Table of contents, Aaron Margosis' non-admin blog

TweakUI

Norwegian — Tue, 19 Apr 2005 09:01:26 GMT

How about doing a piece on using TweakUI as non-admin? I'm getting it to work, but it doesn't save settings when you reboot.

re: Table of contents, Aaron Margosis' non-admin blog

Aaron Margosis — Tue, 19 Apr 2005 22:06:09 GMT

What TweakUI settings aren't persisting? I haven't seen that problem. Note that some settings are per-user settings. Note that not all per-user settings are accessible to the user (e.g., policy settings).

re: Table of contents, Aaron Margosis' non-admin blog

Jonathan — Mon, 25 Apr 2005 14:57:05 GMT

Isn't this supposed to be implemented as post categories, instead of an odd "flashback" post?

re: Table of contents, Aaron Margosis' non-admin blog

Aaron Margosis — Mon, 25 Apr 2005 15:15:57 GMT

Jonathan -
Yes, it should, but for whatever reason the new server software doesn't show just titles and abstracts, so the desired view isn't available. Also, this lets me put the items in a more coherent order.
Or maybe it's like when the record label releases a Greatest Hits album, feeling that the band's best days are over - which must mean that the double live album can't be far behind. :-) And in fact, it isn't: I'm presenting "Tips and Tricks for Running Windows with Least Privilege" at Tech*Ed in Orlando (June) and Amsterdam (July). BTW, G. Andrew Duthie will be presenting the "Part II" of this topic in Orlando at least: "Developing With Least Privilege". I highly recommend that all devs and dev managers (at least) attend his session.

How to secure the Administrator account access to your environment

Steve Lamb's Blog — Fri, 24 Jun 2005 20:15:20 GMT

The Administrator Accounts Security Planning Guide&nbsp;has recently been posted to TechNet and hence...

How to add printers as a Print Operator

Alex — Tue, 12 Jul 2005 09:13:14 GMT

Last week at TechEd I mentioned to you an article I read about adding printer drivers as a non-admin. I thought it concerned members of the Users group, but this article describes how to give Print Operators the ability to add printer drivers. It’s by Kathy Ivens in the April 2004 issue of WindowsITPro. Look at tip 2 in http://www.windowsitpro.com/Article/ArticleID/42282/42282.html?Ad=1 I hope it’s of use to you.

Running Thunderbird as Non-Admin

John Watson — Mon, 18 Jul 2005 17:28:16 GMT

A Beginning with LUA

Listen...You Smell Something? — Thu, 11 Aug 2005 08:21:59 GMT

About a year ago I was reading something (blog, article, billboard, I
don't know what) that was talking...

Genuine Windows Validation fails for non-admin

Michael — Sat, 13 Aug 2005 09:59:42 GMT

SyncToy v1 Beta sounds pretty cool. To obtain the download, however, I need to validate Windows. The ActiveX required for the standard method fails silently after installation. I don't know but I guess the installation itself fails silently.

The alternate Method also fails: The Validation Tool runs fine and returns some code. In the next window, I have to press continue (whatever sense this additional information makes). Then, another ActiveX-warning appears and on validate now, an hta-application is loaded which also fails, recommending that I contant my reseller.

When I run MSIE as Admin, everything works fine.

Does Microsoft encourage non-admin usage of windows? Obviously not.

Michael

Running Thunderbird as Non-Admin

John Watson — Thu, 18 Aug 2005 20:08:07 GMT

Working without Admin rights

Listen...You Smell Something? — Sun, 21 Aug 2005 04:37:40 GMT

In my previous post
I talked about how I started to work with a Limited User Account (LUA).
I've found...

Working without Admin rights

Listen...You Smell Something? — Sun, 21 Aug 2005 04:45:05 GMT

In my previous post I talked about how I started to work with a Limited User Account (LUA). I've found that as long as you have a couple of tools and a good idea of what is going on working without Administrative rights is not too bad. There are times that you need Administrative rights to get things done though.

re: Table of contents, Aaron Margosis' non-admin blog

John Galt — Thu, 25 Aug 2005 03:23:17 GMT

An excellent set of articles there, Aaron. Kudos to you on the hard work and preparation.

