Jump to content

Startup Password

daburian
 Share

Recommended Posts

daburian

daburian

Posted
Posted

I just bought this program and installed it for my son. Whenever he clicks the shortcut to start the program, it asks for an administrator password in order to "make changes to the computer."  I do not have my son set up as an administrator for obvious reasons and it is not practical for me to have to type my password any time he wants to play.  I looked through the forum but could not find any workaround.


Thanks


Dennis

Link to comment
Share on other sites
VoidSquid

VoidSquid

Posted
Posted (edited)

Not a KSP but a Windows issue. 

Shameless self quote:

"outside of program files and program files (x86)"

 

7 minutes ago, Vanamonde said:

That's odd

That's M$'s nonsense UAC. "Protected" storage locations. To be expected. Very helpful for both, end users (who don't care or bother), and administrators (who are just annoyed). Find any sarcasm? Be my guest.

Follow my guide, and you're good.

Edited by VoidSquid
Link to comment
Share on other sites
  • 4 weeks later...
sfhq

sfhq

Posted
Posted

Actually, strictly speaking, this is NOT Microsoft's fault (this time). KSP behaves very much "old style" here, trying to save data to its program installation folder structure. But it should not! There is a reason why Microsoft decided to "invent" UAC and stopping reagular write access to protected folders like C:\Program Files or C:\Windows.

For many years, Microsoft has pointed out (correctly!), that user data is not supposed to go into the program installation folder, but into the user's AppData folder. Unfortunately, still, many software titles ignore this, especially games. This leads to people assigning blame to Microsoft, blame to software/game developers and such recommendations like "run it as an administrator" (which is very bad except may be for "first run" situations, where some additional setup steps may be required).

To prevent such problems for all games, the first thing I do on a new PC is create C:\Games and install all games to this structure, including Steam (or a least, the Steam game library). Actually, you can name it anything you want and even put it on other drives than C:, the only thing important is, that it is a folder you created by yourself, one that was not created and UAC-protected by Windows. Windows will not UAC-protect folders you created yourself.

Following this advice, you'll never have the need to use "run as administrator" every time (even if the game manufacturer tells you otherwise) and the games are able to write into their own folders, even if they should not. Therefore, less risk for malware, since you're no longer using elevated user rights (administrator access).

I hope this makes sense to you and helps.

Link to comment
Share on other sites
steve_v

steve_v

Posted
Posted
17 hours ago, sfhq said:

Actually, strictly speaking, this is NOT Microsoft's fault (this time). KSP behaves very much "old style" here, trying to save data to its program installation folder structure.

This is what happens when you spend decades allowing application vendors to provide their own executable installers, write whatever they want wherever they want, and store configuration data in whatever crazy directory structure they like... You form bad habits, and push "run it as administrator" to the top of every helldesk monkey's troubleshooting flowchart.

Over here in the sane unix world, we've had a multi-user system with consistent separation between administrator-provided application files and user-modifiable configuration since day one, and a formal standard for such since 1994... A point in time when MS was still running on top of DOS and had no concept of access control or user privileges at all.

So yeah, it's not Microsoft's fault any more, but it is Microsoft's fault that this situation developed in the first place.

IMO, the "All these folders are yours, except Europa Program Files. Attempt no writing there." solution is still the wrong way to go about it, because then you get what we see here - namely bypassing access controls by simply putting the same nasty mix of executables and configuration in some other globally-writable place.

Link to comment
Share on other sites
Incarnation of Chaos

Incarnation of Chaos

Posted
Posted
19 hours ago, steve_v said:

This is what happens when you spend decades allowing application vendors to provide their own executable installers, write whatever they want wherever they want, and store configuration data in whatever crazy directory structure they like... You form bad habits, and push "run it as administrator" to the top of every helldesk monkey's troubleshooting flowchart.

Over here in the sane unix world, we've had a multi-user system with consistent separation between administrator-provided application files and user-modifiable configuration since day one, and a formal standard for such since 1994... A point in time when MS was still running on top of DOS and had no concept of access control or user privileges at all.

So yeah, it's not Microsoft's fault any more, but it is Microsoft's fault that this situation developed in the first place.

