Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog

The Non-Admin blog - running with least privilege on the desktop... and then dealing with the application compatibility fallout... and using Sysinternals and other utilities to figure things out

Browse by Tags

Tagged Content List
  • Blog Post: PrivBar Update

    PrivBar is a toolbar I first published over seven years ago (!) for Internet Explorer and Windows Explorer. I updated it three years ago to add support for x64. Today I am updating it to offer better support for Vista and Windows 7 and the corresponding Server versions. Specifically, instead of showing...
  • Blog Post: LUA Buglight 2.1.1 with support for Win7/2008R2 SP1

    LUA Buglight 2.1.1 is was attached to this blog post and replaces v2.1. It adds support for Windows 7 SP1 and Windows Server 2008 R2 SP1. It also fixes a localization bug. Now that I've (pretty much) finished work on the Windows Sysinternals Administrators Reference , maybe I can find time to write...
  • Blog Post: LUA Buglight tips: opening a report file

    I wish I had the time to write up proper documentation for LUA Buglight , the utility I wrote that identifies admin-rights issues in desktop applications. LUA Buglight is one of many "spare time" projects I work on, and for the past year and a half or so, it, like pretty much all my other "spare time...
  • Blog Post: LUA Buglight 2.1 released

    LUA Buglight 2.1, identifies admin-permissions issues ("LUA bugs") in desktop applications. New version supports Windows 7 (x86 and x64), Vista (x86 and x64), XP (x86 only) and corresponding Server OSes. The download and more information is on this page: http://blogs.msdn.com/aaron_margosis/pages...
  • Blog Post: LUA Buglight

    LUA Buglight 2.1 is here. LUA Buglight identifies admin-permissions issues ("LUA bugs") in desktop applications. I've made a lot of changes to LUA Buglight since the last "2.0 Preview" that I posted, so the version number has been bumped up: Support for Windows 7, Vista and XP, and corresponding...
  • Blog Post: The Return of PrivBar (x86 and x64)

    I recently switched internet service providers, not realizing when I did that PrivBar and MakeMeAdmin would suddenly disappear from the internet when they un-provisioned my space on their servers. Oops. To try to compensate you for the inconvenience, PrivBar is now available once again, now in x86...
  • Blog Post: Scripting Elevation on Vista

    [Added 2007-07-02, 16:41 Eastern Time: I was thoroughly and inexcusably remiss in failing to include a reference to Michael Murgolo's excellent TechNet Magazine article, Script Elevation PowerToys for Windows Vista . I'm rectifying that now.] As I mentioned recently , although the RunAs.exe console...
  • Blog Post: FAQ: Why can’t I bypass the UAC prompt?

    The frequently asked question, "Why can't I bypass the UAC prompt?" is often accompanied by statements like one or more of the following: "We want our application to run elevated automatically without prompting the user." "I don't get why I can't authorize an application ONCE and be done with...
  • Blog Post: And so this is Vista…

    What becomes of all my earlier non-admin tips, tricks and recommendations vis-à-vis RunAs , MakeMeAdmin , PrivBar and their interactions with IE and Explorer ? The short answer is that Vista changes just about everything with respect to running with least privilege. Windows Vista makes running as...
  • Blog Post: Follow-up on "Setting color for *all* CMD shells based on admin/elevation status"

    [Updated, 2007-06-27] This is the (overdue) follow-up to my earlier blog post about setting the color and title of all CMD windows based on the admin/elevation status of that window. First of all, as some commenters noted -- and as I had discovered as well -- having the COLOR command run in the...
  • Blog Post: Setting color for *all* CMD shells based on admin/elevation status

    In my RunAs... and MakeMeAdmin posts, I recommend making your admin command shells visually different to set them apart from non-admin ones. You can change the default console window color on a per-account basis, but that doesn't help when the same account may be used in both admin and non-admin contexts...
  • Blog Post: LUA Buglight updated information

    I've meant to provide more info and follow-up regarding LUA Buglight , the tool I wrote to help identify "LUA bugs". "LUA bugs" are the issues that cause a program to work only when run as admin (elevated). Here are some quick notes... 1. Internationalization: there is an issue when LUA Buglight...
  • Blog Post: MSDN webcast: LUA Buglight

