Table of Contents (Aaron Margosis' Non-Admin WebLog)

The "why" posts:

Not running as admin...

Why you shouldn't run as admin...

"Zero-day" attacks and using limited privilege

Expect to see more malware predating the patches - and how you can protect yourself. (Or, "Why you shouldn't run as admin, Part 2")

Anti-virus vs. Non-Admin

Should you run as admin only because your anti-virus wants you to?


The "Running as Admin Only When Required" Posts:

The easiest way to run as non-admin

This is the really important one for your non-techie friends and relatives ...

"RunAs" basic (and intermediate) topics

A whole lot of detail about how to use "RunAs" to run programs under a different account.

RunAs with Explorer

How to get Windows Explorer to work with RunAs (and why you might want to).

MakeMeAdmin -- temporary admin for your Limited User account

How to quickly and temporarily give your non-admin account administrator privileges, without having to log out.

MakeMeAdmin follow-up

MakeMeAdmin script updates, and a security setting you should change

PrivBar -- An IE/Explorer toolbar to show current privilege level

A toolbar for Explorer and Internet Explorer that shows you broadly at what privilege level that particular instance is running

PrivBar Source Code (finally)

The Return of PrivBar (x86 and x64)

Setting color for *all* CMD shells based on admin/elevation status

How to automatically set the color and title of *all* CMD shells based on admin/elevation status with a one-time, one-line configuration change to your system.

Follow-up Post, including coverage of PowerShell:

Running restricted -- What does the "protect my computer" option mean?

What does it mean to "Run as current user" with the option to "Protect my computer and data from unauthorized program activity"?

Ctrl-C doesn't work in RUNAS or MakeMeAdmin command shells

The "Not Running as Admin At All" Posts:

Fixing LUA Bugs...

What is a "LUA Bug"? (And what isn't a LUA Bug?)

Not every "access denied" indicates a LUA bug!

Fixing "LUA bugs", Part I

A systematic approach for working around LUA bugs that avoids unnecessary exposure

Fixing "LUA bugs", Part II

A systematic approach for working around LUA bugs that avoids unnecessary exposure - the "rest of the story"

Changing Access Control on Folders vs. Files

More info on the risks of changing access control lists to fix LUA bugs.

Identifying LUA Bugs...

LUA Buglight 2.0, Second Preview

Latest version of the LUA-bug identification tool...

LUA-bug demo app

A simple VB6 app for testing LUA-bug identification and remediation tools and techniques

LUA Buglight public [pre]-release

"Why does Application XYZ need to run as admin?"

LUA Buglight MSDN Webcast

LiveMeeting talk/demo of LUA Buglight

LUA Buglight updated information

Updated information about LUA Buglight.

Remembering Calculator and Character Map Settings

Managing Power Options as a non-administrator

Changing the system date, time and/or time zone

Addressing one of the most common complaints about running as non-admin

How to allow users to manage file and print shares without granting other advanced privileges

Workaround for Shutdown.exe LUA bug

Vista Topics:

And so this is Vista...

What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs, MakeMeAdmin, PrivBar and their interactions with IE and Explorer? The short answer is that Vista changes just about everything with respect to running with least privilege.

FAQ: Why can't I bypass the UAC prompt?

Why Vista is better off without setuid or sudo.

Scripting elevation on Vista

Since RunAs.exe won't run a program elevated, is there a way to trigger an elevation prompt from a script?