IMO, the "All these folders are yours, except Europa Program Files. Attempt no writing there." solution is still the wrong way to go about it, because then you get what we see here - namely bypassing access controls by simply putting the same nasty mix of executables and configuration in some other globally-writable place.

And mind you; once you're in memory it doesn't matter if you're Userland or Admin (I'm talking Windows here). There's numerous well-known and documented exploits that allow a malicious program to bootstrap a chain of privilege escalations until it can read and write wherever it wants. UAC is a bandaid, and while i love Windows for Compatibility....unix achieves it with being open source in a much safer and controlled manner.

At the end of the day, the same solution applies. If you know a program, understand what it does, and accept the risks then use whatever narly hacks you want to get it running. But if you're ever in doubt about a program, well it's 2020... you have the sum total of human understanding at your fingertips and plenty of RAM. If the google machine doesn't provide a conclusive answer, then you can always test it in a VM. And have backups of your OS on hand; just in case. I've done things to get legacy software running that would probably horrify most people, but i did it with the understanding that the program wasn't malicious.

Though now that i think about it....couldn't he just throw another drive in the machine and make him an admin account, and password protect the other drives (Using bitlocker potentially) ? I've seen that done in enterprise/school settings where the "Guests" need Admin access to install/write/modify stuff but they don't want a bunch of script kiddies blowing up their backend.

Link to comment
Share on other sites
steve_v

steve_v

Posted
Posted (edited)
2 hours ago, Incarnation of Chaos said:

have backups of your OS on hand

Is excellent advice regardless of what shady programs you do or do not run. Safe computing 101 even.
It regularly astounds me the sheer number of people around who run without backups. The same people often extol the virtues of <insert favourite commercial antivirus> like it's some kind of magic shield.
Every time someone posts something like "Sorry guys, there will be no more updates, my laptop died and all my mods are lost" or "Waah, all my saves are gone, help me fix my hard drive" (and it's even happened here), I have to bite my tongue quite hard...

The answer to viruses, ransomware, disk failures, accidental deletion, cosmic rays, floods, fires, and windows update being windows update is... Having a tested backup on a different (and ideally remote) machine. Preferably a filesystem on said machine that is only accessible by tightly controlled backup scripts (e.g ssh as a dedicated no-shell user with 'forced-commands-only' set).


I have personally had a machine compromised exactly once, (by a bot :blush:) and entirely through my own stupidity (creating a user with an obvious password for guest access at a party, and forgetting to deny ssh login).
Recovery was as simple as a ctrl-alt-sysrq-k; cat <restore_script>; sh <restore_script>, and I was back like nothing happened in under 10 minutes.
The number of times I have restored backups for other reasons, be it hardware failures or simply me doing something destructive, is beyond counting.

 

2 hours ago, Incarnation of Chaos said:

couldn't he just throw another drive in the machine and make him an admin account, and password protect the other drives

He could indeed, though it's a pretty convoluted solution to a simple problem. I prefer "you may install thing in your home directory, but if you abuse it I will noexec your mount", but that's a unix thing again.

 

2 hours ago, Incarnation of Chaos said:

a bunch of script kiddies blowing up their backend

Guilty as charged :P. Had the run of the entire network and all the admin accounts at high school... Used it to play StarCraft mainly.

Edited by steve_v
typos
Link to comment
Share on other sites
Incarnation of Chaos

Incarnation of Chaos

Posted
Posted
17 hours ago, steve_v said:

Is excellent advice regardless of what shady programs you do or do not run. Safe computing 101 even.
It regularly astounds me the sheer number of people around who run without backups. The same people often extol the virtues of <insert favourite commercial antivirus> like it's some kind of magic shield.
Every time someone posts something like "Sorry guys, there will be no more updates, my laptop died and all my mods are lost" or "Waah, all my saves are gone, help me fix my hard drive" (and it's even happened here), I have to bite my tongue quite hard...

The answer to viruses, ransomware, disk failures, accidental deletion, cosmic rays, floods, fires, and windows update being windows update is... Having a tested backup on a different (and ideally remote) machine. Preferably a filesystem on said machine that is only accessible by tightly controlled backup scripts (e.g ssh as a dedicated no-shell user with 'forced-commands-only' set).


