The "why" posts:
Not running as admin... http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157866.aspx Why you shouldn't run as admin... http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157962.aspx "Zero-day" attacks and using limited privilege Expect to see more malware predating the patches - and how you can protect yourself. (Or, "Why you shouldn't run as admin, Part 2")http://blogs.msdn.com/aaron_margosis/archive/2004/06/25/166039.aspx Anti-virus vs. Non-Admin Should you run as admin only because your anti-virus wants you to?http://blogs.msdn.com/aaron_margosis/archive/2006/06/02/614226.aspx
Not running as admin...
http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157866.aspx
Why you shouldn't run as admin...
http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157962.aspx
"Zero-day" attacks and using limited privilege
Expect to see more malware predating the patches - and how you can protect yourself. (Or, "Why you shouldn't run as admin, Part 2")http://blogs.msdn.com/aaron_margosis/archive/2004/06/25/166039.aspx
Anti-virus vs. Non-Admin
Should you run as admin only because your anti-virus wants you to?http://blogs.msdn.com/aaron_margosis/archive/2006/06/02/614226.aspx
The "Running as Admin Only When Required" Posts:
The easiest way to run as non-admin This is the really important one for your non-techie friends and relatives ...http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/158806.aspx "RunAs" basic (and intermediate) topics A whole lot of detail about how to use "RunAs" to run programs under a different account.http://blogs.msdn.com/aaron_margosis/archive/2004/06/23/163229.aspx RunAs with Explorer How to get Windows Explorer to work with RunAs (and why you might want to).http://blogs.msdn.com/aaron_margosis/archive/2004/07/07/175488.aspx MakeMeAdmin -- temporary admin for your Limited User account How to quickly and temporarily give your non-admin account administrator privileges, without having to log out.http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx MakeMeAdmin follow-up MakeMeAdmin script updates, and a security setting you should changehttp://blogs.msdn.com/aaron_margosis/archive/2005/03/11/394244.aspx PrivBar -- An IE/Explorer toolbar to show current privilege level A toolbar for Explorer and Internet Explorer that shows you broadly at what privilege level that particular instance is runninghttp://blogs.msdn.com/aaron_margosis/archive/2004/07/24/195350.aspx PrivBar Source Code (finally)http://blogs.msdn.com/aaron_margosis/archive/2005/10/13/480901.aspx The Return of PrivBar (x86 and x64)http://blogs.msdn.com/aaron_margosis/archive/2008/08/15/the-return-of-privbar-x86-and-x64.aspx Setting color for *all* CMD shells based on admin/elevation status How to automatically set the color and title of *all* CMD shells based on admin/elevation status with a one-time, one-line configuration change to your system.http://blogs.msdn.com/aaron_margosis/archive/2007/02/22/setting-color-for-all-cmd-shells-based-on-admin-elevation-status.aspx Follow-up Post, including coverage of PowerShell:http://blogs.msdn.com/aaron_margosis/archive/2007/06/27/follow-up-on-setting-color-for-all-cmd-shells-based-on-admin-elevation-status.aspx Running restricted -- What does the "protect my computer" option mean? What does it mean to "Run as current user" with the option to "Protect my computer and data from unauthorized program activity"?http://blogs.msdn.com/aaron_margosis/archive/2004/09/10/227727.aspx Ctrl-C doesn't work in RUNAS or MakeMeAdmin command shells http://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370266.aspx
The easiest way to run as non-admin
This is the really important one for your non-techie friends and relatives ...http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/158806.aspx
"RunAs" basic (and intermediate) topics
A whole lot of detail about how to use "RunAs" to run programs under a different account.http://blogs.msdn.com/aaron_margosis/archive/2004/06/23/163229.aspx
RunAs with Explorer
How to get Windows Explorer to work with RunAs (and why you might want to).http://blogs.msdn.com/aaron_margosis/archive/2004/07/07/175488.aspx
MakeMeAdmin -- temporary admin for your Limited User account
How to quickly and temporarily give your non-admin account administrator privileges, without having to log out.http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx
MakeMeAdmin follow-up
MakeMeAdmin script updates, and a security setting you should changehttp://blogs.msdn.com/aaron_margosis/archive/2005/03/11/394244.aspx
PrivBar -- An IE/Explorer toolbar to show current privilege level
A toolbar for Explorer and Internet Explorer that shows you broadly at what privilege level that particular instance is runninghttp://blogs.msdn.com/aaron_margosis/archive/2004/07/24/195350.aspx PrivBar Source Code (finally)http://blogs.msdn.com/aaron_margosis/archive/2005/10/13/480901.aspx The Return of PrivBar (x86 and x64)http://blogs.msdn.com/aaron_margosis/archive/2008/08/15/the-return-of-privbar-x86-and-x64.aspx
A toolbar for Explorer and Internet Explorer that shows you broadly at what privilege level that particular instance is runninghttp://blogs.msdn.com/aaron_margosis/archive/2004/07/24/195350.aspx
PrivBar Source Code (finally)http://blogs.msdn.com/aaron_margosis/archive/2005/10/13/480901.aspx
The Return of PrivBar (x86 and x64)http://blogs.msdn.com/aaron_margosis/archive/2008/08/15/the-return-of-privbar-x86-and-x64.aspx
Setting color for *all* CMD shells based on admin/elevation status
How to automatically set the color and title of *all* CMD shells based on admin/elevation status with a one-time, one-line configuration change to your system.http://blogs.msdn.com/aaron_margosis/archive/2007/02/22/setting-color-for-all-cmd-shells-based-on-admin-elevation-status.aspx Follow-up Post, including coverage of PowerShell:http://blogs.msdn.com/aaron_margosis/archive/2007/06/27/follow-up-on-setting-color-for-all-cmd-shells-based-on-admin-elevation-status.aspx
How to automatically set the color and title of *all* CMD shells based on admin/elevation status with a one-time, one-line configuration change to your system.http://blogs.msdn.com/aaron_margosis/archive/2007/02/22/setting-color-for-all-cmd-shells-based-on-admin-elevation-status.aspx
Follow-up Post, including coverage of PowerShell:http://blogs.msdn.com/aaron_margosis/archive/2007/06/27/follow-up-on-setting-color-for-all-cmd-shells-based-on-admin-elevation-status.aspx
Running restricted -- What does the "protect my computer" option mean?