@Michael
re: Genuine Windows Validation fails for non-admin

Did you try running the tool using run-as?

re: Table of contents, Aaron Margosis' non-admin blog

Layth — Wed, 31 Aug 2005 05:37:22 GMT

Hello Aaron
Can i use the privbar on SQL enterpris manager or query analyzer ???

thanks

Layth Shasha
layth.shasha@nzdf.co.nz

re: Table of contents, Aaron Margosis' non-admin blog

Aaron Margosis — Tue, 06 Sep 2005 18:00:20 GMT

Layth -
No - PrivBar extends only the Explorer/IE shell. I've considered writing something to modify the title bars of other apps, but there is a much greater risk involved, since it would involve injecting code into every process on the desktop.

How to establish a Quarantine VPN connection using Least Privilege on Windows XP

Steve Lamb's Blog — Mon, 06 Mar 2006 22:17:52 GMT

Those of you who are taking advantage of the&nbsp;Remote Access&nbsp;Quarantine feature of Windows Server...

How to recover from Malware infestation? How to avoid getting malware in the first place

Steve Lamb's Blog — Mon, 10 Apr 2006 19:32:13 GMT

I encourage customers to architect machines such that data is stored in a separate partition of the hard...

How to mitigate the threat posed by malware and how Windows Vista will help in the long run

Steve Lamb's Blog — Thu, 13 Apr 2006 19:20:08 GMT

Many of us are concerned about the ever increasing threat to information security and business continuity...

"How do I turn off that annoying User Account Control?"

UACBlog — Tue, 27 Jun 2006 08:29:00 GMT

Are you thinking of turning off UAC? Before you do...

UAP is blocking my ASP application

John — Thu, 06 Jul 2006 14:56:35 GMT

Hi,

I have an ASP (not an ASP.NET) application accessing Sql Server 2005 database installed in Vista Beta 2 (Build : 5384). I am unable to access my application in server. UAP is blocking my application. I dont want to change system level UAP configuration using msconfig or secpol.msc.
Can any one suggest me some idea to change application level UAP configuration, so that I can access by ASP application.

Thanks in Advance.

-John-

re: Table of contents, Aaron Margosis' non-admin blog

Brian Hickman — Sat, 28 Oct 2006 18:08:36 GMT

Aaron, love your site and info. you talk about the things desktop admins should know from day one and most don't know at all.

i have a question and was wondering if you could point me in the right direction.

in our environment (1400 locked down workstations, with gpo policies and a security template applied) we are having an issue with the xp sp2 upgrade.

everything is fine until the user logs in after the upgrade.

rundll32 runs calling an inf for mediaplayer customization. it wants to write a key to hkcu\software\classes.

i get the advanced inf install error.

is there something simple i can do to fix this.

i have been trying logon scripts running subinacle to set elevated rights but it just isnt working.

why is mediaplayer wanting to write to this key? you would think they would know about lua bugs more then anyone.

the key it tries to create is:

Software\Microsoft\MediaPlayer\Preferences: AcceptedPrivacyStatement=1

thats my story and i am sticking to it.

re: Table of contents, Aaron Margosis' non-admin blog

Brian Hickman — Sat, 28 Oct 2006 21:00:56 GMT

looks like this is running and causing my issues as a locked down user:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\StubPath

with a value of:

rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

thinking about just moving or deleting this key/value.

Living without antivirus software

Exodus Development — Fri, 12 Jan 2007 08:31:37 GMT

Ok, I'll admit it. I've been living dangerously for the last several years.

Simply put, I refuse to install any kind of antivirus or personal firewall software on any of my systems. This includes a Windows XP Home system that was used by my children as

Applying Mitigations for UAC Issues (LUA Bugs) on Windows Vista with Standard User Analyzer

Evolving the Software Organism — Wed, 31 Jan 2007 09:00:06 GMT

The story is all too familiar. Developing software as a standard user on your computer can be challenging

Deploying and managing FireFox centrally

The things that are better left unspoken — Thu, 15 Feb 2007 21:42:50 GMT

As an IT Professional you might get the question to deploy Mozilla's FireFox browser on the workstations

Mission...not impossible...