I have personally had a machine compromised exactly once, (by a bot :blush:) and entirely through my own stupidity (creating a user with an obvious password for guest access at a party, and forgetting to deny ssh login).
Recovery was as simple as a ctrl-alt-sysrq-k; cat <restore_script>; sh <restore_script>, and I was back like nothing happened in under 10 minutes.
The number of times I have restored backups for other reasons, be it hardware failures or simply me doing something destructive, is beyond counting.

 

He could indeed, though it's a pretty convoluted solution to a simple problem. I prefer "you may install thing in your home directory, but if you abuse it I will noexec your mount", but that's a unix thing again.

 

Guilty as charged :P. Had the run of the entire network and all the admin accounts at high school... Used it to play StarCraft mainly.

Personally i think it's due to a misunderstanding of what a "Backup" is, or can be. Sure; full system backups are the norm in a production/business environment where every second down is thousands in lost income. But for your average home user who has a decently fast internet connection? Do you really need all 1.5TB of games rolled into your ISO? Or just a snapshot of your preferred OS with your absolutely needed applications ( 7zip, Blender, Programming utilities etc.) and your documents? That in my experience is normally fine, and comes in closer to <200GB for Windows 10.  With a fast SSD and USB 3.0 flashdrive; i can be back up and working in a few minutes.

And since if i need to get back up that urgently usually the last thing on my mind is games, those are normally fine downloading in the background.

And yeah, it is convoluted. But it gets them what they both want, and storage is pretty cheap.

Link to comment
Share on other sites
  • 2 weeks later...
Corona688

Corona688

Posted
Posted
On 9/27/2020 at 12:08 PM, VoidSquid said:

Not a KSP but a Windows issue. 

Shameless self quote:

"outside of program files and program files (x86)"

 

That's M$'s nonsense UAC. "Protected" storage locations. To be expected. Very helpful for both, end users (who don't care or bother), and administrators (who are just annoyed). Find any sarcasm? Be my guest.

Follow my guide, and you're good.

You sound like my dad, who's been saving files straight to a:\ since 1981.  In the 90's he grudgingly changed his habits to c:\foldername\.

There's good reasons to not grant every single program on your computer the ability to modify every single file you possess.  Even by accident, a lot can happen.

Link to comment
Share on other sites
VoidSquid

VoidSquid

Posted
Posted
2 hours ago, Corona688 said:

There's good reasons to not grant every single program on your computer the ability to modify every single file you possess.  Even by accident, a lot can happen.

Key is to know, what you're doing, that's all the magic involved here.

Link to comment
Share on other sites
  • 2 months later...
sfhq

sfhq

Posted
Posted
On 10/24/2020 at 2:40 PM, steve_v said:

This is what happens when you spend decades allowing application vendors to provide their own executable installers, write whatever they want wherever they want, and store configuration data in whatever crazy directory structure they like... You form bad habits, and push "run it as administrator" to the top of every helldesk monkey's troubleshooting flowchart.

Over here in the sane unix world, we've had a multi-user system with consistent separation between administrator-provided application files and user-modifiable configuration since day one, and a formal standard for such since 1994... A point in time when MS was still running on top of DOS and had no concept of access control or user privileges at all.

So yeah, it's not Microsoft's fault any more, but it is Microsoft's fault that this situation developed in the first place.

IMO, the "All these folders are yours, except Europa Program Files. Attempt no writing there." solution is still the wrong way to go about it, because then you get what we see here - namely bypassing access controls by simply putting the same nasty mix of executables and configuration in some other globally-writable place.

You are right, of course, but that doesn't help gamers on Windows and I just wanted to help those, being one of them myself, unfortunately. They have to survive somehow, unless they are willing to switch over to the *nix/Linux world.

I myself am a huge Linux fan and I'm using it a lot personally and professionally, but still I can't get rid of Windows completely, it just doesn't work for me, neither at home nor at work. Not because Linux isn't good enough, but due to some circumstances that currently cannot be resolved in a way that I can toss Windows into the trash.

But nevertheless, I *always* have a running Linux system within reach, so I can use Linux whenever it is the better choice. Aside from managing serveral servers, of which *most* are running Linux.

Link to comment
Share on other sites
This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...