Table of contents, Aaron Margosis’ non-admin blog


The Table of Contents for this blog has been moved here.


Comments (32)

  1. Norwegian says:

    How about doing a piece on using TweakUI as non-admin? I’m getting it to work, but it doesn’t save settings when you reboot.

  2. What TweakUI settings aren’t persisting? I haven’t seen that problem. Note that some settings are per-user settings. Note that not all per-user settings are accessible to the user (e.g., policy settings).

  3. Jonathan says:

    Isn’t this supposed to be implemented as post categories, instead of an odd "flashback" post?

  4. Jonathan –

    Yes, it should, but for whatever reason the new server software doesn’t show just titles and abstracts, so the desired view isn’t available. Also, this lets me put the items in a more coherent order.

    Or maybe it’s like when the record label releases a Greatest Hits album, feeling that the band’s best days are over – which must mean that the double live album can’t be far behind. 🙂 And in fact, it isn’t: I’m presenting "Tips and Tricks for Running Windows with Least Privilege" at Tech*Ed in Orlando (June) and Amsterdam (July). BTW, G. Andrew Duthie will be presenting the "Part II" of this topic in Orlando at least: "Developing With Least Privilege". I highly recommend that all devs and dev managers (at least) attend his session.

  5. The Administrator Accounts Security Planning Guide has recently been posted to TechNet and hence…

  6. Alex says:

    Last week at TechEd I mentioned to you an article I read about adding printer drivers as a non-admin. I thought it concerned members of the Users group, but this article describes how to give Print Operators the ability to add printer drivers. It’s by Kathy Ivens in the April 2004 issue of WindowsITPro. Look at tip 2 in I hope it’s of use to you.

  7. About a year ago I was reading something (blog, article, billboard, I

    don’t know what) that was talking…

  8. Michael says:

    SyncToy v1 Beta sounds pretty cool. To obtain the download, however, I need to validate Windows. The ActiveX required for the standard method fails silently after installation. I don’t know but I guess the installation itself fails silently.

    The alternate Method also fails: The Validation Tool runs fine and returns some code. In the next window, I have to press continue (whatever sense this additional information makes). Then, another ActiveX-warning appears and on validate now, an hta-application is loaded which also fails, recommending that I contant my reseller.

    When I run MSIE as Admin, everything works fine.

    Does Microsoft encourage non-admin usage of windows? Obviously not.


  9. In my previous post

    I talked about how I started to work with a Limited User Account (LUA).

    I’ve found…

  10. In my previous post I talked about how I started to work with a Limited User Account (LUA). I’ve found that as long as you have a couple of tools and a good idea of what is going on working without Administrative rights is not too bad. There are times that you need Administrative rights to get things done though.

  11. John Galt says:

    An excellent set of articles there, Aaron. Kudos to you on the hard work and preparation.


    re: Genuine Windows Validation fails for non-admin

    Did you try running the tool using run-as?

  12. Layth says:

    Hello Aaron

    Can i use the privbar on SQL enterpris manager or query analyzer ???


    Layth Shasha

  13. Layth –

    No – PrivBar extends only the Explorer/IE shell. I’ve considered writing something to modify the title bars of other apps, but there is a much greater risk involved, since it would involve injecting code into every process on the desktop.

  14. Those of you who are taking advantage of the Remote Access Quarantine feature of Windows Server…

  15. I encourage customers to architect machines such that data is stored in a separate partition of the hard…

  16. Many of us are concerned about the ever increasing threat to information security and business continuity…

  17. UACBlog says:

    Are you thinking of turning off UAC?  Before you do…

  18. John says:


    I have an ASP (not an ASP.NET) application accessing Sql Server 2005 database installed in Vista Beta 2 (Build : 5384). I am unable to access my application in server. UAP is blocking my application. I dont want to change system level UAP configuration using msconfig or secpol.msc.

    Can any one suggest me some idea to change application level UAP configuration, so that I can access by ASP application.

    Thanks in Advance.


  19. Aaron,  love your site and info.  you talk about the things desktop admins should know from day one and most don’t know at all.

    i have a question and was wondering if you could point me in the right direction.

    in our environment (1400 locked down workstations, with gpo policies and a security template applied) we are having an issue with the xp sp2 upgrade.

    everything is fine until the user logs in after the upgrade.

    rundll32 runs calling an inf for mediaplayer customization.  it wants to write a key to hkcusoftwareclasses.

    i get the advanced inf install error.

    is there something simple i can do to fix this.

    i have been trying logon scripts running subinacle to set elevated rights but it just isnt working.

    why is mediaplayer wanting to write to this key?  you would think they would know about lua bugs more then anyone.

    the key it tries to create is:

    SoftwareMicrosoftMediaPlayerPreferences: AcceptedPrivacyStatement=1

    thats my story and i am sticking to it.

  20. Brian Hickman says:

    looks like this is running and causing my issues as a locked down user:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{6BF52A52-394A-11d3-B153-00C04F79FAA6}StubPath

    with a value of:

    rundll32.exe advpack.dll,LaunchINFSection C:WINDOWSINFwmp.inf,PerUserStub

    thinking about just moving or deleting this key/value.


  21. Ok, I’ll admit it. I’ve been living dangerously for the last several years.

    Simply put, I refuse to install any kind of antivirus or personal firewall software on any of my systems. This includes a Windows XP Home system that was used by my children as

  22. The story is all too familiar. Developing software as a standard user on your computer can be challenging

  23. As an IT Professional you might get the question to deploy Mozilla’s FireFox browser on the workstations

  24. <duh duh da da duh duh music playing in the background> Your job, Mr. Phelps is to devise a way

  25. What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs, MakeMeAdmin, PrivBar and their interactions with IE and Explorer? The short answer is that Vista changes just about everything with respect to running with least

  26. Mike says:

    What registry fix would be available to allow non-admins the ability to burn DVDs without installing Nero BurnRights?

  27. Why Vista is better off without setuid or sudo.

  28. Frank says:

    Hi Aaron,

    I recently downloaded Explorer 7.0 and an having problems, I am using a dial-up connection, Windows Xp Sp-2 348mz & 384 ram, the problem is that after downloading Exp.7.0 my system acts sluggish. Takes forever to connect to a website, and just locks up sometimes, must use Esc. to regain control, the computer is protected McAfee security center against viris’s and such.

    Is there any way that I could return to Exp.6.0, as I feel this rig is not up to date enought to use 7.0.



  29. Jerry says:

    This site and the one I found that led me here,, is something I’ve been looking for for several years, i.e. post Win XP inception.

    I have attempted to modify permissions because of the problem with a lot of my applications, that are pre Win XP, running under a limited user. My success has been limited.

    I am concerned that I may have compromised my limited user account. I have located several sites that supposedly return permissions to the original settings. I hope that this site will help me in that endeavor.

    Thanks in advance,

    Jerry Clasby

  30. Shirley says:

    I have no idea how I came across you, but you sound very intelligent, so maybe you can help me.

    We have a D-link Extreme N router in the den with the main computer. I installed the d-link DWA-552 Desktop Adapter into my computer. The problem sometimes it works a little sometimes it doesn’t work at all. And, this is weird-It seems like when its trying not to work that my mouse hangs up and won’t hardly work.

    Do you have any idea what I could be doing wrong. It is Windows XP with service pack 2. thank you