Table of Contents (Aaron Margosis' Non-Admin WebLog)

The "why" posts:

Not running as admin...

https://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157866.aspx

Why you shouldn't run as admin...

https://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157962.aspx

"Zero-day" attacks and using limited privilege

Expect to see more malware predating the patches - and how you can protect yourself. (Or, "Why you shouldn't run as admin, Part 2")
https://blogs.msdn.com/aaron_margosis/archive/2004/06/25/166039.aspx

Anti-virus vs. Non-Admin

Should you run as admin only because your anti-virus wants you to?
https://blogs.msdn.com/aaron_margosis/archive/2006/06/02/614226.aspx

 

The "Running as Admin Only When Required" Posts:

The easiest way to run as non-admin

This is the really important one for your non-techie friends and relatives ...
https://blogs.msdn.com/aaron_margosis/archive/2004/06/17/158806.aspx

"RunAs" basic (and intermediate) topics

A whole lot of detail about how to use "RunAs" to run programs under a different account.
https://blogs.msdn.com/aaron_margosis/archive/2004/06/23/163229.aspx

RunAs with Explorer

How to get Windows Explorer to work with RunAs (and why you might want to).
https://blogs.msdn.com/aaron_margosis/archive/2004/07/07/175488.aspx

MakeMeAdmin -- temporary admin for your Limited User account

How to quickly and temporarily give your non-admin account administrator privileges, without having to log out.
https://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx

MakeMeAdmin follow-up

MakeMeAdmin script updates, and a security setting you should change
https://blogs.msdn.com/aaron_margosis/archive/2005/03/11/394244.aspx

PrivBar -- An IE/Explorer toolbar to show current privilege level

A toolbar for Explorer and Internet Explorer that shows you broadly at what privilege level that particular instance is running
https://blogs.msdn.com/aaron_margosis/archive/2004/07/24/195350.aspx

PrivBar Source Code (finally)
https://blogs.msdn.com/aaron_margosis/archive/2005/10/13/480901.aspx

The Return of PrivBar (x86 and x64)
https://blogs.msdn.com/aaron_margosis/archive/2008/08/15/the-return-of-privbar-x86-and-x64.aspx

Setting color for *all* CMD shells based on admin/elevation status

How to automatically set the color and title of *all* CMD shells based on admin/elevation status with a one-time, one-line configuration change to your system.
https://blogs.msdn.com/aaron_margosis/archive/2007/02/22/setting-color-for-all-cmd-shells-based-on-admin-elevation-status.aspx

Follow-up Post, including coverage of PowerShell:
https://blogs.msdn.com/aaron_margosis/archive/2007/06/27/follow-up-on-setting-color-for-all-cmd-shells-based-on-admin-elevation-status.aspx

Running restricted -- What does the "protect my computer" option mean?

What does it mean to "Run as current user" with the option to "Protect my computer and data from unauthorized program activity"?
https://blogs.msdn.com/aaron_margosis/archive/2004/09/10/227727.aspx

Ctrl-C doesn't work in RUNAS or MakeMeAdmin command shells

https://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370266.aspx

The "Not Running as Admin At All" Posts:

Fixing LUA Bugs...

What is a "LUA Bug"? (And what isn't a LUA Bug?)

Not every "access denied" indicates a LUA bug!
https://blogs.msdn.com/aaron_margosis/archive/2006/02/06/525455.aspx

Fixing "LUA bugs", Part I

A systematic approach for working around LUA bugs that avoids unnecessary exposure
https://blogs.msdn.com/aaron_margosis/archive/2006/02/16/533077.aspx

Fixing "LUA bugs", Part II

A systematic approach for working around LUA bugs that avoids unnecessary exposure - the "rest of the story"
https://blogs.msdn.com/aaron_margosis/archive/2006/03/27/562091.aspx

Changing Access Control on Folders vs. Files

More info on the risks of changing access control lists to fix LUA bugs.
https://blogs.msdn.com/aaron_margosis/archive/2006/06/19/638148.aspx

Identifying LUA Bugs...

LUA Buglight 2.0, Second Preview

Latest version of the LUA-bug identification tool...
https://blogs.msdn.com/aaron_margosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx

LUA-bug demo app

A simple VB6 app for testing LUA-bug identification and remediation tools and techniques
https://blogs.msdn.com/aaron_margosis/archive/2008/11/07/lua-bug-demo-app.aspx

LUA Buglight public [pre]-release

"Why does Application XYZ need to run as admin?"
https://blogs.msdn.com/aaron_margosis/archive/2006/08/07/LuaBuglight.aspx

LUA Buglight MSDN Webcast

LiveMeeting talk/demo of LUA Buglight
https://blogs.msdn.com/aaron_margosis/archive/2006/10/10/MSDN-webcast_3A00_--LUA-Buglight-.aspx

LUA Buglight updated information

Updated information about LUA Buglight.
https://blogs.msdn.com/aaron_margosis/archive/2007/02/15/lua-buglight-updated-information.aspx

Remembering Calculator and Character Map Settings

https://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370264.aspx

Managing Power Options as a non-administrator

https://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370263.aspx

Changing the system date, time and/or time zone

Addressing one of the most common complaints about running as non-admin
https://blogs.msdn.com/aaron_margosis/archive/2005/02/11/371474.aspx

How to allow users to manage file and print shares without granting other advanced privileges

https://blogs.msdn.com/aaron_margosis/archive/2005/04/18/409105.aspx

Workaround for Shutdown.exe LUA bug

https://blogs.msdn.com/aaron_margosis/archive/2006/01/27/518214.aspx

Vista Topics:

And so this is Vista...

What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs, MakeMeAdmin, PrivBar and their interactions with IE and Explorer? The short answer is that Vista changes just about everything with respect to running with least privilege.
https://blogs.msdn.com/aaron_margosis/archive/2007/06/28/and-so-this-is-vista.aspx

FAQ: Why can't I bypass the UAC prompt?

Why Vista is better off without setuid or sudo.
https://blogs.msdn.com/aaron_margosis/archive/2007/06/29/faq-why-can-t-i-bypass-the-uac-prompt.aspx

Scripting elevation on Vista

Since RunAs.exe won't run a program elevated, is there a way to trigger an elevation prompt from a script?
https://blogs.msdn.com/aaron_margosis/archive/2007/07/01/scripting-elevation-on-vista.aspx