Welcome to MSDN Blogs Sign in | Join | Help

Table of contents, Aaron Margosis' non-admin blog

 

The Table of Contents for this blog has been moved here.

 

Published Monday, April 18, 2005 8:19 PM by Aaron Margosis

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# TweakUI

Tuesday, April 19, 2005 2:01 AM by Norwegian
How about doing a piece on using TweakUI as non-admin? I'm getting it to work, but it doesn't save settings when you reboot.

# re: Table of contents, Aaron Margosis' non-admin blog

Tuesday, April 19, 2005 3:06 PM by Aaron Margosis
What TweakUI settings aren't persisting? I haven't seen that problem. Note that some settings are per-user settings. Note that not all per-user settings are accessible to the user (e.g., policy settings).

# re: Table of contents, Aaron Margosis' non-admin blog

Monday, April 25, 2005 7:57 AM by Jonathan
Isn't this supposed to be implemented as post categories, instead of an odd "flashback" post?

# re: Table of contents, Aaron Margosis' non-admin blog

Monday, April 25, 2005 8:15 AM by Aaron Margosis
Jonathan -
Yes, it should, but for whatever reason the new server software doesn't show just titles and abstracts, so the desired view isn't available. Also, this lets me put the items in a more coherent order.
Or maybe it's like when the record label releases a Greatest Hits album, feeling that the band's best days are over - which must mean that the double live album can't be far behind. :-) And in fact, it isn't: I'm presenting "Tips and Tricks for Running Windows with Least Privilege" at Tech*Ed in Orlando (June) and Amsterdam (July). BTW, G. Andrew Duthie will be presenting the "Part II" of this topic in Orlando at least: "Developing With Least Privilege". I highly recommend that all devs and dev managers (at least) attend his session.

# How to secure the Administrator account access to your environment

Friday, June 24, 2005 1:15 PM by Steve Lamb's Blog
The Administrator Accounts Security Planning Guide has recently been posted to TechNet and hence...

# How to add printers as a Print Operator

Tuesday, July 12, 2005 2:13 AM by Alex
Last week at TechEd I mentioned to you an article I read about adding printer drivers as a non-admin. I thought it concerned members of the Users group, but this article describes how to give Print Operators the ability to add printer drivers. It’s by Kathy Ivens in the April 2004 issue of WindowsITPro. Look at tip 2 in http://www.windowsitpro.com/Article/ArticleID/42282/42282.html?Ad=1 I hope it’s of use to you.

# Running Thunderbird as Non-Admin

Monday, July 18, 2005 10:28 AM by John Watson

# A Beginning with LUA

Thursday, August 11, 2005 1:21 AM by Listen...You Smell Something?
About a year ago I was reading something (blog, article, billboard, I
don't know what) that was talking...

# Genuine Windows Validation fails for non-admin

Saturday, August 13, 2005 2:59 AM by Michael
SyncToy v1 Beta sounds pretty cool. To obtain the download, however, I need to validate Windows. The ActiveX required for the standard method fails silently after installation. I don't know but I guess the installation itself fails silently.

The alternate Method also fails: The Validation Tool runs fine and returns some code. In the next window, I have to press continue (whatever sense this additional information makes). Then, another ActiveX-warning appears and on validate now, an hta-application is loaded which also fails, recommending that I contant my reseller.

When I run MSIE as Admin, everything works fine.

Does Microsoft encourage non-admin usage of windows? Obviously not.

Michael

# Running Thunderbird as Non-Admin

Thursday, August 18, 2005 1:08 PM by John Watson

# Working without Admin rights

Saturday, August 20, 2005 9:37 PM by Listen...You Smell Something?
In my previous post
I talked about how I started to work with a Limited User Account (LUA).
I've found...

# Working without Admin rights

Saturday, August 20, 2005 9:45 PM by Listen...You Smell Something?
In my previous post I talked about how I started to work with a Limited User Account (LUA). I've found that as long as you have a couple of tools and a good idea of what is going on working without Administrative rights is not too bad. There are times that you need Administrative rights to get things done though.

# re: Table of contents, Aaron Margosis' non-admin blog

Wednesday, August 24, 2005 8:23 PM by John Galt
An excellent set of articles there, Aaron. Kudos to you on the hard work and preparation.

@Michael
re: Genuine Windows Validation fails for non-admin

Did you try running the tool using run-as?

# re: Table of contents, Aaron Margosis' non-admin blog

Tuesday, August 30, 2005 10:37 PM by Layth
Hello Aaron
Can i use the privbar on SQL enterpris manager or query analyzer ???

thanks

Layth Shasha
layth.shasha@nzdf.co.nz

# re: Table of contents, Aaron Margosis' non-admin blog

Tuesday, September 06, 2005 11:00 AM by Aaron Margosis
Layth -
No - PrivBar extends only the Explorer/IE shell. I've considered writing something to modify the title bars of other apps, but there is a much greater risk involved, since it would involve injecting code into every process on the desktop.

# How to establish a Quarantine VPN connection using Least Privilege on Windows XP

Monday, March 06, 2006 2:17 PM by Steve Lamb's Blog
Those of you who are taking advantage of the Remote Access Quarantine feature of Windows Server...

# How to recover from Malware infestation? How to avoid getting malware in the first place

Monday, April 10, 2006 12:32 PM by Steve Lamb's Blog
I encourage customers to architect machines such that data is stored in a separate partition of the hard...