    I'll be presenting an MSDN webcast and demoing LUA Buglight next Tuesday, October 17, 2006, 11:00am US Pacific time. Click here for more information and to register. Make sure to install the Microsoft LiveMeeting client prior to showtime. [Update, 18 Oct 2006] The webcast is now available for on...
  • Blog Post: LUA Buglight public [pre]-release

    LUA Buglight ™ is a tool I've been working on that is designed to help both developers and IT Pros (sysadmins) identify the specific causes of "LUA bugs" in desktop applications running on Windows XP, Windows Server 2003, or Windows Vista. Once the specific causes have been identified, the bugs...
  • Blog Post: "Problems of Privilege: Find and Fix LUA Bugs" in TechNet Magazine

    My ramblings have now been published in a more reputable venue than blogs.msdn.com. Pick up the August 2006 issue of TechNet Magazine, or see it here on the web: Problems of Privilege: Find and Fix LUA Bugs BTW, in the US you can subscribe to TechNet Magazine for free: http://www.microsoft.com...
  • Blog Post: Changing access control on folders vs. files

    This post is the fourth installment in the "Fixing LUA Bugs" series. Before reading this, you should read: What is a "LUA Bug"? (And what isn't a LUA Bug?) Fixing "LUA bugs", Part I Fixing "LUA bugs", Part II A fairly common LUA bug scenario is the application that creates and...
  • Blog Post: Anti-virus vs. Non-Admin

    This may be controversial, but I truly believe it and I'll say it: With today's threat landscape and the way malware works today, you are better off running as non-admin WITHOUT anti-virus than you are running as admin WITH anti-virus. If your anti-virus/anti-spyware/anti-malware software requires...
  • Blog Post: Fixing "LUA Bugs", Part II

    Fixing "LUA bugs", Part II If ( and only if ) items #1 through #3 (a, b and c) from Fixing LUA bugs, Part I don’t allow your apps to work as normal user, then – and only then – move on to items #4 and #5, which are described in this article, along with their respective benefits and drawbacks. ...
  • Blog Post: Fixing "LUA bugs", Part I

    You have an application that you – or your users – need to run. It’s a normal app – it isn’t designed to perform system administration of your computer, but for some reason, it doesn’t work correctly unless it’s run from an account that has administrator-level access (see “ What is a "LUA Bug"? (And...
  • Blog Post: What is a "LUA Bug"? (And what isn't a LUA bug?)

    First, what is "LUA"? "LUA" is an acronym that variously refers to "Limited User Account", "Least-privileged User Account", "Least User Access", and probably several other clumsy phrases that ultimately indicate a computer user account that cannot make changes that affect other users of the system...
  • Blog Post: I'm Back! Upcoming Posts...

    It's been way too long, but I'm going to force myself to find the time to get more "least-privilege" information posted here. Most of my posts til now have been about ways for those of us who administer our own machines to run Windows as a non-admin, invoking administrator privileges only when truly...
  • Blog Post: Workaround for Shutdown.exe LUA bug

    The "shutdown.exe" command-line utility in Windows XP has a LUA bug that prevents non-admin users from using it to shut down or restart the computer. There is a simple workaround. Shutdown.exe offers a number of command-line options, including the ability to shut down a remote system (assuming you...
  • Blog Post: LUA Whitepaper released

    Microsoft Solutions for Security & Compliance (MSSC) has released a new whitepaper, Applying the Principle of Least Privilege to User Accounts on Windows XP . Get it here: http://go.microsoft.com/fwlink/?LinkId=58445
  • Blog Post: PrivBar source (finally)

    [Aug 15 2008: Click here for updated links and instructions.] Finally, here is the often-requested and long-awaited source code for PrivBar . In the process of code review, I’ve made minor updates to the DLL – which is now at v1.0.2.1 . [2005-10-27: Updated to remove dependency on VC/MFC DLLs.] ...
  • Blog Post: Non-Admin, Live!

    Tech*Ed 2005 in Orlando, FL (USA) will include significant coverage of "non-admin" topics: SEC350 - "Tips and Tricks to Running Windows with Least Privilege" , which I'm presenting, and SEC351 - "Developing with Least Privilege" , presented by G. Andrew Duthie . In addition, Robert Hurlbut...
Page 1 of 2 (40 items) 12