and update behavior in SQL Server. Having exhausted all rationale, I thought that it might have something to do with my account. Not the case (and it is still a mystery), but the truth is that I kind of left if alone until this morning, when I removed myself once again.
I did do my homework though and am providing the latest list of issues and resolutions (along with some unresolved) from the last couple of weeks. I will continue off of the previous list, highlighting new items in green and unresolved problems in red.
| # |
Issue |
Solution |
| 1 |
Access denied to date/time on taskbar. Although I use Outlook, and carry an analog planner (you know the paper kind), I like using the calendar on the task bar to find dates. |
No solution found. |
| 2 |
Could not run Virtual PC because it was "Ready Only" or "In Use". Well, not exactly. Apparently, you must be an admin to run VPC. |
Right click Start > Programs.Microsoft Virtual PC, select Run As and enter highly privileged credential. |
| 3 |
Access denied when starting/stopping SQL Server on SQL Server Service Manager from taskbar. |
Right click Start > Adminstrative Tools > Computer Management, select Run As and enter highly privileged credential. Expand Services, stop/start MSSQLSERVER service. |
| 4. |
Cannot add System Variables to My Computer |
No solution found. Had to log off, log on as admin, make the change and log back on as standard user. |
As you can see, what I find myself having to do (which is annoying) is logging out of my session, logging in as admin, making a change, logging out, and logging back in as a standard user. Yes, it sucks but hey, it costs to live right?
P.S. It would be nice for Microsoft to provide a UAC update for Windows XP that would allow you to switch/impersonate in a more seamless manner. Fast User Switching would even be better, but it is not available on domain PCs.