For the last few weeks, I've been playing around with a LUA tool that was recently presented to me. The tool is available on the following website
The tool intercepts interactive logons and uses the Safer APIs to restrict your logon token to that of a normal user and start explorer with the restricted token. In effect, when you log on it logs you on as a normal user. The handy part is that it also creates a tray application that allows you to start programs with your full token rights without the hassle of entering your password. This is very similar to Aaron Margosis's MakeMeAdmin.cmd script. I highly recomend this for anyone who runs as an LUA.
Here are the few downsides I have encountered while using this program
- CTRL+SHIFT+ESC starts TaskMgr with full administrative rights (noted on website). You can get around this by choosing the taskmgr from the TaskBar right click menu
- For this to work, your account must be a part of the Administrators group. Thus if you use the MakeMeAdmin script out of habbit one day, it will remove your account from the Administrator group.