Why am I warned about running Kleopatra as Administrator?
We recommend running Gpg4win as regular user (and not with administration rights).
This general good practice for almost all applications since Microsoft Windows XP.
Permission problems in configuration files
Kleopatra writes to several files, for example when changing settings or importing keys.
If run with adminstration rights, a newly created file from this session may have the wrong permissions. So a user account cannot properly access this file. Unexpected behaviour results - maybe days later - and file permission problems are hard to analyse.
Users have reported running into these kind of problems, even after running Gpg4win with administration rights just once.
Raised danger of privilege escalation
Building a modern graphical user interface (GUI) requires a lot of source code. Mainly in the software modules used. These code libraries are complex in order to be comfortable to use. (Whether this is necessarily so, can trigger long technical debates of course).
Anyhow: The larger the code base, the harder to control its security properties. This is somewhat okay, if an application runs beside others on a desktop as regular user, but not a good thing, when running it as an administrator.
An example: Qt, the GUI library Kleopatra uses, has a plugin system which may be used to insert other code into an application. Therefore if malicious code got onto your regular user account, finds a way to trigger the plugin loading and then Kleopatra is run as administrator, it can be used as part of an attack chain to gain higher privileges.
Separating privileges helps, this mean using administration rights only rarely and with extra care, while working day to day as regular user.
References
Gpg4win-3.1.15 has a safeguard that disallows running Kleopatra as administrator. This will be changed to a warning with the next release, see https://dev.gnupg.org/T5248.
Kleopatra cannot be run as administrator without breaking file permissions in the GnuPG data folder. To manage keys for other users please manage them as a normal user and copy the `AppData\Roadmin\gnupg' directory with proper permissions.