Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog
The Non-Admin blog - running with least privilege on the desktop... and then dealing with the application compatibility fallout... and using Sysinternals and other utilities to figure things out
Disabling User Account Control (UAC) on Windows Server
[Update May 17, 2011: this blog post has been republished as Microsoft Knowledge Base article...
Author: Aaron Margosis Date: 03/04/2011
TechEd sessions on Application Compatibility, Sysinternals utilities, and more
TechEd sessions are available for on-demand viewing. Here are some recent ones that Chris Jackson...
Author: Aaron Margosis Date: 01/20/2011
Adobe Reader X
Many of our customers make Adobe Reader part of their standard desktop image, or at least have it on...
Author: Aaron Margosis Date: 11/29/2010
LUA Buglight tips: opening a report file
I wish I had the time to write up proper documentation for LUA Buglight, the utility I wrote that...
Author: Aaron Margosis Date: 10/01/2010
Aaron Margosis @ Tech*Ed North America 2010
Kind of late to be posting this, but better late than never. I'm presenting three sessions at...
Author: Aaron Margosis Date: 06/05/2010
Machine SIDs and Domain SIDs
Microsoft Technical Fellow Mark Russinovich’s recent post “The Machine SID Duplication...
Author: Aaron Margosis Date: 11/05/2009
LUA Buglight 2.1 released
LUA Buglight 2.1, identifies admin-permissions issues ("LUA bugs") in desktop applications. New...
Author: Aaron Margosis Date: 11/03/2009
LUA Buglight
LUA Buglight 2.1 is here. LUA Buglight identifies admin-permissions issues ("LUA bugs") in desktop...
Author: Aaron Margosis Date: 11/03/2009
Utilities for Local Group Policy and IE Security Zones
Because of my work with the Federal Desktop Core Configuration, I’ve published a set of three...
Author: Aaron Margosis Date: 10/02/2009
Live, on the internet...
Ahoy, all -- Later this week I'll be appearing at a virtual roundtable hosted by Mark Russinovich,...
Author: Aaron Margosis Date: 06/15/2009
FAQ: How do I start a program as the desktop user from an elevated app?
Common Vista/Win7 scenario: the app you’ve written runs with elevated permissions, but then needs to...
Author: Aaron Margosis Date: 06/06/2009
"LUA Bug" demo app
I do a lot of presentations on how to identify and fix "LUA bugs" in applications (*), both for...
Author: Aaron Margosis Date: 11/07/2008
LUA Buglight 2.0, second preview
LUA Buglight is a utility that helps identify "LUA bugs" in applications -- application features...
Author: Aaron Margosis Date: 11/06/2008
I'll be at Tech*Ed in Barcelona, Nov 3-7
@font-face { font-family: Cambria Math; } @font-face { font-family: Segoe UI; } @font-face {...
Author: Aaron Margosis Date: 10/28/2008
The Return of PrivBar (x86 and x64)
I recently switched internet service providers, not realizing when I did that PrivBar and...
Author: Aaron Margosis Date: 08/15/2008
LUA Buglight 2.0 - preview
Attached to this blog post is a PREVIEW VERSION of LUA Buglight 2.0. LUA Buglight is a utility that...
Author: Aaron Margosis Date: 06/13/2008
Published - Security by Obscurity, and FDCC
In case I actually have any fans that are interested in things I've written outside of this blog...
Author: Aaron Margosis Date: 05/30/2008
Info about LUA Buglight 2.0
I recently did a TechNet webcast about the upcoming LUA Buglight 2.0. You can view the webcast here,...
Author: Aaron Margosis Date: 05/09/2008
I'll be speaking at Tech*Ed in June
I'm speaking at Tech*Ed North America 2008, during the "IT Professionals" week, June 10-13. I'll be...
Author: Aaron Margosis Date: 03/16/2008
Why apps have security bugs ([attempted] humor)
One reason why apps have security bugs -- because we developers were trained to focus on and...
Author: Aaron Margosis Date: 03/03/2008
Table of Contents (Aaron Margosis' Non-Admin WebLog)
The "why" posts: Not running as admin......
Author: Aaron Margosis Date: 09/14/2007
How to cleanly stop Explorer.exe on Windows Vista
This is the first time I have blogged here about something other than running with least privilege....
Author: Aaron Margosis Date: 07/17/2007
Scripting Elevation on Vista
[Added 2007-07-02, 16:41 Eastern Time: I was thoroughly and inexcusably remiss in failing to include...
Author: Aaron Margosis Date: 07/01/2007
FAQ: Why can’t I bypass the UAC prompt?
The frequently asked question, "Why can't I bypass the UAC prompt?" is often accompanied by...
Author: Aaron Margosis Date: 06/29/2007
And so this is Vista…
What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs,...
Author: Aaron Margosis Date: 06/28/2007
Follow-up on "Setting color for all CMD shells based on admin/elevation status"
[Updated, 2007-06-27] This is the (overdue) follow-up to my earlier blog post about setting the...
Author: Aaron Margosis Date: 06/27/2007
LUA Buglight and drive mappings: Action Required
LUA Buglight creates an alternate security context representing the current non-admin user but with...
Author: Aaron Margosis Date: 02/27/2007
Setting color for all CMD shells based on admin/elevation status
In my RunAs... and MakeMeAdmin posts, I recommend making your admin command shells visually...
Author: Aaron Margosis Date: 02/22/2007
LUA Buglight updated information
I've meant to provide more info and follow-up regarding LUA Buglight, the tool I wrote to help...
Author: Aaron Margosis Date: 02/15/2007
The SysInternals tools are now on microsoft.com
The SysInternals tools -- including Process Explorer, Regmon, Filemon, and many more -- are now...
Author: Aaron Margosis Date: 11/07/2006
MSDN webcast: LUA Buglight
I'll be presenting an MSDN webcast and demoing LUA Buglight next Tuesday, October 17, 2006, 11:00am...
Author: Aaron Margosis Date: 10/10/2006
LUA Buglight public [pre]-release
LUA Buglight™ is a tool I've been working on that is designed to help both developers and IT...
Author: Aaron Margosis Date: 08/07/2006
"Problems of Privilege: Find and Fix LUA Bugs" in TechNet Magazine
My ramblings have now been published in a more reputable venue than blogs.msdn.com. Pick up the...
Author: Aaron Margosis Date: 07/25/2006
Changing access control on folders vs. files
This post is the fourth installment in the "Fixing LUA Bugs" series. Before reading this, you should...
Author: Aaron Margosis Date: 06/19/2006
Anti-virus vs. Non-Admin
This may be controversial, but I truly believe it and I'll say it: With today's threat landscape and...
Author: Aaron Margosis Date: 06/02/2006
Smartcards and other 2-factor authentication
Steve Riley is trying to get a good body of customer experience with various forms of two-factor...
Author: Aaron Margosis Date: 04/26/2006
Fixing "LUA Bugs", Part II
Fixing "LUA bugs", Part II If (and only if) items #1 through #3 (a, b and c) from Fixing LUA bugs,...
Author: Aaron Margosis Date: 03/27/2006
Fixing "LUA bugs", Part I
You have an application that you – or your users – need to run. It’s a normal app – it isn’t...
Author: Aaron Margosis Date: 02/16/2006
What is a "LUA Bug"? (And what isn't a LUA bug?)
First, what is "LUA"? "LUA" is an acronym that variously refers to "Limited User Account",...
Author: Aaron Margosis Date: 02/06/2006
I'm Back! Upcoming Posts...
It's been way too long, but I'm going to force myself to find the time to get more "least-privilege"...
Author: Aaron Margosis Date: 02/04/2006
Workaround for Shutdown.exe LUA bug
The "shutdown.exe" command-line utility in Windows XP has a LUA bug that prevents non-admin users...
Author: Aaron Margosis Date: 01/27/2006
LUA Whitepaper released
Microsoft Solutions for Security & Compliance (MSSC) has released a new whitepaper, Applying the...
Author: Aaron Margosis Date: 01/27/2006
PrivBar source (finally)
[Aug 15 2008: Click here for updated links and instructions.] Finally, here is the often-requested...
Author: Aaron Margosis Date: 10/13/2005
Non-Admin, Live!
Tech*Ed 2005 in Orlando, FL (USA) will include significant coverage of "non-admin" topics: SEC350 -...
Author: Aaron Margosis Date: 05/19/2005
Table of contents, Aaron Margosis' non-admin blog
The Table of Contents for this blog has been moved here.
Author: Aaron Margosis Date: 04/18/2005
How to allow users to manage file and print shares without granting other advanced privileges
By default, the ability to manage file and print shares is granted only to members of the...
Author: Aaron Margosis Date: 04/17/2005
MakeMeAdmin follow-up
[Update Aug 6 2012: Attached the MakeMeAdmin.zip file to this blog post because the external hosting...
Author: Aaron Margosis Date: 03/11/2005
Changing the system date, time and/or time zone
By default, only Administrators and Power Users can use the “Date and Time” applet to change the...
Author: Aaron Margosis Date: 02/11/2005
Ctrl-C doesn't work in RUNAS or MakeMeAdmin command shells
Repro: · Use RunAs or MakeMeAdmin to get a CMD shell running in a different security context. · Run...
Author: Aaron Margosis Date: 02/09/2005
Managing Power Options as a non-administrator
As I mentioned in previous posts, the “Power Options” Control Panel applet is a particular sore spot...
Author: Aaron Margosis Date: 02/09/2005