Mac the Knife
9th Sep 2006, 19:13
First, a bit of background.
Like many Windows users (only really for games these days tho') I've struggled with running Windows XP as a simple user (and even as a "power user" as BillG calls it). The problem is that so many applications just don't work properly without admin privileges. Many are carelessly written, but the fact is that much of the time in XP apps. NEED system write access to run properly. "Run as" makes me a different user and is a general pain. It IS eventfully possible to get most things going by tinkering with the ACls, but it's a royal PITA. So much doesn't work properly that I end up running as an administrator in spite of the bad security implications.
I do use Michael Howard's DropMyRights - http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp - and it works well with Firefox, but Outlook can't cope. Possibly I could get it running with a bit of fiddling, but I can't be bothered - particularly as I'm leaving Windows behind these days. The shell extension for DropMyRights, written by hofi (see http://blogs.msdn.com/michael_howard/archive/2004/12/23/331606.aspx and http://www.freeweb.hu/hofi/Programming/Vcl/VclComponentsHu.php ) is pretty cute.
But it isn't good enough. That might just BE good enough is sudoWn.
sudoWn - http://sudown.mine.nu/ - is a GPL (free) piece of software that allows the temporary elevation of a users rights in order to perform administrative or install functions.
"The sudoWn project can execute individual programs (or even a whole Windows shell) with temporary Administrator privileges under your user profile. This means you can use a low privileged environment and elevate your rights transitionally for software installation or systemwide configuration comfortably."
How it works
"The sudoWn tool consists of a Windows system service and a client component. The service waits for a signal from the client after which it places the current logged in user from the Users Group to the Administrators Group(this only happens if the current user is a member of the local Sudoers group so non-sudoers can't elevate rights). The service then notifies the client that it is time to launch the process. The client launches the process in a similar way to Run as... but in the name of the current logged in and now admin privileged user. Just after the process starts the service immediately removes the user account from the Administrators group."
I think it looks extremely cool
PS: For non-Linux/UNIX people, sudo is a Linux command that allows temporary elevation of privileges to perform some admin. tasks.
Like many Windows users (only really for games these days tho') I've struggled with running Windows XP as a simple user (and even as a "power user" as BillG calls it). The problem is that so many applications just don't work properly without admin privileges. Many are carelessly written, but the fact is that much of the time in XP apps. NEED system write access to run properly. "Run as" makes me a different user and is a general pain. It IS eventfully possible to get most things going by tinkering with the ACls, but it's a royal PITA. So much doesn't work properly that I end up running as an administrator in spite of the bad security implications.
I do use Michael Howard's DropMyRights - http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp - and it works well with Firefox, but Outlook can't cope. Possibly I could get it running with a bit of fiddling, but I can't be bothered - particularly as I'm leaving Windows behind these days. The shell extension for DropMyRights, written by hofi (see http://blogs.msdn.com/michael_howard/archive/2004/12/23/331606.aspx and http://www.freeweb.hu/hofi/Programming/Vcl/VclComponentsHu.php ) is pretty cute.
But it isn't good enough. That might just BE good enough is sudoWn.
sudoWn - http://sudown.mine.nu/ - is a GPL (free) piece of software that allows the temporary elevation of a users rights in order to perform administrative or install functions.
"The sudoWn project can execute individual programs (or even a whole Windows shell) with temporary Administrator privileges under your user profile. This means you can use a low privileged environment and elevate your rights transitionally for software installation or systemwide configuration comfortably."
How it works
"The sudoWn tool consists of a Windows system service and a client component. The service waits for a signal from the client after which it places the current logged in user from the Users Group to the Administrators Group(this only happens if the current user is a member of the local Sudoers group so non-sudoers can't elevate rights). The service then notifies the client that it is time to launch the process. The client launches the process in a similar way to Run as... but in the name of the current logged in and now admin privileged user. Just after the process starts the service immediately removes the user account from the Administrators group."
I think it looks extremely cool
PS: For non-Linux/UNIX people, sudo is a Linux command that allows temporary elevation of privileges to perform some admin. tasks.