Tutorial Thursday
Many of us are aware that Windows Vista has a feature called User Account Control (UAC). This prevents programs from making changes to the registry or doing anything malicious to your computer without you granting the software administrative rights. Windows XP has a similar feature but it kinda works backwards. Most people who are using XP are an administrator and full access to the PC is granted to nearly all programs that you run, but you can always force certain programs to run underprivileged.
What effects does so have on the program that you are running as “underprivileged?” Here is what a MSDN blog says:
- Group membership: If you were logged in as a member of Administrators, Power Users, or certain powerful domain groups, the app runs without the benefit of those group memberships.
- Registry: The app has read-only access to the registry, including HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. The app has no access to HKCU\Software\Policies.
- File system (assuming NTFS): The app cannot access the user’s profile directory at all. That includes “My Documentsâ€, “Temporary Internet Filesâ€, “Cookiesâ€, etc.
- Privileges: The app has no system-wide privileges other than “Bypass traverse checkingâ€.
So for most programs this could cause some issues because they will need access to the profile in order to retrieve things, but this might be particularly useful when you are browsing the Internet on some sites that you might be suspicious about. That way there will be no way for the browser to write to the hard drive.
So how do you run a program with such constraints? It is actually quite simple:
- First off, you need to right-click on the shortcut for the desired program and select the ”Run as…” option.
- In the window that pops up make sure the “Protect my computer and data from unauthorized program activity” option is checked and hit the OK button to continue launching the program.
In the future if you want to always have the “Run as…” window displayed when click the shortcut you should do the following:
- Right-click on the shortcut and select “Properties”.
- Click on the Shortcut tab and then Advanced. Check the box that reads “Run with different credentials” and then click OK twice.
That’s all there is to it. Whether a program will work or not while using this is dependent on whether it requires access to your profile, and most applications store settings there so it could be quite a problem. However, I use it while running some Web browsers anytime that there is a site that I don’t trust. To make doing that easy I create one shortcut for the browser that just starts normal and another shortcut that runs in the “lock down” mode…that way I don’t always have to receive the pop-up box. I’m sure most of you will shrug it off and say “it’s not worth the hassle” but sometimes I like to have the peace of mind.
Good article.
There is also an alternative method to doing this. If you want your browser to ALWAYS run with the lowered privileges, you can use Local Security Settings in XP Pro. With this method, the process will run with lowered privileges even if it was launched by another process whereas the above method won’t do.
This is really helpful with family or friends who are prone to spyware and are dead set against switching browsers.
Hi..
I stumbled across this thing and (in my opinion) stupidly clicked on it.
To me it is only an irritation.
My friend, .. if you are worried about some silly virus or malware infecting
your ‘puter, then you are scared..!
Don’t feel bad.. I used to be scared also.., but not I AM FEARLESS..!
Restore Points that EVERYONE THINKS PROTECTS them are a FALSE security.
Just today, I “screwed around with my registry…(that’s another story), but I decided… oops maybe I’d be better off to restore things.)
I tried to restore back to last Saturday.. ‘puter said OK .. powered down and pretended to restore.
Then it came back up and said.. “Unable to restore”.
My friend, I’ve been here before… LIKE A FLIP OF A COIN.. WHEN IT WORKS IT IS GREAT AND SIMPLE… but when it doesn’t work?? & if you CAN’T RE-BOOT??
What, short of an ENTIRELY NEW INSTALLATION DO YOU DO?
…I’ll tell U what I do..
I use the FREE VERSION (to old retired people like me & other non-business people)… I backup my system & files with MACRIUM BACKUP (frequently)!
Then I just TURN OFF MY ‘PUTER, & HIT THE POWER BUTTON & CD BUTTON & slap in my Rescue Disk (made with Macrium).. follow the prompts & RESTORE by computer back to where it was BEFORE the problem.
CONTRARY to Restore Points… THIS ALWAYS WORKS!!..
I hope this helps you.. WildWillie