I run my day to day life on USER rights.  Not just because I want to be a good example, I absolutely BELIEVE this is the smart thing to do.  Should I ever be silly enough to click on something I shouldn’t click on, at least when I do click on it, I’ll be doing it from user rights. Yes, this is “less needed” with the dual per-user security tokens of Windows 7, but I take it further to really run on a USER privilege account and only escalate to administrator when needed.

Today I’m reloading my primary development machine.   In doing, I’m converting it from Windows Server 2003, where I ran as a USER; to Windows 7 64-bit, where I’m running as a USER.

You see strange things when do this…

I’m sitting here trying to compile stuff.  I learn that some required environment variable isn’t set, so I set it in the command prompt and then things work.  Super – time to make that PERMANENT.

Start / Control panel / System and security / System (yes, that IS redundant)

Advanced system settings

Changing advanced system settings requires higher rights, I get prompted.

No magic here.  I go into the USER portion and add my environment variable, a variable that only I need on the computer because my user account is the only one that will be compiling, or even seeing, code.

Add the variable, OK, OK, done.

Start a fresh command prompt.  In my case, powershell command window, because well it’s cooler to have POWER in the name.

Try the compile – environment variable STILL isn’t there.  WHAT!

What happened

In the escalation to set the environment variable, I was setting an “advanced” system setting, which can’t be done on normal user rights.  In my promotion to high power, I escalated as machinename\admin and then set the USER environment variable.

The environment variable was set for ADMIN, not for josephno!

Awesome – what a completely worthless panel!

Observe: There’s no GUI way to set an environment variable for a USER and have it stick!

It would appear that while Windows 7 moves alot of “admin” things to really “user” things, this one was missed.  As an example, on Vista, looking at the calendar on the systray required admin rights.  On Windows 7, you can look at the calendar all you want, it doesn’t complain about rights until you try to change the time.

This control panel item appears to be one that will hopefully be addressed in some future version of Windows.

To work past, I used PowerShell to set the USER environment variable, and have it stick.  Technique described in detail here.  What it comes down to is a powershell call out to a .net class framework that knows how to set an environment variable, permanently.

[Environment]::SetEnvironmentVariable(“TestVariable”, “Test value.”, “User”)

setx from a cmd.exe command prompt would likely also do the job.

This isn’t exactly “Citrix” related, but it seemed worth sharing.

Joe Nord