PrivBar source (finally)

[Aug 15 2008:  Click here for updated links and instructions.]  Finally, here is the often-requested and long-awaited source code for PrivBar.  In the process of code review, I’ve made minor updates to the DLL – which is now at v1.0.2.1. [2005-10-27:  Updated to remove dependency on VC/MFC DLLs.] It’s originally based on the old “KBBar”…

18

Non-Admin, Live!

Tech*Ed 2005 in Orlando, FL (USA) will include significant coverage of “non-admin” topics: SEC350 – “Tips and Tricks to Running Windows with Least Privilege”, which I’m presenting, and SEC351 – “Developing with Least Privilege”, presented by G. Andrew Duthie. In addition, Robert Hurlbut will be leading a Birds of a Feather session, BOF034, “Developing Software…

19

How to allow users to manage file and print shares without granting other advanced privileges

By default, the ability to manage file and print shares is granted only to members of the Administrators, Power Users, and Server Operators groups.  Because members of those groups have many other system-level privileges, it is not recommended to make users members of those groups for the sole purpose of managing shares.  However, Windows provides…

28

MakeMeAdmin follow-up

[Update Aug 6 2012:  Attached the MakeMeAdmin.zip file to this blog post because the external hosting server is being decommissioned.]   Shortly after I first posted MakeMeAdmin, it was pointed out to me that it didn’t work correctly if the current user account had embedded spaces in the name.  I posted a correction in the comments…

106

Changing the system date, time and/or time zone

By default, only Administrators and Power Users can use the “Date and Time” applet to change the computer’s date, time, or time zone.  A regular User double-clicking on the clock in the notification area of the taskbar gets only an error message that says, “You do not have the proper privilege level to change the…

74

Ctrl-C doesn’t work in RUNAS or MakeMeAdmin command shells

Repro: ·        Use RunAs or MakeMeAdmin to get a CMD shell running in a different security context. ·        Run “DIR /A /S C:\” to list every file and folder on the C: drive.  ·        Try to stop the output with Ctrl-C.    Result:  Nothing happens.  “DIR” continues to execute.   Workaround:  Use Ctrl-Break instead.  …

24

Managing Power Options as a non-administrator

As I mentioned in previous posts, the “Power Options” Control Panel applet is a particular sore spot for non-administrators.  Because clicking “OK” causes per-machine and per-user settings to be written, the only way to change the per-user settings is if the user is an administrator and can change the per-machine settings at the same time. …

93

Remembering Calculator and Character Map Settings

Here’s an odd little one you might not have noticed.  The Windows Calculator applet remembers whether it was last displayed in “Standard” or “Scientific” view, and whether digit grouping was selected, and restores those settings the next time you use it.  Because this applet dates back to the very early days of Windows, it saves…

14