The “why” posts: Not running as admin… Why you shouldn’t run as admin… “Zero-day” attacks and using limited privilege Expect to see more malware predating the patches – and how you can protect yourself. (Or, “Why you shouldn’t run as admin, Part 2”) Anti-virus vs. Non-Admin Should you run as admin only because your anti-virus wants you to?
The “why” posts:
Not running as admin…
Why you shouldn’t run as admin…
“Zero-day” attacks and using limited privilege
Expect to see more malware predating the patches – and how you can protect yourself. (Or, “Why you shouldn’t run as admin, Part 2”)
Anti-virus vs. Non-Admin
Should you run as admin only because your anti-virus wants you to?
The “Running as Admin Only When Required” Posts:
The easiest way to run as non-admin
This is the really important one for your non-techie friends and relatives …
“RunAs” basic (and intermediate) topics
A whole lot of detail about how to use “RunAs” to run programs under a different account.
RunAs with Explorer
How to get Windows Explorer to work with RunAs (and why you might want to).
MakeMeAdmin — temporary admin for your Limited User account
How to quickly and temporarily give your non-admin account administrator privileges, without having to log out.
MakeMeAdmin script updates, and a security setting you should change
PrivBar — An IE/Explorer toolbar to show current privilege level
A toolbar for Explorer and Internet Explorer that shows you broadly at what privilege level that particular instance is running
PrivBar Source Code (finally)
The Return of PrivBar (x86 and x64)
Setting color for *all* CMD shells based on admin/elevation status
How to automatically set the color and title of *all* CMD shells based on admin/elevation status with a one-time, one-line configuration change to your system.
Follow-up Post, including coverage of PowerShell:
Running restricted — What does the “protect my computer” option mean?
What does it mean to “Run as current user” with the option to “Protect my computer and data from unauthorized program activity”?
Ctrl-C doesn’t work in RUNAS or MakeMeAdmin command shells
The “Not Running as Admin At All” Posts:
Fixing LUA Bugs…
What is a “LUA Bug”? (And what isn’t a LUA Bug?)
Not every “access denied” indicates a LUA bug!
Fixing “LUA bugs”, Part I
A systematic approach for working around LUA bugs that avoids unnecessary exposure
Fixing “LUA bugs”, Part II
A systematic approach for working around LUA bugs that avoids unnecessary exposure – the “rest of the story”
Changing Access Control on Folders vs. Files
More info on the risks of changing access control lists to fix LUA bugs.
Identifying LUA Bugs…
LUA Buglight 2.0, Second Preview
Latest version of the LUA-bug identification tool…
LUA-bug demo app
A simple VB6 app for testing LUA-bug identification and remediation tools and techniques
LUA Buglight public [pre]-release
“Why does Application XYZ need to run as admin?”
LUA Buglight MSDN Webcast
LiveMeeting talk/demo of LUA Buglight
LUA Buglight updated information
Updated information about LUA Buglight.
Remembering Calculator and Character Map Settings
Managing Power Options as a non-administrator
Changing the system date, time and/or time zone
Addressing one of the most common complaints about running as non-admin
How to allow users to manage file and print shares without granting other advanced privileges
Workaround for Shutdown.exe LUA bug
And so this is Vista…
What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs, MakeMeAdmin, PrivBar and their interactions with IE and Explorer? The short answer is that Vista changes just about everything with respect to running with least privilege.
FAQ: Why can’t I bypass the UAC prompt?
Why Vista is better off without setuid or sudo.
Scripting elevation on Vista
Since RunAs.exe won’t run a program elevated, is there a way to trigger an elevation prompt from a script?