Having been nagged (again) by our experts to use a non-admin account for everyday use I find I am unable to have Avast and ZoneAlarm run at log-on. No sign of them in the sys tray and with the exe's in the startup folder for the profile they only run if I swap the 'limited' for an 'admin' status. Right now I am on-line with no AV or Firewall!

Use "SudoWin"

Sudo for Windows | Get Sudo for Windows at SourceForge.net (http://sourceforge.net/projects/sudowin/)

See Using sudowin to grant administrator privileges in Windows (http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1281756,00.html) or Google sudowin

Works like a charm

Mac

Thanks Mac - downloading for a run now. Is that REALLY the only way to install and run any protection in a limited account? Seems a big *** up my MS (not the first.....)

Not surprised I have 'resisted' up to now:}

EDIT: Installed, but a bit stuck on getting it running! Not a lot of help for simpletons. Have you use it? Your first link said 'file not found' and Google has produced nothing so far.

You'll need the .NET framework 2.0. You can download it from the microsoft site (http://msdn.microsoft.com/netframework/downloads/updates/default.aspx) if you don't already have it (be sure to download the redistributable package not the software development kit). Here is a direct link (http://www.microsoft.com/downloads/thankyou.aspx?familyId=0856eacb-4362-4b0d-8edd-aab15c5e04f5&displayLang=en&oRef=http%3a%2f%2fmsdn.microsoft.com%2fnetframework%2fdownlo ads%2fupdates%2fdefault.aspx) if you are running a 32 bit Intel or AMD machine. If you already have the .NET framework 1.0 or 1.1, it will prompt you during the installation and offer you the possibility to download and install the 2.0 version without interrupting the installation.
Install Sudowin. Remember to do this from an account with administrative privileges (you can use the methods described earlier to run the installation with enough privileges).
Using a notepad with administrative privileges edit the sudoers.xml file located in the Server subdirectory of the install directory (this is C:\Program Files\sudowin by default or C:\Program Files (x86)\sudowin on 64 bit systems). Go to the users section and add the users you want to have sudo capabilities (remember to enter the names in the format of <domain or="" computer="">\<username>. If you are a home user, you can find out your complete name by entering whoami at the command prompt). Now go towards the end and enter the commands which you want to be able to run with elevated privileges. Also look around the file and change other settings to fir your need. Save the file.
Use the command runas /user:Administrator "cmd /c start lusrmgr.msc" (assuming that Administrator is a user with administrative privileges to which you know the password) to display the user management console (anyone else finds the name funny?). Go to each user you want to be able to perform sudo and add them to the Sudoers group which was created by sudowin during the installation (you can do this by right clicking on them, clicking properties, going to the "Member of" tab, clicking Add, writing Sudoers and clicking Ok).
Use the command runas /user:Administrator "cmd /c start services.msc", find the sudowin service and restart it.Now you're good to go. Remember that you must enter your password when asked by sudo!

Also see the forums at SourceForge.net: Sudo for Windows: Topics for Help (http://sourceforge.net/projects/sudowin/forums/forum/480629)

Mac

PS: This is SMHAM2.ORG! (http://www.smham2.org/articles/sudowin.html) has a good simple tutorial.

That last tutorial was definitely the best, but I am getting an 'unhandled exception' whenever I try to run it.

If I run command line I get a request for a passphrase which I have not set.

I was amused by this from the PDF:

". Implementation
Sudowin is a complex product that provides a simple
solution to an intricate problem. Luckily for the end-user,
implementing sudowin on a desktop is quite easy."

I am stumped and unless there is another way to protect a limited user on-line I do not wish to take up your valuable time here - thanks for the stuff so far. I revert, I'm afraid, to admin user.

I haven't got a copy of XP with me.

Can't you set the "run as administrator" flag when your logged in as administrator and then when you log it does.

There should be a way of starting it as a service on startup with out all this buisness about sudo.

Now is this user you are using a new user account or just the old one which you have reduced the previleges of?

You might find with a brand new account it it will all work fine.

Jock - thanks! That worked for Avast but I cannot get Zonealarm to similarly allow control to the limited user.

Can you run them as a Service?

Sophos AV runs as a service on all my PCs, and has its own service account for this purpose. All our accounts are user-level only, and have no problems.

SD

Zonealarm has an option that it can be run on startup. You need to log in as the admin account and have a good look for it in the options.

Then it should start as a service.

"If I run command line I get a request for a passphrase which I have not set."

Use you (now limited) account login as before

Mac

Avast has a service and is set to start auto. ZA does not. The option to start with Windows there is selected to no avail. I am quite frankly very near giving up and going back to relying on 3 or 4 'condoms' to protect me:)

Windows NEEDS something like Sudo (if only....). I can understand why the writer produced the prog as it is since he has 'donated it' to the world, but it needs support. MS should build it into the OS.

I cannot set things like msconfig so that I can run it as a LU: I do not seem to be able to change folder view etc etc - I DO appreciate that is the whole point of 'limiting' access but why is there no way around the admin setting access for a LU via the OS?

I appreciate all the help here, folks, but I am reverting to a 'sinner', I fear.

If you have Windows defender and windows firewall you don't really need Zonealarm. Your Avast is doing 95% of your protection and those other 2 will do the rest and you also have proberly a firewall on your DSL router as well.

The fact you are running in a none admin account is worth far more in security than any other feature on your machine.

Having to many devices scanning everything can slow your system down to a snails pace as well.

I will bow to the others though as this windows7 machine is the first decent windows OS I have played with since NT4. All I have got on it is avast and windows firewall and Defender.

I am running it in a normal user account though not the one which the installation though I should use. WHich I think is half the problem people follow the instructions and it leaves them in a admin account. If it rebooted like a linux OS forcing you into a normal user account it would save folk a heap of problems

Configure things as an admin equivalent, then demote the account to User level when you have it right.

SD

SD - I'm pretty sure I tried that and I think that it did not work as I hoped. I will try again. Is this any better in 7?

Not sure about 7, TBH.

SD

Never played with XP but so far (touch wood) win7 hasn't pissed me off yet unlike vista used to do daily

Its very linux-esk if you want to do something that requires admin rights in a normal user account it asks you for an admin password and away you go.

If you want to run a program with admin rights again it asks for the password and it toddles off quiet happy.

The compatability modes run really well as well. None of the cheap games I have tried to run have fallen foul yet.

You can even turn the bitching off which says you system is insecure becuase you haven't tick the auto update box.

News not good - again! Up to admin status, all set nicely, ZA, Avast running on boot, Classic folder view, file details, dorky sounds off, reset to limited status, reboot - that lovely MS tune again, ZA and Avast absent. I give up!