PrivBar Update

PrivBar is a toolbar I first published over seven years ago (!) for Internet Explorer and Windows Explorer.  I updated it three years ago to add support for x64.  Today I am updating it to offer better support for Vista and Windows 7 and the corresponding Server versions.  Specifically, instead of showing a group name such as Users or Administrators in the toolbar, it shows the integrity level of the current page.  One significant benefit is that this helps mitigate the removal of the Protected Mode indicator from the IE9 status bar.

Download the .zip file attached to this post; extract the DLLs to a shared location (e.g., under Program Files) and register each with regsvr32.exe.  (Note that PrivBarX64.dll can be used only on x64 editions of Windows.)  The toolbars need to be enabled separately for Windows Explorer, Internet Explorer, and Internet Explorer (64 bit):  press Alt to display the menu, then choose View | Toolbars | PrivBar x64.  (It says “x64” even for the 32-bit version.)

Integrity levels (ILs) were first introduced in Windows Vista and are part of what makes it possible for programs running under a single user account to have different security restrictions.  Basically (and oversimplifying), a program running at a particular integrity level cannot modify resources that are marked at a higher integrity level.  Its most prominent application is in IE’s Protected Mode.  On Windows 7 IE Protected Mode is enabled in the Internet and Restricted Sites security zones, and disabled in the Intranet, Trusted Sites, and Computer (Local Machine) zones.  With Protected Mode enabled, IE runs at the Low integrity level and cannot directly write to most areas of the file system or registry (which are marked Medium), or manipulate other programs the user is running such as by sending synthesized keystroke messages.  Sysinternals Process Explorer is a great tool for identifying the ILs of processes on your computer (and the Windows Sysinternals Administrator’s Reference is a great book for learning all about Process Explorer and much more. :)

The main ILs you’ll see in Windows are:

  • Low:  less-privileged processes, including Internet Explorer with Protected Mode, as well as Microsoft Office 2010’s Protected View and Adobe Reader X’s sandbox mode.
  • Medium:  most user applications run at the Medium level.
  • High:  user applications running with full administrative rights (e.g., apps launched with UAC’s “Run as administrator”).
  • System:  the integrity level given to Windows services.

Here’s a screenshot of Internet Explorer browsing a site in the Internet zone.  Protected Mode is enabled and PrivBar shows “Low IL” with a green circle icon.

IE-LowIL

If you browse to a site in the Intranet or Trusted Sites zone, Protected Mode is disabled.  As this screenshot shows, PrivBar reports “Medium IL” with a yellow circle icon.

IE-MediumIL

The vast majority of desktop applications run at Medium IL, including Windows Explorer, shown here:

Explorer-MediumIL

By default, UAC’s “Admin Approval Mode” is not applied to the built-in Administrator account, so when you log on with that account, everything runs with full administrative rights.  Here are screenshots of Internet Explorer and Windows Explorer, with PrivBar reporting “High IL” and a red circle icon.  (Note that in most scenarios, the built-in Administrator account is disabled.)

IE-HighIL

Explorer-HighIL

You can use the new versions on Windows XP and Windows Server 2003.  Instead of the Integrity Level, it shows “Users”, “Power Users” or “Administrators” as it did in the past.

PrivBar.1.1.0.2.zip