draft

Why am I warned about running Kleopatra as Administrator?

We recommend running Gpg4win as regular user (and not with administration rights).

This general good practice for almost all applications since Microsoft Windows XP.

Permission problems in configuration files

Kleopatra writes to several files, for example when changing settings or importing keys.

If run with adminstration rights, a newly created file from this session may have the wrong permission. So a user cannot be properly access this file. Unexpected behaviour results - maybe days later - and file permission problems are hard to analyse.

Users reported running into these kind of problems, even when running Gpg4win with administration rights just once.

Raised danger of privilege escalation

Building a modern graphical user interface (GUI) uses a lot of code. Mainly in the used software modules. These code libraries are complex in order to be comfortable to use. (Whether this is necessarily so, can trigger long technical debates of course).

Anyhow: The larger the code base, the harder to control security properties. This is somewhat okay, if an application runs beside others on a desktop as regular user, but not a good thing, when running it as an administrator.

An example: Qt, the GUI library Kleopatra uses, has a plugin system which may be used to insert other code into an application. So if malicious code got onto your regular user account, finds a way to trigger the plugin loading and then Kleopatra is run as administrator, it can be used as part of an attack chain to gain higher privileges.

References

Gpg4win-3.1.15 has a safeguard that disallows running Kleopatra as administrator. This will be changed to a warning with the next release, see https://dev.gnupg.org/T5248.

Kleopatra cannot be run as administrator
without breaking file permissions in the 
GnuPG data folder.

To manage keys for other users please
manage them as a normal user and copy
the `AppData\Roadmin\gnupg' directory
with proper permissions.