"IE is a Bomb!" <ieisanaccidentthathasalreadyhappened@youhavebeenw arned.org>
wrote in message news:nerf2290o0da9ln5k85eetcrfv7lon6bhm@4ax.com...
The "ONLY intelligent solution" is for user a to run as a limited user (not
administrator or power user) and have a properly configured Internet
Explorer. Then exploits and malware/spyware will have a very difficult time
to run or install on the computer. Firefox is not the solution.

--
William Crawford
MS-MVP Windows Shell/User

What would be handy, following on from that, would be a (one-click) way of
quickly toggle the privilege level of an account between administrator and
'limited' ie without having to plough through the User Accounts menus.

Perhaps someone already knows of a good solution to that.

Jon

"Jon" <Email_Address@SomewhereOrOther.com> wrote in message
news:%23KPMH3cUGHA.4300@TK2MSFTNGP14.phx.gbl...
Creating two accounts, one Admin and one Limited, then utilizing Fast User
Switching, although it takes a few clicks, is a good solution to that.



Regards,

--
Patti MacLeod
Microsoft MVP - Windows Shell/User

Yeah, not bad. I suppose I was thinking of a quick toggle button (perhaps
requiring you to enter a password for security's sake) that you could press
to downgrade your account (eg prior to surfing the net) and upgrade it (eg
prior to installing a new piece of software). Perhaps a good solution would
be to script that "Fast user switching" process, that you mentioned, or
perhaps something via the "net user" command. Something to ponder anyhow.
Thanks.

Jon

"Jon" <Email_Address@SomewhereOrOther.com> wrote in message
news:OSI3fJdUGHA.5372@TK2MSFTNGP09.phx.gbl...
This something I do when I need Admin level privileges when running as a
Limited User is to use the RunAs command. Right-click a program/shortcut and
you should see "Run as..." on the context menu or type "runas /?" in the
command prompt or "runas" in the Help and Support for more information.

--
William Crawford
MS-MVP Windows Shell/User

"WTC" <bcrawfordjr(remove)@hotmail.com> wrote in message
news:ObSPmWdUGHA.2800@TK2MSFTNGP10.phx.gbl...

Just tried creating a shortcut to "User Accounts"
C:\WINDOWS\system32\nusrmgr.cpl

on the desktop, which also allows that "Run as" option you mentioned.

Using that you can toggle the account between a limited and Admininstrator
account, without leaving the account (as I've done previously to change the
account status back to Administrator from limited).

Thanks again.

Jon

WTC (remove) wrote:
what technically are the restrictions on limited users?
"sometimes they can't install programs"?
so, the can run an EXE, but not if the EXE puts files on the drive?
not if the EXE creates a directory?

<q_q_anonymous@yahoo.co.uk> wrote in message
news:1143492316.877738.281180@t31g2000cwb.googlegr oups.com...

Start reading these articles

Applying the Principle of Least Privilege to User Accounts on Windows XP
http://www.microsoft.com/technet/pro.../luawinxp.mspx

Using a Least-Privileged User Account
http://www.microsoft.com/technet/sec.../lpuseacc.mspx

--
William Crawford
MS-MVP Windows Shell/User

WTC wrote:


But as most pre-installed instances of XP come with NO admin password, it
doesn't MATTER whether the user runs as limited or not - with NO admin
password a script can run as admin without the user's knowledge.......

--
Gordon Burgess-Parker
Interim Systems and Management Accounting
www.gbpcomputing.co.uk

WTC wrote:
kind of user who refers to the computer case and its contents as "the
hard drive", and thinks that the browser is Windows and Outlook Express
is 'the email'.

Cheers,

Cliff

"Gordon" <gordon@gbpcomputing.co.uk.invalid> wrote in message
news:s6idnc6MSt8RyrXZnZ2dnUVZ8qGdnZ2d@eclipse.net. uk...

Have you tried this before? The RunAs command or a script will NOT let you
run an account with a Blank (No) password. So your statement is false and
inaccurate.

<error>
RUNAS ERROR: Unable to run - C:\Program Files\Internet Explorer\iexplore.exe
327: Logon failure: user account restriction. Possible reasons are blank
passwords not allowed, logon hour restrictions, or a policy restriction has
been enforced.
</error>

Here is a script to try if you like,

----<Begin Script>-----
set WshShell = CreateObject("WScript.Shell")
WshShell.Run "runas /user:Serdar ""C:\Program Files\Internet
Explorer\IEXPLORE.EXE"""
WScript.Sleep 100
WshShell.Sendkeys "~"

----<End Script>-----

--
William Crawford
MS-MVP Windows Shell/User

WTC wrote:

I'm not talking about using the "runas" command. A malicious script can run
as Admin (ie can actually use administrator privileges) in pre-installed
versions of XP because there is no password protection.

--
Gordon Burgess-Parker
Interim Systems and Management Accounting
www.gbpcomputing.co.uk

"Gordon" <gordon@gbpcomputing.co.uk.invalid> wrote in message
news:VfqdneD-GKUF_rXZRVnytA@eclipse.net.uk...
Show me an example of a script you are talking about, please provide proof.
You have snipped the script that I provided and will NOT run with an Account
that has no password..

--
William Crawford
MS-MVP Windows Shell/User

WTC wrote:

Good thing you wrote very difficult time and not impossible here. I was
running as a non administrator with everything locked down as tight as I
could and mistyped a web site address and ended up on some porn site in
some other language and was infected with spyware before I could close the
browser.

On Mon, 27 Mar 2006 10:25:48 -0800, "WTC"
<bcrawfordjr(remove)@hotmail.com> wrote:

ROFL! You are a dunce. I didn't say that Firefox is the solution! I
said, "Dump IE! It is the ONLY intelligent solution!"

But please, be my guest and continue using IE! Some people have the
compulsion to play with fire, and you must be one of them.

Although I agree with part of your statement (run uses with non-priv
accounts) I beg to differ on the Firefox comment. Firefox is a much better
product and has not had 10% of the security problems IE has. Face it, facts
are facts, regardless of personal feelings....


IM

WTC wrote:

Yup!

IE is a Bomb! wrote:

You have to remember that locking things down is the best you can do. That
does not imply that you are 100% secure. Someday, maybe, Microsoft will
take security seriously...and patch management...maybe I am asking for too
much?

IM


Eugene Nine wrote:

Please understand what is just plainly a fact. As the number of Firefox
users increases so will the number of attacks. Firefox and Opera and so
forth are safer than Internet Explorer only because their use is
limited NOT because the software design is better. I use both Firefox
and Internet Explorer and feel safe with either since I keep everything
updated and in use [speaking of Firewalls, Anti-Virus and Anti-Spyware
programs. What you really illustrate is computer user ignorance and
lack of attention NOT software failure.
If you really want them to be super safe [at least for now], just
switch them over to one of the Linux operating system versions. In
other words, have them avoid Windows and Microsoft all together.
Gene

Please understand what is just plainly a fact. As the number of Firefox
users increases so will the number of attacks. Firefox and Opera and so
forth are safer than Internet Explorer only because their use is
limited NOT because the software design is better. I use both Firefox
and Internet Explorer and feel safe with either since I keep everything
updated and in use [speaking of Firewalls, Anti-Virus and Anti-Spyware
programs. What you really illustrate is computer user ignorance and
lack of attention NOT software failure.
If you really want them to be super safe [at least for now], just
switch them over to one of the Linux operating system versions. In
other words, have them avoid Windows and Microsoft all together.
Gene