E-Bitz - SBS MVP the Official Blog of the SBS "Diva" — Wed, 20 Jun 2007 06:34:11 GMT

<duh duh da da duh duh music playing in the background> Your job, Mr. Phelps is to devise a way

And so this is Vista…

Aaron Margosis' "Non-Admin" WebLog — Sat, 30 Jun 2007 06:38:06 GMT

What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs, MakeMeAdmin, PrivBar and their interactions with IE and Explorer? The short answer is that Vista changes just about everything with respect to running with least

Burning DVDs

Mike — Mon, 06 Aug 2007 23:18:33 GMT

What registry fix would be available to allow non-admins the ability to burn DVDs without installing Nero BurnRights?

FAQ: Why can’t I bypass the UAC prompt?

Windows Vista Security — Fri, 10 Aug 2007 06:59:30 GMT

Why Vista is better off without setuid or sudo.

re: Table of contents, Aaron Margosis' non-admin blog

Frank — Sun, 30 Dec 2007 14:02:21 GMT

Hi Aaron,

I recently downloaded Explorer 7.0 and an having problems, I am using a dial-up connection, Windows Xp Sp-2 348mz & 384 ram, the problem is that after downloading Exp.7.0 my system acts sluggish. Takes forever to connect to a website, and just locks up sometimes, must use Esc. to regain control, the computer is protected McAfee security center against viris's and such.

Is there any way that I could return to Exp.6.0, as I feel this rig is not up to date enought to use 7.0.

Thanks,

Frank

re: Table of contents, Aaron Margosis' non-admin blog

Jerry — Sat, 19 Apr 2008 21:20:44 GMT

This site and the one I found that led me here, http://homepage.mac.com/corrp/windows/LUA/setup.html, is something I've been looking for for several years, i.e. post Win XP inception.

I have attempted to modify permissions because of the problem with a lot of my applications, that are pre Win XP, running under a limited user. My success has been limited.

I am concerned that I may have compromised my limited user account. I have located several sites that supposedly return permissions to the original settings. I hope that this site will help me in that endeavor.

Thanks in advance,

Jerry Clasby

I NEED HELP

Shirley — Wed, 11 Jun 2008 00:57:53 GMT

I have no idea how I came across you, but you sound very intelligent, so maybe you can help me.

We have a D-link Extreme N router in the den with the main computer. I installed the d-link DWA-552 Desktop Adapter into my computer. The problem sometimes it works a little sometimes it doesn't work at all. And, this is weird-It seems like when its trying not to work that my mouse hangs up and won't hardly work.

Do you have any idea what I could be doing wrong. It is Windows XP with service pack 2. thank you factnurse@hotmail.com

Table of contents, Aaron Margosis' non-admin blog

TweakUI

re: Table of contents, Aaron Margosis' non-admin blog

re: Table of contents, Aaron Margosis' non-admin blog

re: Table of contents, Aaron Margosis' non-admin blog

How to secure the Administrator account access to your environment

How to add printers as a Print Operator

Running Thunderbird as Non-Admin

A Beginning with LUA

Genuine Windows Validation fails for non-admin

Running Thunderbird as Non-Admin

Working without Admin rights

Working without Admin rights

re: Table of contents, Aaron Margosis' non-admin blog

re: Table of contents, Aaron Margosis' non-admin blog

re: Table of contents, Aaron Margosis' non-admin blog

How to establish a Quarantine VPN connection using Least Privilege on Windows XP

How to recover from Malware infestation? How to avoid getting malware in the first place

How to mitigate the threat posed by malware and how Windows Vista will help in the long run

&quot;How do I turn off that annoying User Account Control?&quot;

UAP is blocking my ASP application

re: Table of contents, Aaron Margosis' non-admin blog

re: Table of contents, Aaron Margosis' non-admin blog

Living without antivirus software

Applying Mitigations for UAC Issues (LUA Bugs) on Windows Vista with Standard User Analyzer

Deploying and managing FireFox centrally

Mission...not impossible...

And so this is Vista…

Burning DVDs

FAQ: Why can’t I bypass the UAC prompt?

re: Table of contents, Aaron Margosis' non-admin blog

re: Table of contents, Aaron Margosis' non-admin blog

I NEED HELP

"How do I turn off that annoying User Account Control?"