Windows_Security

Level 23
Verified
Trusted
Content Creator
Has anyone tried to run an Installed Application as "Run as a different user" while being logged in your Admin account? What are the Pro's and Con's, or any Side affects of this action?
Yes, I used it on my Windows 7 Ultimate. Combining AppLocker + AccessControlList restrictions for that user (e.g. Safe_Surfer) I ran Firefox in a very restrictd container. Moving from Windows 7 ultimate to Windows 10 Pro I lost AppLocker, so dropped this user.

I still have a BackupUser which only has write/delete access to an old 250Gb harddisk to backup my Documents folder on my desktop. On this old HD only this BackupUser has full control of that folder. Others have only read rights (ACL's). An easy protection against ransomware when you have an old HD laying around (at night full backup is done to NAS which is disconnected during day).

212951
 
Last edited:

Local Host

Level 18
Verified
Google Chrome, Chromium Edge Dev, and Firefox (stable versions) are installed by default in 'C:\Program Files'. All update with Admin rights via scheduled tasks or services.
Some Chromium-based web browsers (like Chromium Edge Canary, Opera, Vivaldi) can install by default in the %Userprofile%. Opera updates via scheduled task but the task does not run with highest privileges.
Chrome and Firefox default location is in the %appdata%, in fact there's been a problem for years with CCleaner due to Firefox leaving leftovers in the %appdata%.

You can only get Firefox in the Program Files when you setup for multiple users, while Chrome does it's own thing.

Some Chromium Forks like Vivaldi included the option (same as Firefox), but it's still setup by default to be installed per user in the %appdata%.

Untitled.jpg

I have no reason whasoever to redirect my program setups into my %appdata% folder, in fact those folders are normally used to keep configuration data (per user) for the software, not to install software in there like Google and Mozilla do.
 
Last edited:

Andy Ful

Level 46
Verified
Trusted
Content Creator
Chrome and Firefox default location is in the %appdata%, in fact there's been a problem for years with CCleaner due to Firefox leaving leftovers in the %appdata%.

You can only get Firefox in the Program Files when you setup for multiple users, while Chrome does it's own thing.

Some Chromium Forks like Vivaldi included the option (same as Firefox), but it's still setup by default to be installed per user in the %appdata%.

View attachment 212952

I have no reason whasoever to redirect my program setups into my %appdata% folder, in fact those folders are normally used to keep configuration data (per user) for the software, not to install software in there like Google and Mozilla do.
Here are my observations. The latest stable Firefox, Google Chrome, Chromium Edge Dev installers all trigger UAC. When one accepts elevation then they install by default in Program Files (Program Files (x86)).
But, if one cancels the UAC then:
  1. Firefox installs automatically in %UserProfile%.
  2. Google Chrome and Chromium Edge Dev show the alert that they can be installed without admin rights. If one accepts installation, then they install in %UserProfile.%
So, the final installation folder depends actually on the user choice - if he/she allows the installer to elevate.
I also observed, that beta versions often install in %UserProfile%.
 
Last edited: