Running as non-admin is not as hard as I imagine
As a security tester, we need to ensure that our product works under minimal privilege. Yes, test machines are set up to test with minimal privilege, but my day-to-day email machine is set up with admin privilege. Although it is a threat to run under admin, it was more threatening to inflict myself with the hassles of running as non-admin. As an extremely paranoid person, I have so many novice questions: Do I need to reboot all the time if I need admin privilege? Will my apps continue to function properly? Will I get blue screen for no reasons?
One fine day, I decided to switch from admin to power user. Granted that power user is almost an admin, it should be a good start to run my box as non-admin. After several days, I did not find any differences with Office applications and other well-known ones, such as IE.
Until I need to unblock an application on my SP2 firewall do I have a problem. The problem can easily be circumvented by using "runas /user:mymachine\administrator control firewall.cpl" and enter my password. After the command, I run firewall.cpl as admin, and unblock my application. Finally, close the firewall app.
Voila, I am happy again with running my box as non-admin.
Comments
- Anonymous
January 19, 2005
The comment has been removed - Anonymous
January 19, 2005
http://weblogs.asp.net/aaron_margosis/ is a good source of running as non-admin info. Use the makemeadmin script, http://weblogs.asp.net/aaron_margosis/archive/2004/07/24/193721.aspx - Anonymous
January 19, 2005
The comment has been removed - Anonymous
January 19, 2005
Shift/right-click --> Run As.. - Anonymous
January 20, 2005
The comment has been removed - Anonymous
January 22, 2005
This works as long as you use applications which are aware of the difference between HKLM and HKCU... Unfortunately there are many applications which aren't...