RLGaming.com

This is an interesting program released by a Microsoft Developer. Basically it removes administrative rights when running a particular program, for those of us logged into our machines as administrators all the time (which is extremely BAD of us... and I say 'us' because I do it too...)

For instance to create a shortcut for IE, rather than running:
c:\program files\internet explorer\iexplore.exe

you'd set it up to run:
"c:\program files\dropmyrights\dropmyrights.exe" "c:\program files\internet explorer\iexplore.exe"

When you run the program in this way, IE is run as a normal user rather than an administrator. In this way you can prevent it from doing several things that may be harmful to the system should you open a malicious website.

You would still want to have an icon for IE tucked away somewhere as it is necessary to run as an admin to install Windows Updates, ActiveX components, etc.

The same can be done for Outlook Express and any other higher risk applications you may be running, in order to restrict them in the case that you inadvertantly try to view a malicious e-mail, website, etc.

http://msdn.microsoft.com/library/defau ... 152004.asp

so it is sudo for windows.

Sort of, except that sudo is udually used to escalate priveleges; granted there is no saying you can't use another user with less priveleges...

And there is no other user account involved which also makes it interesting.

That's why I think it is an interesting program I guess. It's sorta similar, but sorta like no other program on the planet. Leave it to Microsoft. :lol: :shock:

Flawed! Flawed and Perfect

yeah - so what user or privilege setting does it use? is there a configuration for it?

I read the description - it looks like it uses your same user (admin) but strips out the specific priveliges (tokens). I'm no expert, so don't ask me deeper questions ;)

I just set up my IE to use it and I notice nothing different - which is good. It may not be the total solution to a safe pc, but every little bit helps.

-B

What Gator said. The page gives a good run down of how it works. The source code is even available; it probably comes to around a 100 lines tops. When you download it you even get the .cpp file and could compile it yourself, if so inclined.

The creator gave a good example of a virus that would be blocked if the program that introduced it to the PC were running as a non-priveleged user vs. an administrator (W32.Beagle.AV@mm)

Gator, if you want to see the difference you can visit windowsupdate.microsoft.com and it should immediately complain that it needs administrative privelages in order to run. Easiest test to see if it looks like it is running properly that I can think of.

i just did that -- accidentally -- and it said i must be logged in as admin.

I recently re-formatted, and re-installed my WinXP. Whilst doing so it asks what user names are to be catered for. The basic question being, is the first 'user' name typed-in classed as 'administrator'?
Can you put in layman's terms what that little proggy there does, and if it's useful at all for the likes of myself?

There will be an administrator account and that first username will have administrative priveleges, most likely with any additional ones created at that time.

This program removes administrative priveleges from a program launched with it to limit the potential damage they can do to the system if they are hijacked by a virus, adware, or spyware.

It could be useful to just about anyone who wants to run their computer using an administrator account but wants to IM, read e-mail, browse the web or engage in any other 'high risk' behaviour with less priveleges.

Okay, cool! I don't think I have any true need for it right now myself. having said that, I did create Kerrie's account at the time of installation too :roll: - hope it doesn't have admin rights. Still, she HAS said she'll avoid making use of Ares & other such proggies. Now that she knows she can basically use Media Player to create MP3 files from normal audio CD tracks, I think she may be happier about my telling her she can't mess around with those proggies and websites anymore on my PC. You'd think she'd be over the moon about being offered her very own (don't touch this or I'll scratch you eyes out!) laptop , not to mention a wireless net connection. :roll:

I run WinXP Pro as a 'Power User' (more rights than a normal user but still less than admin) and use Mozilla Firefox set to just say no to pretty much everything. I'd tell ya how to set XP for Power User but it's been so long since I did it I've forgotten how.

:mrgreen:

TD