# How to mitigate the threat posed by malware and how Windows Vista will help in the long run

Thursday, April 13, 2006 12:20 PM by Steve Lamb's Blog
Many of us are concerned about the ever increasing threat to information security and business continuity...

# "How do I turn off that annoying User Account Control?"

Tuesday, June 27, 2006 1:29 AM by UACBlog
Are you thinking of turning off UAC?  Before you do...

# UAP is blocking my ASP application

Thursday, July 06, 2006 7:56 AM by John
Hi,

I have an ASP (not an ASP.NET) application accessing Sql Server 2005 database installed in Vista Beta 2 (Build : 5384). I am unable to access my application in server. UAP is blocking my application. I dont want to change system level UAP configuration using msconfig or secpol.msc.
Can any one suggest me some idea to change application level UAP configuration, so that I can access by ASP application.

Thanks in Advance.

-John-

# re: Table of contents, Aaron Margosis' non-admin blog

Saturday, October 28, 2006 11:08 AM by Brian Hickman

Aaron,  love your site and info.  you talk about the things desktop admins should know from day one and most don't know at all.

i have a question and was wondering if you could point me in the right direction.

in our environment (1400 locked down workstations, with gpo policies and a security template applied) we are having an issue with the xp sp2 upgrade.

everything is fine until the user logs in after the upgrade.

rundll32 runs calling an inf for mediaplayer customization.  it wants to write a key to hkcu\software\classes.

i get the advanced inf install error.

is there something simple i can do to fix this.

i have been trying logon scripts running subinacle to set elevated rights but it just isnt working.

why is mediaplayer wanting to write to this key?  you would think they would know about lua bugs more then anyone.

the key it tries to create is:

Software\Microsoft\MediaPlayer\Preferences: AcceptedPrivacyStatement=1

thats my story and i am sticking to it.

# re: Table of contents, Aaron Margosis' non-admin blog

Saturday, October 28, 2006 2:00 PM by Brian Hickman

looks like this is running and causing my issues as a locked down user:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\StubPath

with a value of:

rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

thinking about just moving or deleting this key/value.

bh

# Living without antivirus software

Friday, January 12, 2007 12:31 AM by Exodus Development

Ok, I'll admit it. I've been living dangerously for the last several years.

Simply put, I refuse to install any kind of antivirus or personal firewall software on any of my systems. This includes a Windows XP Home system that was used by my children as

# Applying Mitigations for UAC Issues (LUA Bugs) on Windows Vista with Standard User Analyzer

Wednesday, January 31, 2007 1:00 AM by Evolving the Software Organism

The story is all too familiar. Developing software as a standard user on your computer can be challenging

# Deploying and managing FireFox centrally

Thursday, February 15, 2007 1:42 PM by The things that are better left unspoken

As an IT Professional you might get the question to deploy Mozilla's FireFox browser on the workstations

# Mission...not impossible...

Tuesday, June 19, 2007 11:34 PM by E-Bitz - SBS MVP the Official Blog of the SBS "Diva"

<duh duh da da duh duh music playing in the background> Your job, Mr. Phelps is to devise a way

# And so this is Vista…

Friday, June 29, 2007 11:38 PM by Aaron Margosis' "Non-Admin" WebLog

What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs, MakeMeAdmin, PrivBar and their interactions with IE and Explorer? The short answer is that Vista changes just about everything with respect to running with least

# Burning DVDs

Monday, August 06, 2007 4:18 PM by Mike

What registry fix would be available to allow non-admins the ability to burn DVDs without installing Nero BurnRights?

# FAQ: Why can’t I bypass the UAC prompt?

Thursday, August 09, 2007 11:59 PM by Windows Vista Security

Why Vista is better off without setuid or sudo.

# re: Table of contents, Aaron Margosis' non-admin blog

Sunday, December 30, 2007 6:02 AM by Frank

Hi Aaron,

I recently downloaded Explorer 7.0 and an having problems, I am using a dial-up connection, Windows Xp Sp-2 348mz & 384 ram, the problem is that after downloading Exp.7.0 my system acts sluggish. Takes forever to connect to a website, and just locks up sometimes, must use Esc. to regain control, the computer is protected McAfee security center against viris's and such.

Is there any way that I could return to Exp.6.0, as I feel this rig is not up to date enought to use 7.0.

Thanks,

Frank

# re: Table of contents, Aaron Margosis' non-admin blog

Saturday, April 19, 2008 2:20 PM by Jerry

This site and the one I found that led me here,  http://homepage.mac.com/corrp/windows/LUA/setup.html, is something I've been looking for for several years, i.e. post Win XP inception.

I have attempted to modify permissions because of the problem with a lot of my applications, that are pre Win XP, running under a limited user. My success has been limited.

I am concerned that I may have compromised my limited user account. I have located several sites that supposedly return permissions to the original settings. I hope that this site will help me in that endeavor.

Thanks in advance,

Jerry Clasby

# I NEED HELP

Tuesday, June 10, 2008 5:57 PM by Shirley

I have no idea how I came across you, but you sound very intelligent, so maybe you can help me.

We have a D-link Extreme N router in the den with the main computer. I installed the d-link DWA-552 Desktop Adapter into my computer. The problem sometimes it works a little sometimes it doesn't work at all. And, this is weird-It seems like when its trying not to work that my mouse hangs up and won't hardly work.

Do you have any idea what I could be doing wrong. It is Windows XP with service pack 2. thank you factnurse@hotmail.com

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker