Running restricted — What does the “protect my computer” option mean?

If you’ve been reading my “non-admin” posts, by now I assume you have seen the Windows XP “Run As” dialog.  (If you haven’t, please read this post first:  “RunAs” basic (and intermediate) topics.)   The initial settings when the “Run As” dialog opens are to run the program as the current user, with an option…

52

PrivBar — An IE/Explorer toolbar to show current privilege level

[Aug 15 2008:  Click here for updated links and instructions.] [Updated again:  Click here.] I’ve long wanted a way to know at a glance whether I am logged in as a member of the all-powerful Administrators group, the slightly less-powerful Power Users group, or as an ordinary User. The more I use RunAs (including with…

103

MakeMeAdmin — temporary admin for your Limited User account

[added March 11, 2005:  Important follow-up here:  http://blogs.msdn.com/aaron_margosis/archive/2005/03/11/394244.aspx] [edited Aug 6, 2012:  That follow-up post now includes the MakeMeAdmin.zip download, as the original hosting server is being decommissioned.]   Common scenario:  you log on with your Windows domain account, which you have removed from the Administrators group (as well as from Power Users, Backup Operators,…

228

RunAs with Explorer

This is the latest post in my series about how to run with limited user privileges on Windows XP and to use administrator privileges only as needed.  In my first post, I wrote “Unfortunately, Windows does not yet make running as non-admin as straightforward as it needs to be.”  This is probably nowhere more glaring…

177

“Zero-day” attacks and using limited privilege

There have been a couple of credible sounding stories in the press in the past week or two about zero-day attacks – that is, the malicious exploitation of previously unknown vulnerabilities.  I think we’re going to start seeing more of these, as the bad guys better understand the economic value of finding and exploiting vulnerabilities. …

14

“RunAs” basic (and intermediate) topics

In this posting:  What is RunAs?  How to use RunAs from the GUI (even if you can’t see it) Using RunAs from the command line When RunAs won’t work Useful RunAs shortcuts and related tips for the non-admin   Did you know that millions of people run as non-administrator every day?  It’s true!  What do…

149

The easiest way to run as non-admin

Upcoming posts in my LUA/non-admin track: Using secondary logon (RunAs) Running control panel applets as admin Using RunAs with Explorer Temporarily elevating your current account to admin without logging out Running with a restricted token (what does “protect my computer and data from unauthorized program activity” actually mean) “etc.” But first, the low-hanging fruit:  how…

61

Why you shouldn’t run as admin…

First, let’s define terms.  This may be oversimplifying, but for the purpose of this discussion there are only two types of users:  Administrators, and Users.  They are essentially distinguished by membership in the “Administrators” and “Users” local groups.  “Administrators” have complete and unrestricted access to the computer/domain.  “Users” are prevented from making accidental or intentional…

69

Not running as admin…

The security principle of “least privilege” is well understood:  Software should run with the smallest set of privileges needed to perform its tasks.  Low-privileged processes can do a lot less damage when they are compromised (or just buggy) than processes running at high privilege levels.  Windows has made great strides to run services with lower…

43