What does it mean to "Run as current user" with the option to "Protect my computer and data from unauthorized program activity"?http://blogs.msdn.com/aaron_margosis/archive/2004/09/10/227727.aspx
Ctrl-C doesn't work in RUNAS or MakeMeAdmin command shells
http://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370266.aspx
The "Not Running as Admin At All" Posts:
Fixing LUA Bugs...
What is a "LUA Bug"? (And what isn't a LUA Bug?)
Not every "access denied" indicates a LUA bug! http://blogs.msdn.com/aaron_margosis/archive/2006/02/06/525455.aspx
Fixing "LUA bugs", Part I
A systematic approach for working around LUA bugs that avoids unnecessary exposure http://blogs.msdn.com/aaron_margosis/archive/2006/02/16/533077.aspx
Fixing "LUA bugs", Part II
A systematic approach for working around LUA bugs that avoids unnecessary exposure - the "rest of the story"http://blogs.msdn.com/aaron_margosis/archive/2006/03/27/562091.aspx
Changing Access Control on Folders vs. Files
More info on the risks of changing access control lists to fix LUA bugs.http://blogs.msdn.com/aaron_margosis/archive/2006/06/19/638148.aspx
Identifying LUA Bugs...
LUA Buglight 2.0, Second Preview
Latest version of the LUA-bug identification tool...http://blogs.msdn.com/aaron_margosis/archive/2008/11/06/lua-buglight-2-0-second-preview.aspx
LUA-bug demo app
A simple VB6 app for testing LUA-bug identification and remediation tools and techniqueshttp://blogs.msdn.com/aaron_margosis/archive/2008/11/07/lua-bug-demo-app.aspx
LUA Buglight public [pre]-release
"Why does Application XYZ need to run as admin?"http://blogs.msdn.com/aaron_margosis/archive/2006/08/07/LuaBuglight.aspx
LUA Buglight MSDN Webcast
LiveMeeting talk/demo of LUA Buglighthttp://blogs.msdn.com/aaron_margosis/archive/2006/10/10/MSDN-webcast_3A00_--LUA-Buglight-.aspx
LUA Buglight updated information
Updated information about LUA Buglight.http://blogs.msdn.com/aaron_margosis/archive/2007/02/15/lua-buglight-updated-information.aspx
http://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370264.aspx
Managing Power Options as a non-administrator
http://blogs.msdn.com/aaron_margosis/archive/2005/02/09/370263.aspx
Changing the system date, time and/or time zone
Addressing one of the most common complaints about running as non-adminhttp://blogs.msdn.com/aaron_margosis/archive/2005/02/11/371474.aspx
How to allow users to manage file and print shares without granting other advanced privileges
http://blogs.msdn.com/aaron_margosis/archive/2005/04/18/409105.aspx
Workaround for Shutdown.exe LUA bug
http://blogs.msdn.com/aaron_margosis/archive/2006/01/27/518214.aspx
Vista Topics:
And so this is Vista... What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs, MakeMeAdmin, PrivBar and their interactions with IE and Explorer? The short answer is that Vista changes just about everything with respect to running with least privilege.http://blogs.msdn.com/aaron_margosis/archive/2007/06/28/and-so-this-is-vista.aspx FAQ: Why can't I bypass the UAC prompt? Why Vista is better off without setuid or sudo.http://blogs.msdn.com/aaron_margosis/archive/2007/06/29/faq-why-can-t-i-bypass-the-uac-prompt.aspx Scripting elevation on Vista Since RunAs.exe won't run a program elevated, is there a way to trigger an elevation prompt from a script?http://blogs.msdn.com/aaron_margosis/archive/2007/07/01/scripting-elevation-on-vista.aspx
And so this is Vista...
What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs, MakeMeAdmin, PrivBar and their interactions with IE and Explorer? The short answer is that Vista changes just about everything with respect to running with least privilege.http://blogs.msdn.com/aaron_margosis/archive/2007/06/28/and-so-this-is-vista.aspx
FAQ: Why can't I bypass the UAC prompt?
Why Vista is better off without setuid or sudo.http://blogs.msdn.com/aaron_margosis/archive/2007/06/29/faq-why-can-t-i-bypass-the-uac-prompt.aspx
Scripting elevation on Vista
Since RunAs.exe won't run a program elevated, is there a way to trigger an elevation prompt from a script?http://blogs.msdn.com/aaron_margosis/archive/2007/07/01/scripting-elevation-on-vista.aspx