posted on Monday, November 22, 2004 3:02 PM
by
demiliani
Browsing the Web and Reading E-mail Safely as an Administrator
Michael Howard has recently written an article on MSDN about "Browsing the Web and Reading E-mail Safely as an Administrator".
In this article Michael explains the danger that you're exposed to when you are running all your applications with administrator privileges. He has also written a great little application called DropMyRights that helps users who must run as an administrator to run applications in a much safer context (that of a non-administrator). It does this by taking the current user's token, removing various privileges and SIDs from the token, and then using that token to start another process, such as Internet Explorer or Outlook. This tool works just as well with Mozilla's Firefox too.
If you type something like this:
dropmyrights.exe "c:\program files\internet explorer\iexplore.exe"
you will be able to have the admin privileges of your machine but you can run Internet Explorer with non-admin privileges.
An interesting tool to download and install in offices or similar... 