Freigeben über


Running as non-admin is not as hard as I imagine

As a security tester, we need to ensure that our product works under minimal privilege.  Yes, test machines are set up to test with minimal privilege, but my day-to-day email machine is set up with admin privilege.  Although it is a threat to run under admin, it was more threatening to inflict myself with the hassles of running as non-admin.  As an extremely paranoid person, I have so many novice questions: Do I need to reboot all the time if I need admin privilege?  Will my apps continue to function properly?  Will I get blue screen for no reasons?

One fine day, I decided to switch from admin to power user.  Granted that power user is almost an admin, it should be a good start to run my box as non-admin.  After several days, I did not find any differences with Office applications and other well-known ones, such as IE. 

Until I need to unblock an application on my SP2 firewall do I have a problem.  The problem can easily be circumvented by using "runas /user:mymachine\administrator control firewall.cpl" and enter my password.  After the command, I run firewall.cpl as admin, and unblock my application.  Finally, close the firewall app.

Voila, I am happy again with running my box as non-admin.

Comments

  • Anonymous
    January 19, 2005
    The comment has been removed
  • Anonymous
    January 19, 2005
    http://weblogs.asp.net/aaron_margosis/ is a good source of running as non-admin info. Use the makemeadmin script, http://weblogs.asp.net/aaron_margosis/archive/2004/07/24/193721.aspx
  • Anonymous
    January 19, 2005
    The comment has been removed
  • Anonymous
    January 19, 2005
    Shift/right-click --> Run As..
  • Anonymous
    January 20, 2005
    The comment has been removed
  • Anonymous
    January 22, 2005
    This works as long as you use applications which are aware of the difference between HKLM and HKCU... Unfortunately there are many applications which aren't...