Table of Contents (Aaron Margosis’ Non-Admin WebLog)



The “why” posts:



Not running as admin…



http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157866.aspx


Why you shouldn’t run as admin…



http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157962.aspx 


“Zero-day” attacks and using limited privilege



Expect to see more malware predating the patches – and how you can protect yourself. (Or, “Why you shouldn’t run as admin, Part 2”)
http://blogs.msdn.com/aaron_margosis/archive/2004/06/25/166039.aspx


Anti-virus vs. Non-Admin



Should you run as admin only because your anti-virus wants you to?
http://blogs.msdn.com/aaron_margosis/archive/2006/06/02/614226.aspx


 


The “Running as Admin Only When Required” Posts:



The easiest way to run as non-admin



This is the really important one for your non-techie friends and relatives …
http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/158806.aspx


“RunAs” basic (and intermediate) topics



A whole lot of detail about how to use “RunAs” to run programs under a different account.
http://blogs.msdn.com/aaron_margosis/archive/2004/06/23/163229.aspx


RunAs with Explorer



How to get Windows Explorer to work with RunAs (and why you might want to).
http://blogs.msdn.com/aaron_margosis/archive/2004/07/07/175488.aspx


MakeMeAdmin — temporary admin for your Limited User account



How to quickly and temporarily give your non-admin account administrator privileges, without having to log out.
http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx


MakeMeAdmin follow-up



MakeMeAdmin script updates, and a security setting you should change
http://blogs.msdn.com/aaron_margosis/archive/2005/03/11/394244.aspx


PrivBar — An IE/Explorer toolbar to show current privilege level



A toolbar for Explorer and Internet Explorer that shows you broadly at what privilege level that particular instance is running
http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/195350.aspx


PrivBar Source Code (finally)
http://blogs.msdn.com/aaron_margosis/archive/2005/10/13/480901.aspx


The Return of PrivBar (x86 and x64)
http://blogs.msdn.com/aaron_margosis/archive/2008/08/15/the-return-of-privbar-x86-and-x64.aspx


Setting color for *all* CMD shells based on admin/elevation status



How to automatically set the color and title of *all* CMD shells based on admin/elevation status with a one-time, one-line configuration change to your system.
http://blogs.msdn.com/aaron_margosis/archive/2007/02/22/setting-color-for-all-cmd-shells-based-on-admin-elevation-status.aspx


Follow-up Post, including coverage of PowerShell:
http://blogs.msdn.com/aaron_margosis/archive/2007/06/27/follow-up-on-setting-color-for-all-cmd-shells-based-on-admin-elevation-status.aspx


Running restricted — What does the “protect my computer” option mean?



What does it mean to “Run as current user” with the option to “Protect my computer and data from unauthorized program activity”?
http://blogs.msdn.com/aaron_margosis/archive/2004/09/10/227727.aspx


Ctrl-C doesn’t work in RUNAS or MakeMeAdmin command shells



http://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370266.aspx


 


The “Not Running as Admin At All” Posts:



Fixing LUA Bugs…



What is a “LUA Bug”?  (And what isn’t a LUA Bug?)



Not every “access denied” indicates a LUA bug!
http://blogs.msdn.com/aaron_margosis/archive/2006/02/06/525455.aspx


Fixing “LUA bugs”, Part I



A systematic approach for working around LUA bugs that avoids unnecessary exposure
http://blogs.msdn.com/aaron_margosis/archive/2006/02/16/533077.aspx


Fixing “LUA bugs”, Part II



A systematic approach for working around LUA bugs that avoids unnecessary exposure – the “rest of the story”
http://blogs.msdn.com/aaron_margosis/archive/2006/03/27/562091.aspx


Changing Access Control on Folders vs. Files



More info on the risks of changing access control lists to fix LUA bugs.
http://blogs.msdn.com/aaron_margosis/archive/2006/06/19/638148.aspx


Identifying LUA Bugs…



LUA Buglight 2.0, Second Preview



Latest version of the LUA-bug identification tool…
http://blogs.msdn.com/aaron_margosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx


LUA-bug demo app



A simple VB6 app for testing LUA-bug identification and remediation tools and techniques
http://blogs.msdn.com/aaron_margosis/archive/2008/11/07/lua-bug-demo-app.aspx


LUA Buglight public [pre]-release



“Why does Application XYZ need to run as admin?”
http://blogs.msdn.com/aaron_margosis/archive/2006/08/07/LuaBuglight.aspx


LUA Buglight MSDN Webcast



LiveMeeting talk/demo of LUA Buglight
http://blogs.msdn.com/aaron_margosis/archive/2006/10/10/MSDN-webcast_3A00_–LUA-Buglight-.aspx


LUA Buglight updated information



Updated information about LUA Buglight.
http://blogs.msdn.com/aaron_margosis/archive/2007/02/15/lua-buglight-updated-information.aspx


Remembering Calculator and Character Map Settings



http://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370264.aspx


Managing Power Options as a non-administrator



http://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370263.aspx


Changing the system date, time and/or time zone



Addressing one of the most common complaints about running as non-admin
http://blogs.msdn.com/aaron_margosis/archive/2005/02/11/371474.aspx


How to allow users to manage file and print shares without granting other advanced privileges



http://blogs.msdn.com/aaron_margosis/archive/2005/04/18/409105.aspx


Workaround for Shutdown.exe LUA bug



http://blogs.msdn.com/aaron_margosis/archive/2006/01/27/518214.aspx


Vista Topics:



And so this is Vista…



What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs, MakeMeAdmin, PrivBar and their interactions with IE and Explorer? The short answer is that Vista changes just about everything with respect to running with least privilege.
http://blogs.msdn.com/aaron_margosis/archive/2007/06/28/and-so-this-is-vista.aspx 


FAQ: Why can’t I bypass the UAC prompt?



Why Vista is better off without setuid or sudo.
http://blogs.msdn.com/aaron_margosis/archive/2007/06/29/faq-why-can-t-i-bypass-the-uac-prompt.aspx 


Scripting elevation on Vista



Since RunAs.exe won’t run a program elevated, is there a way to trigger an elevation prompt from a script?
http://blogs.msdn.com/aaron_margosis/archive/2007/07/01/scripting-elevation-on-vista.aspx


 

Comments (1)

  1. jcastin says:

    Thank you for the excellent training, Aaron. I have definitely bought in to LUA and am spreading the word.

    Thanks once again,

    Jesus Castineira

    jcastin@miamidade.gov